Prosim o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

skmirosk
nováček
Příspěvky: 9
Registrován: březen 18
Pohlaví: Muž
Stav:
Offline

Prosim o kontrolu logu

Příspěvekod skmirosk » 05 bře 2018 15:13

Dobrý deń

vedel by mi prosím niekto prekontrolovať log?

Ďakujem

-starší notebook MSI, vista home premium,

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:01:47, on 05.03.2018
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)


Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
D:\programy\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\totalcmd\TOTALCMD.EXE
D:\STAHOVANIE\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp-006&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?bcutc=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?bcutc=sp-006&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?bcutc=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {e802027b-1f2b-40bd-b307-0bd96d036835} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {e802027b-1f2b-40bd-b307-0bd96d036835} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RemoteControl] D:\programy\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] D:\programy\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [MagicPlusHelper] "C:\Program Files\MagicPlus\MagicPlus_helper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-396186892-2409389147-1617325887-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-396186892-2409389147-1617325887-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-396186892-2409389147-1617325887-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-396186892-2409389147-1617325887-1000\..\Run: [rundll32st.exe] (User '?')
O4 - S-1-5-21-396186892-2409389147-1617325887-1000 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - D:\programy\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9581 bytes

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 05 bře 2018 17:12

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Skenovat nyní
- po proběhnutí programu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

skmirosk
nováček
Příspěvky: 9
Registrován: březen 18
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod skmirosk » 05 bře 2018 17:57

Ďakujem za radu.

Robil som to podľa postupu až po ADWCLEANER - prikladám ten log. (ďalej som zatiaľ nepokračoval).
ADW keď skončil tak našiel tieto výsledky:
PUP.Optional.legacy
PUP.Optional.DriverDoc
PUP.Adware.Heuristic

-zatiaľ som nedával vyčistiť - počkám až čo poviete


# AdwCleaner 7.0.8.0 - Logfile created on Mon Mar 05 16:47:12 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 03-02-2018.1
# Running on Windows Vista (TM) Home Premium (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\ProgramData\Yahoo! Companion
PUP.Optional.Legacy, C:\ProgramData\Application Data\Yahoo! Companion
PUP.Optional.Legacy, C:\Users\All Users\Yahoo! Companion
PUP.Optional.Legacy, C:\Program Files\DAEMON Tools Toolbar
PUP.Optional.Legacy, C:\Users\Miro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbitum
PUP.Optional.Legacy, C:\Program Files\Yahoo!\Companion
PUP.Adware.Heuristic, C:\ProgramData\85277938


***** [ Files ] *****

PUP.Optional.Legacy, C:\Program Files\Yahoo!\Common\unyt.exe
PUP.Optional.Legacy, C:\Users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\fcedv45x.default\searchplugins\daemon-search.xml


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-396186892-2409389147-1617325887-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-396186892-2409389147-1617325887-1000\Software\dt soft\daemon tools toolbar
PUP.Optional.Legacy, [Key] - HKCU\Software\dt soft\daemon tools toolbar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-396186892-2409389147-1617325887-1000\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-396186892-2409389147-1617325887-1000\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-396186892-2409389147-1617325887-1000\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks | {EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
PUP.Optional.Legacy, [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | {32099AAC-C132-4136-9E9A-4E364A424E17}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
PUP.Optional.DriverDoc, [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 05 bře 2018 18:54

Ještě Malwarebytes' Anti-Malware.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Skenování“ , po prohledání klikni na „ Čištění

Program provede opravu, po automatickém restartu klikni na „Log soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

skmirosk
nováček
Příspěvky: 9
Registrován: březen 18
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod skmirosk » 05 bře 2018 21:09

Zdravím

1. bude vložený log z adwcleaner po reštarte
2. potom som inštaloval ten Malwarebytes bola to verzia 3.3.1.2183. po nainštalovaní vyskočí okno UNABLE TO START a v tom okne je napísané UNABLE TO CONNECT THE SERVICE. - tak som to odinštaloval a skúšal inštalovať aj v safe mode ale bolo to to isté.
3.je log z JRT - aj ten mal nejaký problém - Validating restore point........Skipped due to WMI error: 0x80080005.
potom to ešte pokračovalo.

# AdwCleaner 7.0.8.0 - Logfile created on Mon Mar 05 18:45:43 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows Vista (TM) Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\Yahoo! Companion
Deleted: C:\ProgramData\Application Data\Yahoo! Companion
Deleted: C:\Users\All Users\Yahoo! Companion
Deleted: C:\Program Files\DAEMON Tools Toolbar
Deleted: C:\Users\Miro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbitum
Deleted: C:\Program Files\Yahoo!\Companion
Deleted: C:\ProgramData\85277938


***** [ Files ] *****

Deleted: C:\Program Files\Yahoo!\Common\unyt.exe
Deleted: C:\Users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\fcedv45x.default\searchplugins\daemon-search.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Deleted: [Key] - HKU\S-1-5-21-396186892-2409389147-1617325887-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Deleted: [Key] - HKU\S-1-5-21-396186892-2409389147-1617325887-1000\Software\dt soft\daemon tools toolbar
Deleted: [Key] - HKCU\Software\dt soft\daemon tools toolbar
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-396186892-2409389147-1617325887-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-396186892-2409389147-1617325887-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-396186892-2409389147-1617325887-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Deleted: [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [7611 B] - [2018/3/5 16:47:12]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########


JRT:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows Vista (TM) Home Premium x86
Ran by Miro (Administrator) on 05.03.2018 at 20:50:34,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 17

Successfully deleted: C:\ProgramData\trymedia (Folder)
Successfully deleted: C:\Users\Miro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SSUU66R (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29EUM0RR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YG8IWDO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JDGBW7Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW3O239X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUMRCW94 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB20X6BV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Miro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOY50RRN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SSUU66R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\29EUM0RR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YG8IWDO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9JDGBW7Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CW3O239X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUMRCW94 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB20X6BV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOY50RRN (Temporary Internet Files Folder)



Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E802027B-1F2B-40BD-B307-0BD96D036835} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e802027b-1f2b-40bd-b307-0bd96d036835} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.03.2018 at 20:56:02,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 05 bře 2018 22:30

malwarebytes už má s vistou asi problémy..

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

skmirosk
nováček
Příspěvky: 9
Registrován: březen 18
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod skmirosk » 06 bře 2018 20:26

Dobrý večer

tak som zase kúsok pokročil.

-stiahol som ten SOPHOS virus removal tool.
prebehlo to vporiadku a našiel 1 chybu TROJ/KEYGEN-ZO bolo to v keygen.exe pri winrar tak som to vymazal

- potom som stiahol a nainštaloval ten RogueKiller všetko prebehlo OK prikladam log. (našiel 3 veci) - mám stlačiť aj REMOVE SELECTED? (zaškrknutá je iba položka Hiden.ADS Stream Windows:1BE66330B8
D74D0B


LOG:
RogueKiller V12.12.7.0 [Mar 5 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6000) 32 bits version
Started in : Normal mode
User : Miro [Administrator]
Started from : C:\Users\Miro\Desktop\RogueKiller_portable32.exe
Mode : Scan -- Date : 03/06/2018 18:14:34 (Duration : 01:20:11)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{8B9A2A56-55A7-4A3D-8A3F-A0D3EED7477D} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YMERemote.dll) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Hidden.ADS][Stream] C:\Windows:1BE66330B8D74D0B -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchEngine][Firefox:Config] fcedv45x.default : user_pref("browser.search.selectedEngine", "DAEMON Search"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] e72f72681e18bafcb2c5cf6d4624c40b
[BSP] 5113227c6308787c14fff79accccbdc6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 50000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 102402048 | Size: 255243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Ďakujem

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 06 bře 2018 21:06

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe

klik nahoře vpravo na .rar-file a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

skmirosk
nováček
Příspěvky: 9
Registrován: březen 18
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod skmirosk » 06 bře 2018 23:12

Dobrý večer

všetky programy (roguekiller, zoek, zemana aj combofix) prebehli v pohode. žiaden problém s inštaláciou ani s priebehom. Prikladám logy.

RogueKiller V12.12.7.0 [Mar 5 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6000) 32 bits version
Started in : Normal mode
User : Miro [Administrator]
Started from : C:\Users\Miro\Desktop\RogueKiller_portable32.exe
Mode : Delete -- Date : 03/06/2018 18:14:34 (Duration : 01:20:11)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{8B9A2A56-55A7-4A3D-8A3F-A0D3EED7477D} (C:\Program Files\Yahoo!\Companion\Installs\cpn\YMERemote.dll) -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Hidden.ADS][Stream] C:\Windows:1BE66330B8D74D0B -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.SearchEngine][Firefox:Config] fcedv45x.default : user_pref("browser.search.selectedEngine", "DAEMON Search"); -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] e72f72681e18bafcb2c5cf6d4624c40b
[BSP] 5113227c6308787c14fff79accccbdc6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 50000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 102402048 | Size: 255243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

----------------------------------------------------------------------------
ĎALŠÍ
----------------------------------------------------------------------------

Zoek.exe v5.0.0.2 Updated 21-Februari-2018(online version)
Tool run by Miro on 06.03.2018 at 22:15:33,30.

Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Miro\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

Failed to create System Restore Point

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e802027b-1f2b-40bd-b307-0bd96d036835} deleted successfully
HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{e802027b-1f2b-40bd-b307-0bd96d036835} deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\fcedv45x.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.sk");

Added to C:\Users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\fcedv45x.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Miro\AppData\Roaming\Philips-Songbird\Profiles\3f3i7ogu.default\prefs.js:

Added to C:\Users\Miro\AppData\Roaming\Philips-Songbird\Profiles\3f3i7ogu.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\fcedv45x.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Miro\AppData\Roaming\Philips-Songbird\Profiles\3f3i7ogu.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\fcedv45x.default
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi

ProfilePath: C:\Users\Miro\AppData\Roaming\Philips-Songbird\Profiles\3f3i7ogu.default
- Artwork Extras - C:\Program Files\Philips\Philips Songbird\extensions\albumart@songbirdnest.com
- CD Rip Support - C:\Program Files\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com
- AAC Decoding Support - C:\Program Files\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com
- MP3 Encoding Support - C:\Program Files\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com
- File association - C:\Program Files\Philips\Philips Songbird\extensions\fileassociation@philips.com
- Philips GoGear Device Manager - C:\Program Files\Philips\Philips Songbird\extensions\gogear@songbirdnest.com
- gonzo - C:\Program Files\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com
- Fornecedor da pesquisa de metadados Gracenote - C:\Program Files\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com
- Slovak sk Language Pack - C:\Program Files\Philips\Philips Songbird\extensions\langpack-sk@songbirdnest.com
- mashTape - C:\Program Files\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com
- MSC Device Support - C:\Program Files\Philips\Philips Songbird\extensions\msc@songbirdnest.com
- MTP Device Support - C:\Program Files\Philips\Philips Songbird\extensions\mtp@songbirdnest.com
- Philips addon manager - C:\Program Files\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com
- Philips auto msc-mtp switch - C:\Program Files\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com
- Philips Skin - C:\Program Files\Philips\Philips Songbird\extensions\philips-skin@philips.com
- Philips UI - C:\Program Files\Philips\Philips Songbird\extensions\philips-ui@philips.com
- Purple Rain - C:\Program Files\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com
- Philips Promotions - C:\Program Files\Philips\Philips Songbird\extensions\philips-promotions@philips.com
- Philips Branding - C:\Program Files\Philips\Philips Songbird\extensions\philips-branding@philips.com
- LikeMusic - C:\Program Files\Philips\Philips Songbird\extensions\philips-likemusic@philips.com
- QuickTime Playback - %ProfilePath%\extensions\quicktime@songbirdnest.com
- Windows Media Playback - %ProfilePath%\extensions\windowsmedia@songbirdnest.com

AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\fcedv45x.default
81FB8AE9ECFAC813A81867DFCB5B1F3B - C:\Program Files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll - Adobe Acrobat
260488E2BC07C276D1EDD54CCA086809 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
6745B601D1F1FAB82C7AF08B20250D85 - C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll - Google Update
A4315454EE75C8E8C0653457B642965A - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
E66F6F44C9776287C4DD57EB30F33191 - C:\Windows\system32\Macromed\Flash\NPSWF32_28_0_0_161.dll - Shockwave Flash


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?bcutc=sp-006"
"SearchMigratedDefaultURL"="http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7"
"SEARCH PAGE"="https://www.google.com/search?bcutc=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?bcutc=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?bcutc=sp-006"
"Search Page"="https://www.google.com/search?bcutc=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?bcutc=sp-006"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"SearchMigratedDefaultURL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SEARCH PAGE"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{A0789094-A5EA-40A7-B02B-7ABAEEE48EC6} - http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?bcutc=sp-006&q={searchTerms}

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Users\Miro\AppData\LocalLow\Mozilla\Temp-{4dbf223a-f866-47a0-8353-5c2e18090954}\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Miro\AppData\Local\Mozilla\Firefox\Profiles\fcedv45x.default\cache2 emptied successfully
C:\Users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\fcedv45x.default\storage\default\https+++www.youtube.com\cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Miro\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Miro\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Miro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 06.03.2018 at 22:26:25,82 ======================

---------------------------------------------------------------
ĎALŠÍ
---------------------------------------------------------------

Zemana AntiMalware 2.74.2.150 (inštalačná verzia)

-------------------------------------------------------
Scan Result : Dokončené
Scan Date : 2018.3.6
Operating System : Windows Vista 32-bit
Processor : 2X Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
BIOS Mode : Legacy
CUID : 12EC259BBA762D5EE11A3E
Scan Type : Kontrola systému
Duration : 6m 58s
Scanned Objects : 40723
Detected Objects : 7
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuté
Detect All Extensions : Vypnuté
Scan Documents : Vypnuté
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Tabs Hijack (System)
Status : Skontrolované
Object : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Potenciálne nechcená modifikácia
Cleaning Action : Opraviť
Related Objects :
Záznam registra - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\Tabs = about:newtab

Firefox Search
Status : Skontrolované
Object : DAEMON Search - http://daemon-search.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search

Firefox Search
Status : Skontrolované
Object : Zoznam - http://zoznam.sk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search

Firefox Search
Status : Skontrolované
Object : Slovnik.sk (EN-SK) - http://slovnik.azet.sk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search

Firefox Search
Status : Skontrolované
Object : Dunaj - http://dunaj.sk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search

Firefox Search
Status : Skontrolované
Object : Atlas - http://atlas.sk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search

Firefox Search
Status : Skontrolované
Object : Azet - http://azet.sk
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podozrivé nastavenie prehliadača
Cleaning Action : Opraviť
Related Objects :
Nastavenie prehliadača - Firefox Search


Cleaning Result
-------------------------------------------------------
Cleaned : 7
Reported as safe : 0
Failed : 0


------------------------------------------------------------------------
ĎALŠÍ
-----------------------------------------------------------------------

ComboFix 18-02-16.01 - Miro 06.03.2018 22:44:32.1.2 - x86
Running from: c:\users\Miro\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\drv\Tuner\Yuan\Resources\_desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2018-02-06 to 2018-03-06 )))))))))))))))))))))))))))))))
.
.
2018-03-06 21:52 . 2018-03-06 21:57 -------- d-----w- c:\users\Miro\AppData\Local\temp
2018-03-06 21:29 . 2018-03-06 21:29 181496 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2018-03-06 21:29 . 2018-03-06 21:29 181496 ----a-w- c:\windows\system32\drivers\zam32.sys
2018-03-06 21:29 . 2018-03-06 21:29 -------- d-----w- c:\program files\Zemana AntiMalware
2018-03-06 21:29 . 2018-03-06 21:29 -------- d-----w- c:\users\Miro\AppData\Local\Zemana
2018-03-06 21:23 . 2018-03-06 21:15 24064 ----a-w- c:\windows\zoek-delete.exe
2018-03-06 21:15 . 2018-03-06 21:15 -------- d-----w- C:\zoek_backup
2018-03-06 17:14 . 2018-03-06 17:14 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-03-06 17:13 . 2018-03-06 21:13 -------- d-----w- c:\programdata\RogueKiller
2018-03-06 16:15 . 2018-03-06 16:15 -------- d-----w- c:\programdata\Sophos
2018-03-06 16:14 . 2018-03-06 16:14 -------- d-----w- c:\program files\Sophos
2018-03-05 19:42 . 2018-03-05 19:42 -------- d-----w- c:\users\Miro\AppData\Local\GHISLER
2018-03-05 16:49 . 2018-03-05 16:49 -------- d-----w- c:\users\Miro\AppData\Local\CEF
2018-03-05 16:44 . 2018-03-05 19:00 -------- d-----w- C:\AdwCleaner
2018-03-05 16:40 . 2018-03-05 16:40 -------- d-----w- c:\users\Miro\AppData\Local\Macromedia
2018-03-05 13:37 . 2018-03-05 13:37 -------- d-----w- c:\users\Miro\AppData\Roaming\AVAST Software
2018-03-05 13:33 . 2018-03-05 13:33 -------- d-----w- C:\bb75a9b370686b794bbe3989
2018-03-05 13:31 . 2018-03-05 13:31 -------- d-----w- c:\program files\AVAST Software
2018-03-05 12:12 . 2018-03-05 12:12 -------- d-----w- C:\ac7a5dcec146b6e42de99645ae
2018-03-04 21:24 . 2018-03-04 21:24 -------- d-----w- C:\ab1cdc872175b466019da3c9
2018-03-04 15:08 . 2018-03-04 15:08 -------- d-----w- C:\08ff66fd2ef897c8a2
2018-02-20 12:28 . 2018-02-20 12:28 -------- d-----w- C:\88a537bf71a51b88d2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-02-06 14:44 . 2013-10-18 14:11 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-02-06 14:44 . 2013-10-18 14:11 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-03-05 13:32 1370328 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-01-24 1232896]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-24 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-24 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-13 6335008]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-13 1833504]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"RemoteControl"="d:\programy\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="d:\programy\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-01-25 380416]
"MagicPlusHelper"="c:\program files\MagicPlus\MagicPlus_helper.exe" [2016-03-22 2499208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-05 245608]
"ZAM"="c:\program files\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
c:\users\Miro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 13:42 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\fcedv45x.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-rundll32st.exe - (no file)
HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - c:\windows\system32\hkcmd.exe
HKLM-Run-Persistence - c:\windows\system32\igfxpers.exe
SafeBoot-Wdf01000.sys
SafeBoot-MBAMService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2018-03-06 22:56
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\d:\programy\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\@*Űq*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\Trend Micro Internet Security (x86)*ro Internet Security (x86)]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\Trend Micro Internet Security (x86) ro Internet Security (x86)\eh†r ˆĐT
ĐT
ĐT
ĐT
ĐT
ĐT
ĐT
ĐT
ĐT
ĐT
ĐT
ĐT
ĐT
ĐT
ĐT
ĐT
h†rs ˆcom.avast.analytics.proto.blob.tuneup.TriggerType řro €]
"cl"=dword:00000003
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4764)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\windows\ehome\ehmsas.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2018-03-06 23:00:54 - machine was rebooted
ComboFix-quarantined-files.txt 2018-03-06 22:00
.
Pre-Run: 17 402 789 888 bytes free
Post-Run: 17 352 044 544 bytes free
.
- - End Of File - - 59968437F32B591BC11A7A54EC17E407
8F558EB6672622401DA993E1E865C861


Ďakujem

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod jaro3 » 06 bře 2018 23:23

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

RegLock::
[HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\@*Űq *]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\Trend Micro Internet Security (x86)*ro Internet Security (x86)]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\Trend Micro Internet Security (x86) ro Internet Security (x86)\eh†r ˆĐ¬T
ЬT
ЬT
ЬT
ЬT
ЬT
ЬT
ЬT
ЬT
ЬT
ЬT
ЬT
ЬT
ЬT
ЬT
ЬT
 h†rs ˆcom.avast.analytics.proto.blob.tuneup.TriggerType řro €]
"cl"=dword:00000003
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.


zítra..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

skmirosk
nováček
Příspěvky: 9
Registrován: březen 18
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod skmirosk » 07 bře 2018 00:19

prikladám logy. zajtra som dlho v robote tak sa k tomu dostanem až okolo 21.00. takže to neponáhľa. ďakujem


ComboFix 18-02-16.01 - Miro 06.03.2018 23:46:05.2.2 - x86
Microsoft« Windows VistaÖ Home Premium 6.0.6000.0.1250.421.1051.18.3070.1915 [GMT 1:00]
Running from: c:\users\Miro\Desktop\ComboFix.exe
Command switches used :: c:\users\Miro\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Desktop\Secret Service.lnk
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_WKERNEL.syl
c:\windows\system32\DEBUG.log
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2018-02-06 to 2018-03-06 )))))))))))))))))))))))))))))))
.
.
2018-03-06 22:52 . 2018-03-06 22:55 -------- d-----w- c:\users\Miro\AppData\Local\temp
2018-03-06 22:52 . 2018-03-06 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-03-06 21:29 . 2018-03-06 21:29 181496 ----a-w- c:\windows\system32\drivers\zamguard32.sys
2018-03-06 21:29 . 2018-03-06 21:29 181496 ----a-w- c:\windows\system32\drivers\zam32.sys
2018-03-06 21:29 . 2018-03-06 21:29 -------- d-----w- c:\program files\Zemana AntiMalware
2018-03-06 21:29 . 2018-03-06 21:29 -------- d-----w- c:\users\Miro\AppData\Local\Zemana
2018-03-06 21:23 . 2018-03-06 21:15 24064 ----a-w- c:\windows\zoek-delete.exe
2018-03-06 21:15 . 2018-03-06 21:15 -------- d-----w- C:\zoek_backup
2018-03-06 17:14 . 2018-03-06 17:14 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2018-03-06 17:13 . 2018-03-06 21:13 -------- d-----w- c:\programdata\RogueKiller
2018-03-06 16:15 . 2018-03-06 16:15 -------- d-----w- c:\programdata\Sophos
2018-03-06 16:14 . 2018-03-06 16:14 -------- d-----w- c:\program files\Sophos
2018-03-05 19:42 . 2018-03-05 19:42 -------- d-----w- c:\users\Miro\AppData\Local\GHISLER
2018-03-05 16:49 . 2018-03-05 16:49 -------- d-----w- c:\users\Miro\AppData\Local\CEF
2018-03-05 16:44 . 2018-03-05 19:00 -------- d-----w- C:\AdwCleaner
2018-03-05 16:40 . 2018-03-05 16:40 -------- d-----w- c:\users\Miro\AppData\Local\Macromedia
2018-03-05 13:37 . 2018-03-05 13:37 -------- d-----w- c:\users\Miro\AppData\Roaming\AVAST Software
2018-03-05 13:33 . 2018-03-05 13:33 -------- d-----w- C:\bb75a9b370686b794bbe3989
2018-03-05 13:31 . 2018-03-05 13:31 -------- d-----w- c:\program files\AVAST Software
2018-03-05 12:12 . 2018-03-05 12:12 -------- d-----w- C:\ac7a5dcec146b6e42de99645ae
2018-03-04 21:24 . 2018-03-04 21:24 -------- d-----w- C:\ab1cdc872175b466019da3c9
2018-03-04 15:08 . 2018-03-04 15:08 -------- d-----w- C:\08ff66fd2ef897c8a2
2018-02-20 12:28 . 2018-02-20 12:28 -------- d-----w- C:\88a537bf71a51b88d2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-02-06 14:44 . 2013-10-18 14:11 803328 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2018-02-06 14:44 . 2013-10-18 14:11 144896 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2018-03-05 13:32 1370328 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-01-24 1232896]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-24 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-24 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-13 6335008]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-13 1833504]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"RemoteControl"="d:\programy\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="d:\programy\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-01-25 380416]
"MagicPlusHelper"="c:\program files\MagicPlus\MagicPlus_helper.exe" [2016-03-22 2499208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2018-03-05 245608]
"ZAM"="c:\program files\Zemana AntiMalware\ZAM.exe" [2017-08-09 15775888]
.
c:\users\Miro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 13:42 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Miro\AppData\Roaming\Mozilla\Firefox\Profiles\fcedv45x.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\d:\programy\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\@*█q*]
@Allowed: (Read) (RestrictedCode)
"cl"=dword:00000003
.
[HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\Trend Micro Internet Security (x86)*ro Internet Security (x86)]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-396186892-2409389147-1617325887-1000\Trend Micro Internet Security (x86) ro Internet Security (x86)\ehćr łđT
đT
đT
đT
đT
đT
đT
đT
đT
đT
đT
đT
đT
đT
đT
đT
hćrs łcom.avast.analytics.proto.blob.tuneup.TriggerType °ro Ç]
"cl"=dword:00000003
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4992)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2018-03-06 23:59:03 - machine was rebooted
ComboFix-quarantined-files.txt 2018-03-06 22:59
ComboFix2.txt 2018-03-06 22:00
.
Pre-Run: 17á262á043á136 bytes free
Post-Run: 16á726á949á888 bytes free
.
- - End Of File - - 6AF1637FB7273872FAC4F4A784B7BB9B
8F558EB6672622401DA993E1E865C861


------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:19:25, on 07.03.2018
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
D:\programy\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\Zemana AntiMalware\ZAM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\STAHOVANIE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RemoteControl] D:\programy\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] D:\programy\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [MagicPlusHelper] "C:\Program Files\MagicPlus\MagicPlus_helper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [ZAM] "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - D:\programy\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files\Zemana AntiMalware\ZAM.exe

--
End of file - 8021 bytes

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosim o kontrolu logu

Příspěvekod Orcus » 07 bře 2018 08:01

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Prosím stáhni příslušnou bitovou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)

http://www.bleepingcomputer.com/downloa ... scan-tool/

Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů