Prosím o kontrolu - vyskakující okna, automatické zavírání prohlížeče, spousta reklam

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

marac
nováček
Příspěvky: 12
Registrován: říjen 15
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - vyskakující okna, automatické zavírání prohlížeče, spousta reklam

Příspěvekod marac » 08 říj 2015 19:21

RogueKiller V10.10.9.0 [Oct 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7600) 64 bits version
Spuštěno : Normální režim
Uživatel : Marek [Práva správce]
Started from : C:\Users\Marek\Downloads\RogueKiller.exe
Mód : Smazat -- Datum : 10/08/2015 19:20:40

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2943947459-2373934535-959250274-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nahrazeno (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2943947459-2373934535-959250274-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Nahrazeno (http://search.msn.com/spbasic.htm)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 6 (Driver: Nenahrán [0xc000036b]) ¤¤¤
[IAT:Addr(Hook.IEAT)] (chrome.exe) kernel32.dll - CreateNamedPipeW : Unknown @ 0x2a0010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) kernel32.dll - CreateNamedPipeW : Unknown @ 0x2a0010
[IAT:Addr(Hook.IEAT)] (chrome.exe) kernel32.dll - CreateNamedPipeW : Unknown @ 0x670010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) kernel32.dll - CreateNamedPipeW : Unknown @ 0x670010
[IAT:Addr(Hook.IEAT)] (chrome.exe) kernel32.dll - CreateNamedPipeW : Unknown @ 0x530010
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) kernel32.dll - CreateNamedPipeW : Unknown @ 0x530010

¤¤¤ Webové prohlížeče : 3 ¤¤¤
[PUP][FIREFX:Addon] xllezto5.default : FF Toolbar [fftoolbar2014@etech.com] -> Nevybráno
[PUP][FIREFX:Addon] xllezto5.default : CinemaP-1.4c [23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com] -> Nevybráno
[PUP][FIREFX:Addon] xllezto5.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Nevybráno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] ab46a606e678b66dcbb0d94b8b24089a
[BSP] 2363a0bc84f7d9d0c8b2d96ec0bfb3b3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 715302 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - vyskakující okna, automatické zavírání prohlížeče, spousta reklam

Příspěvekod jaro3 » 08 říj 2015 21:16

Platform: Windows 7 --- doinstaluj si SP1!

+
zoek.

+
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

+
Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

marac
nováček
Příspěvky: 12
Registrován: říjen 15
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - vyskakující okna, automatické zavírání prohlížeče, spousta reklam

Příspěvekod marac » 09 říj 2015 10:05

Zoek.exe v5.0.0.1 Updated 08-October-2015
Tool run by Marek on źt 08.10.2015 at 19:25:56,76.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marek\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8.10.2015 19:29:40 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\1506d757-ae7d-4941-b122-7882980593ca deleted successfully
C:\PROGRA~2\69178466-0413-4390-b29a-155a34322967 deleted successfully
C:\PROGRA~2\866d0873-6818-484f-b21a-8e27e7eb6cce deleted successfully
C:\PROGRA~2\Feed Notifier deleted successfully
C:\PROGRA~2\Lenovo deleted successfully
C:\PROGRA~3\firebird deleted successfully
C:\Users\Marek\AppData\Local\GHISLER deleted successfully
C:\Users\Marek\AppData\Local\Lenovo deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\xllezto5.default\prefs.js:

Added to C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\xllezto5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\xllezto5.default

user.js not found
---- Lines a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781 removed from prefs.js ----
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.coma23fb8bb3ac214230bbfa49b94968
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.coma23fb8bb3ac214230bbfa49b94968
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.comasyncdb_dbWasSet", true);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.comasyncdb_dbWasSet_FF25_FIX", t
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.comasyncinternaldb_dbWasSet", tr
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.comasyncinternaldb_dbWasSet_FF25
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.active", true);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.addressbar", "NA");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.addressbarenhanced", "");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.asyncdb.was_copied", "true");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.asyncinternaldb.was_copied", "true");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.backgroundver", 1);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.certdomaininstaller", "");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.cookie.InstallationTime.value", "1427917904");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.description", "Lights out for YouTube");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.domain", "");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.enablesearch", false);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.homepage", "");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.changeprevious", false);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.iframe", false);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.InstallationTime", 1427917904);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%220%22%2C%22
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:0
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 203
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.reporting_user_key_index.expiration", "Sat Mar 29 2025 20:52:05
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.reporting_user_key_index.value", "434");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.Resources_appVer.value", "108");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100")
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.Resources_nextCheck.expiration", "Thu Apr 02 2015 03:52:05 GMT+0
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100"
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.lastDailyReport", "1427917923147");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.lastUpdate", "1427917906215");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.manifesturl", "");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.name", "CinemaP-1.4c");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.newtab", "");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.opensearch", "");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.pluginsurl", "http://js.staticclientstorage.com/plugin/apps/65781/plugins/n
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.pluginsversion", 104);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.publisher", "Cinema Plus");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.searchstatus", 0);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.setnewtab", false);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.thankyou", "");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.updateinterval", 360);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.65781.ver", 108);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.apps", "65781");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.bic", "14c768a18f835c70730e83f7ee229d5d");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.cid", 65781);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.firstrun", false);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.hadappinstalled", true);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.installationdate", 1427917904);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.modetype", "production");
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.reportInstall", true);
user_pref("extensions.a23fb8bb3ac214230bbfa49b94968bc63gmailcom65781.statsDailyCounter", 1);
---- Lines ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913 removed from prefs.js ----
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.active", true);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.addressbar", "NA");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.addressbarenhanced", "");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.asyncdb.was_copied", "true");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.asyncinternaldb.was_copied", "true");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.comab6e4f540
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.comab6e4f540
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.comasyncdb_d
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.comasyncdb_d
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.comasyncinte
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.comasyncinte
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.backgroundver", 1);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.certdomaininstaller", "");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.cookie.InstallationTime.value", "1427917907");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.description", "MediaPlayerEnhance Extension");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.domain", "");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.enablesearch", false);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.homepage", "");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.changeprevious", false);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.iframe", false);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.InstallationTime", 1427917907);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 0
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.InstallerUserIdentifiersCache.value", "%7B%22install
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Fe
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.monetization_plugin_bundledWithHash.expiration", "Fr
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.monetization_plugin_bundledWithHash.value", "null");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D")
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.monetization_plugin_regBundledWithSoftware.expiratio
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.monetization_plugin_regBundledWithSoftware.value", "
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.reporting_user_key_index.expiration", "Sat Mar 29 20
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.reporting_user_key_index.value", "616");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.Resources_appVer.value", "65");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:0
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.Resources_nextCheck.expiration", "Thu Apr 02 2015 03
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.lastDailyReport", "1427917907248");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.lastUpdate", "1427917907123");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.manifesturl", "");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.name", "MediaPlayersvideos 1.1");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.newtab", "");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.opensearch", "");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.pluginsurl", "http://js.ourstatsstaticstack.com/plugin/apps/679
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.pluginsversion", 60);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.publisher", "Freeven");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.searchstatus", 0);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.setnewtab", false);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.thankyou", "");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.updateinterval", 360);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.67913.ver", 65);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.apps", "67913");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.bic", "14c768a18f835c70730e83f7ee229d5d");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.cid", 67913);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.firstrun", false);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.hadappinstalled", true);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.installationdate", 1421371319);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.installerAdditionalInfo", "{\"asw\":[8, -2147483387, 553648128, 0],\"
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.modetype", "production");
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.reportInstall", true);
user_pref("extensions.ab6e4f54065ff48dd97db30cac9b45f807bf54a45a4669e51ccom67913.statsDailyCounter", 1);
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_08.10.2015_1948_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\1506d757-ae7d-4941-b122-7882980593ca not found
C:\PROGRA~2\69178466-0413-4390-b29a-155a34322967 not found
C:\PROGRA~2\866d0873-6818-484f-b21a-8e27e7eb6cce not found
C:\PROGRA~2\Feed Notifier not found
C:\PROGRA~2\Lenovo not found
C:\PROGRA~2\cs deleted
C:\PROGRA~3\DivX deleted
C:\logFile.txt deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Marek\Downloads\reimagerepair (1).exe deleted
C:\Users\Marek\Downloads\reimagerepair.exe deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\xllezto5.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06.05.2015 23:01]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [06.05.2015 23:01]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\xllezto5.default
- ausaddonbarteopl - %ProfilePath%\extensions\ausaddonbar@teo.pl
- autopagermozillaorg - %ProfilePath%\extensions\autopager@mozilla.org
- jid05q424C3HVeyE2T4d9bkO7CpXNjUjetpack - %ProfilePath%\extensions\jid0-5q424C3HVeyE2T4d9bkO7CpXNjU@jetpack
- jid0W5zY771zDsu5o7dTJ8KHm38w1xsjetpack - %ProfilePath%\extensions\jid0-W5zY771zDsu5o7dTJ8KHm38w1xs@jetpack
- killjasminpierros14com - %ProfilePath%\extensions\killjasmin@pierros14.com
- testresults_seleniumideSamitBadle - %ProfilePath%\extensions\test-results_selenium-ide@Samit.Badle
- useragentrgmozillaorg - %ProfilePath%\extensions\useragentrg@mozilla.org
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

ekkkpjnnhmokcnfdllcgldppopnneooi - Marek\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekkkpjnnhmokcnfdllcgldppopnneooi
ihbiedpeaicgipncdnnkikeehnjiddck - Marek\AppData\Roaming\Opera Software\Opera Stable\Extensions\ihbiedpeaicgipncdnnkikeehnjiddck
ponhjlldbpnmeieenmaacddmlfpdielh - Marek\AppData\Roaming\Opera Software\Opera Stable\Extensions\ponhjlldbpnmeieenmaacddmlfpdielh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130880142467730692&GUID=D2BE686B-4914-47FF-A07B-2AEADB213084"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130880142467730692&GUID=D2BE686B-4914-47FF-A07B-2AEADB213084"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0BE5C483-8582-432A-B141-8B3309AB4D76} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_16194"
{0CC02424-D856-4EF8-8B80-F3908A602F62} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_16194"
{409D69A2-EB51-4B0C-A57D-07B51E2A7608} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_16194"
{861E4F2B-33D7-4783-BD14-C88E0F3DF448} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_16194"
{D208FDAA-0E4D-4664-99EF-DEA52C62EB48} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_16194"
{E866EB05-C232-4FDE-BAA0-CF87AB4FC85E} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"
{EC9953EB-E159-40E9-B29A-BF22F8756216} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_16194"
{FAFA92C9-DA28-4FD2-A519-C3D5CAEC8005} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"

==== Reset Google Chrome ======================

C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Marek\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Marek\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Marek\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Marek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Marek\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=119 folders=20 18225966 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Marek\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Marek\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Marek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on źt 08.10.2015 at 23:37:14,20 ======================

marac
nováček
Příspěvky: 12
Registrován: říjen 15
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - vyskakující okna, automatické zavírání prohlížeče, spousta reklam

Příspěvekod marac » 09 říj 2015 10:06

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:24, on 9.10.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)


Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\UMonit64.exe
C:\Users\Marek\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Users\Marek\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Marek\Documents\Práce\Kalkulačky\KoopP7BNExtern\KoopPDFServerSA.exe
C:\Users\Marek\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marek\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... EADB213084
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: STATISTICA Browser Helper - {990A8747-93BF-4EF7-B72E-94A6884B98C2} - C:\Program Files\StatSoft\STATISTICA 12\Support\StaBHO.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [DTS Studio Sound] "C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe" /HIDEME
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AMDQuickStream.exe -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Marek\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Marek\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Marek\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Kooperativa - PDF Server.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ArcGIS License Manager - Flexera Software LLC - C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10737 bytes

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - vyskakující okna, automatické zavírání prohlížeče, spousta reklam

Příspěvekod Orcus » 09 říj 2015 11:53

jaro3 píše:
Platform: Windows 7 --- doinstaluj si SP1!

+ informuj o problémech.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 93 hostů