Zdravím, mám takový probém... Něco mi blokuje určité internetové stránky, a nemůžu přijít na to co. Problém se projevuje takto: Internet mi běžně funguje, ale nemůžu se dostat na pár konkrétních webů. Jde třeba o zive.cz, aukro.cz a teď nově i allegro.pl. Seznam je ještě větší o trochu, ale ty další weby nenavštěvuji tak často proto si je nepamatuji. Blacklist na jaké weby nemůžu se rozšiřuje. Asi před půl rokem přestalo fungovat zive.cz ale to jsem si myslel že skončili, tak jsem tomu nevěnoval moc pozornost. Asi před dvěma měsíci přestalo fungovat aukro.cz a to jsem si říkal že už je divný, no a dnes jsem zjistil že mi už nefunguje ani allegro.pl. Nemá to souvislost s četností návštěv, protože je tu několik webů co navštěvuji mnohem častěji a ty fungují. Ani nemám na uvedených webech BAN protože když jsem skoušel live ubuntu tak tam vše jde, a z mobilu přes wifi mi taky ty weby jdou. Pokud použiji nějaký anonymizér, tak weby taky jdou. Pokud však použiji VPN nebo proxy, tak ne. Anonymizérem to tedy funguje ne na základě změny IP ale na základě změny URL v prohlížeči. Je to záhada...
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:49, on 9.12.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\Sony\PlayMemories Home\dfs.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\STK02N\STK02NM.exe
C:\Documents and Settings\já\Data aplikací\Dropbox\bin\Dropbox.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\dmwu.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Documents and Settings\já\Local Settings\Data aplikací\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\Program Files\TouchKit\xTouchMon.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\jmdp\stij.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\já\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1198 ... FFC3EDAF8C
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002&barid={2323F7CA-63FF-11E2-B063-00242154DC92}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 88.208.119.60 silikonky.com
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ClearTKHandle] C:\Program Files\TouchKit\ClearTKHandle.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [cfweatherStation] C:\Weather\Weather.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = ?
O4 - Global Startup: LaunchTouchMon.lnk = C:\Program Files\TouchKit\LaunchTouchMon.exe
O4 - Global Startup: STK02N 2.4 PNP Monitor.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: DeviceFinderService - Unknown owner - C:\Program Files\Sony\PlayMemories Home\dfs.exe
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca0b59fbbe09ff) (gupdate1ca0b59fbbe09ff) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\WINDOWS\system32\dmwu.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
--
End of file - 14079 bytes
Blokování určitých webů - "blacklist" se zvětšuje
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Blokování určitých webů - "blacklist" se zvětšuje
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 113
- Registrován: březen 07
- Bydliště: Ústí nad Orlicí
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Blokování určitých webů - "blacklist" se zvětšuje
No, tak i link na AdwCleaner mi nefungoval. Dostal jsem podezření na conficker ale weby antivirů fungují což conficker blokoval... AdwCleaner jsem tedy stáhl přes anonymizér. Jinak, bylo by možný zjistit konkrétně kterej prevít to blokuje, a před smazáním si projít všechny URL co to blokovalo? Docela by mě to zajímalo co všechno mám zablokovaný a podle jakýho klíče se to blokuje...
# AdwCleaner v3.014 - Report created 10/12/2013 at 16:48:10
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : já - FILIP
# Running from : C:\Documents and Settings\já\Plocha\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : IBUpdaterService
***** [ Files / Folders ] *****
File Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\bProtector_extensions.rdf
File Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\searchplugins\MyStart Search.xml
File Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\searchplugins\Sweetpacks Search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\WINDOWS\system32\dmwu.exe
File Found : C:\WINDOWS\system32\ImhxxpComm.dll
Folder Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
Folder Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\clipple@mooz.github(2).com
Folder Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\printPages2Pdf@reinhold.ripper
Folder Found C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
Folder Found C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Found C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
Folder Found C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Found C:\Documents and Settings\All Users\Data aplikací\NCH Software
Folder Found C:\Documents and Settings\já\Data aplikací\Babylon
Folder Found C:\Documents and Settings\já\Data aplikací\facemoods.com
Folder Found C:\Documents and Settings\já\Data aplikací\OpenCandy
Folder Found C:\Documents and Settings\já\Data aplikací\thinstall
Folder Found C:\Documents and Settings\já\Local Settings\Data aplikací\Conduit
Folder Found C:\Documents and Settings\já\Local Settings\Data aplikací\thinstall
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\ICQ6Toolbar
Folder Found C:\Program Files\SweetIM
Folder Found C:\WINDOWS\system32\ARFC
Folder Found C:\WINDOWS\system32\jmdp
Folder Found C:\WINDOWS\system32\WNLT
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AutocompleteProBHO
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\e55dd88b03bba48
Key Found : HKCU\Software\Grand Virtual
Key Found : HKCU\Software\ICQ\ICQToolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\wnlt
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2748095
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\e55dd88b03bba48
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\Software\ICQ\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\wnlt
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-search.com/?affID=1198 ... FFC3EDAF8C
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={2323F7CA-63FF-11E2-B063-00242154DC92}
-\\ Mozilla Firefox v25.0.1 (cs)
[ File : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\prefs.js ]
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("extensions.facemoods.aflt", "_#ddr");
Line Found : user_pref("extensions.facemoods.firstRun", false);
Line Found : user_pref("extensions.facemoods.lastActv", "17");
Line Found : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Line Found : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=GRfox000&ptb=vIrGd.dBMUw.AAuSnkCecA");
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Found : user_pref("searchreset.backup.browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=EC3A00FFC3EDAF8C");
Line Found : user_pref("searchreset.backup.browser.search.defaultenginename", "SweetIM Search");
Line Found : user_pref("searchreset.backup.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&barid={2323F7CA-63FF-11E2-B063-00242154DC92}&q=");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:home");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={2323F7CA-63FF-11E2-B063-00242154DC92}");
-\\ Google Chrome v
[ File : C:\Documents and Settings\já\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [12032 octets] - [10/12/2013 16:48:10]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12093 octets] ##########
# AdwCleaner v3.014 - Report created 10/12/2013 at 16:48:10
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : já - FILIP
# Running from : C:\Documents and Settings\já\Plocha\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : IBUpdaterService
***** [ Files / Folders ] *****
File Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\bProtector_extensions.rdf
File Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\searchplugins\MyStart Search.xml
File Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\searchplugins\Sweetpacks Search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\WINDOWS\system32\dmwu.exe
File Found : C:\WINDOWS\system32\ImhxxpComm.dll
Folder Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
Folder Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\clipple@mooz.github(2).com
Folder Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\printPages2Pdf@reinhold.ripper
Folder Found C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
Folder Found C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Found C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
Folder Found C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Found C:\Documents and Settings\All Users\Data aplikací\NCH Software
Folder Found C:\Documents and Settings\já\Data aplikací\Babylon
Folder Found C:\Documents and Settings\já\Data aplikací\facemoods.com
Folder Found C:\Documents and Settings\já\Data aplikací\OpenCandy
Folder Found C:\Documents and Settings\já\Data aplikací\thinstall
Folder Found C:\Documents and Settings\já\Local Settings\Data aplikací\Conduit
Folder Found C:\Documents and Settings\já\Local Settings\Data aplikací\thinstall
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\ICQ6Toolbar
Folder Found C:\Program Files\SweetIM
Folder Found C:\WINDOWS\system32\ARFC
Folder Found C:\WINDOWS\system32\jmdp
Folder Found C:\WINDOWS\system32\WNLT
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AutocompleteProBHO
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\e55dd88b03bba48
Key Found : HKCU\Software\Grand Virtual
Key Found : HKCU\Software\ICQ\ICQToolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\OCS
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\wnlt
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2748095
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\e55dd88b03bba48
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\Software\ICQ\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\wnlt
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-search.com/?affID=1198 ... FFC3EDAF8C
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={2323F7CA-63FF-11E2-B063-00242154DC92}
-\\ Mozilla Firefox v25.0.1 (cs)
[ File : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\prefs.js ]
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("extensions.facemoods.aflt", "_#ddr");
Line Found : user_pref("extensions.facemoods.firstRun", false);
Line Found : user_pref("extensions.facemoods.lastActv", "17");
Line Found : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Line Found : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=GRfox000&ptb=vIrGd.dBMUw.AAuSnkCecA");
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Found : user_pref("searchreset.backup.browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=EC3A00FFC3EDAF8C");
Line Found : user_pref("searchreset.backup.browser.search.defaultenginename", "SweetIM Search");
Line Found : user_pref("searchreset.backup.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&barid={2323F7CA-63FF-11E2-B063-00242154DC92}&q=");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:home");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={2323F7CA-63FF-11E2-B063-00242154DC92}");
-\\ Google Chrome v
[ File : C:\Documents and Settings\já\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [12032 octets] - [10/12/2013 16:48:10]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12093 octets] ##########
Naposledy upravil(a) hadic dne 10 pro 2013 17:41, celkem upraveno 1 x.
-
- Level 1.5
- Příspěvky: 113
- Registrován: březen 07
- Bydliště: Ústí nad Orlicí
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Blokování určitých webů - "blacklist" se zvětšuje
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Verze: v2013.12.10.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
já :: FILIP [administrátor]
10.12.2013 17:18:40
MBAM-log-2013-12-10 (17-39-27).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 242897
Uplynulý čas: 15 minut, 37 sekund
Nalezené procesy v paměti: 1
C:\WINDOWS\system32\dmwu.exe (Adware.InstallBrain) -> 1472 -> Nebyla provedena žádná instrukce.
Nalezené moduly v paměti: 1
C:\WINDOWS\system32\jmdp\lmrn.dll (PUP.Optional.Sweetpacks) -> Nebyla provedena žádná instrukce.
Nalezené klíče v registru: 11
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 4
HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Data: SWEETPACKS_SEARCH -> Nebyla provedena žádná instrukce.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {2323F7CA-63FF-11E2-B063-00242154DC92} -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\WNLT|PDV (PUP.Optional.InstallBrain.A) -> Data: [TAILUPGRADECAPTURE] [UPGRADEONIDLE] [BLACKLIST=1] -> Nebyla provedena žádná instrukce.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {2323F7CA-63FF-11E2-B063-00242154DC92} -> Nebyla provedena žádná instrukce.
Nalezené datové položky v registru: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Špatný: (http://www.delta-search.com/?affID=1198 ... FFC3EDAF8C) Dobrý: (http://www.google.com) -> Nebyla provedena žádná instrukce.
Nalezené složky: 7
C:\Documents and Settings\já\Data aplikací\Babylon (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\já\Data aplikací\OpenCandy (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\já\Data aplikací\OpenCandy\B8A512870A804DAE99ED384BEA6CB757 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Program Files\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
Nalezené soubory: 9
C:\WINDOWS\system32\jmdp\lmrn.dll (PUP.Optional.Sweetpacks) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\já\Data aplikací\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\dmwu.exe (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\já\Data aplikací\OpenCandy\B8A512870A804DAE99ED384BEA6CB757\audacity-win-1.2.6.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
(konec)
www.malwarebytes.org
Verze: v2013.12.10.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
já :: FILIP [administrátor]
10.12.2013 17:18:40
MBAM-log-2013-12-10 (17-39-27).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 242897
Uplynulý čas: 15 minut, 37 sekund
Nalezené procesy v paměti: 1
C:\WINDOWS\system32\dmwu.exe (Adware.InstallBrain) -> 1472 -> Nebyla provedena žádná instrukce.
Nalezené moduly v paměti: 1
C:\WINDOWS\system32\jmdp\lmrn.dll (PUP.Optional.Sweetpacks) -> Nebyla provedena žádná instrukce.
Nalezené klíče v registru: 11
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
Nalezené hodnoty v registru: 4
HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Data: SWEETPACKS_SEARCH -> Nebyla provedena žádná instrukce.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {2323F7CA-63FF-11E2-B063-00242154DC92} -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\WNLT|PDV (PUP.Optional.InstallBrain.A) -> Data: [TAILUPGRADECAPTURE] [UPGRADEONIDLE] [BLACKLIST=1] -> Nebyla provedena žádná instrukce.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {2323F7CA-63FF-11E2-B063-00242154DC92} -> Nebyla provedena žádná instrukce.
Nalezené datové položky v registru: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Špatný: (http://www.delta-search.com/?affID=1198 ... FFC3EDAF8C) Dobrý: (http://www.google.com) -> Nebyla provedena žádná instrukce.
Nalezené složky: 7
C:\Documents and Settings\já\Data aplikací\Babylon (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\já\Data aplikací\OpenCandy (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\já\Data aplikací\OpenCandy\B8A512870A804DAE99ED384BEA6CB757 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Program Files\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
Nalezené soubory: 9
C:\WINDOWS\system32\jmdp\lmrn.dll (PUP.Optional.Sweetpacks) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\já\Data aplikací\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\dmwu.exe (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\já\Data aplikací\OpenCandy\B8A512870A804DAE99ED384BEA6CB757\audacity-win-1.2.6.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\system32\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
(konec)
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Blokování určitých webů - "blacklist" se zvětšuje
Všechny nákazy jsou ve výmazech těch programů.
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 113
- Registrován: březen 07
- Bydliště: Ústí nad Orlicí
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Blokování určitých webů - "blacklist" se zvětšuje
# AdwCleaner v3.014 - Report created 10/12/2013 at 21:29:26
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : já - FILIP
# Running from : C:\Documents and Settings\já\Plocha\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : IBUpdaterService
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\já\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\já\Local Settings\Data aplikací\thinstall
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\já\Data aplikací\facemoods.com
Folder Deleted : C:\Documents and Settings\já\Data aplikací\OpenCandy
Folder Deleted : C:\Documents and Settings\já\Data aplikací\thinstall
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\clipple@mooz.github(2).com
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\printPages2Pdf@reinhold.ripper
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\bProtector_extensions.rdf
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\searchplugins\Sweetpacks Search.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\e55dd88b03bba48
Key Deleted : HKLM\SOFTWARE\e55dd88b03bba48
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2748095
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Grand Virtual
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v25.0.1 (cs)
[ File : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\prefs.js ]
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.facemoods.aflt", "_#ddr");
Line Deleted : user_pref("extensions.facemoods.firstRun", false);
Line Deleted : user_pref("extensions.facemoods.lastActv", "17");
Line Deleted : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=GRfox000&ptb=vIrGd.dBMUw.AAuSnkCecA");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Deleted : user_pref("searchreset.backup.browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=EC3A00FFC3EDAF8C");
Line Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "SweetIM Search");
Line Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&barid={2323F7CA-63FF-11E2-B063-00242154DC92}&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:home");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={2323F7CA-63FF-11E2-B063-00242154DC92}");
-\\ Google Chrome v
[ File : C:\Documents and Settings\já\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [12174 octets] - [10/12/2013 16:48:10]
AdwCleaner[R1].txt - [12235 octets] - [10/12/2013 21:26:04]
AdwCleaner[S0].txt - [12000 octets] - [10/12/2013 21:29:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12061 octets] ##########
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : já - FILIP
# Running from : C:\Documents and Settings\já\Plocha\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : IBUpdaterService
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\já\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\já\Local Settings\Data aplikací\thinstall
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\já\Data aplikací\facemoods.com
Folder Deleted : C:\Documents and Settings\já\Data aplikací\OpenCandy
Folder Deleted : C:\Documents and Settings\já\Data aplikací\thinstall
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\clipple@mooz.github(2).com
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\printPages2Pdf@reinhold.ripper
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File Deleted : C:\WINDOWS\system32\dmwu.exe
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\bProtector_extensions.rdf
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\searchplugins\Sweetpacks Search.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\e55dd88b03bba48
Key Deleted : HKLM\SOFTWARE\e55dd88b03bba48
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2748095
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14CD42DD-ABCD-3586-DCAB-40E3693E3737}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Grand Virtual
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
***** [ Browsers ] *****
-\\ Internet Explorer v6.0.2900.5512
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v25.0.1 (cs)
[ File : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\0fpnruwx.default\prefs.js ]
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.facemoods.aflt", "_#ddr");
Line Deleted : user_pref("extensions.facemoods.firstRun", false);
Line Deleted : user_pref("extensions.facemoods.lastActv", "17");
Line Deleted : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=GRfox000&ptb=vIrGd.dBMUw.AAuSnkCecA");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Deleted : user_pref("searchreset.backup.browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&babsrc=NT_ss&mntrId=EC3A00FFC3EDAF8C");
Line Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "SweetIM Search");
Line Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&barid={2323F7CA-63FF-11E2-B063-00242154DC92}&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "about:home");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={2323F7CA-63FF-11E2-B063-00242154DC92}");
-\\ Google Chrome v
[ File : C:\Documents and Settings\já\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [12174 octets] - [10/12/2013 16:48:10]
AdwCleaner[R1].txt - [12235 octets] - [10/12/2013 21:26:04]
AdwCleaner[S0].txt - [12000 octets] - [10/12/2013 21:29:26]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12061 octets] ##########
-
- Level 1.5
- Příspěvky: 113
- Registrován: březen 07
- Bydliště: Ústí nad Orlicí
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Blokování určitých webů - "blacklist" se zvětšuje
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by já on út 10.12.2013 at 22:22:00,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Documents and Settings\já\appdata\locallow\SkwConfig.bin"
~~~ Folders
~~~ FireFox
Emptied folder: C:\Documents and Settings\já\Data aplikací\mozilla\firefox\profiles\0fpnruwx.default\minidumps [6 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on út 10.12.2013 at 22:28:51,84
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org
Verze: v2013.12.10.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
já :: FILIP [administrátor]
10.12.2013 22:31:47
mbam-log-2013-12-10 (22-31-47).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 242693
Uplynulý čas: 14 minut, 23 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by já on út 10.12.2013 at 22:22:00,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Documents and Settings\já\appdata\locallow\SkwConfig.bin"
~~~ Folders
~~~ FireFox
Emptied folder: C:\Documents and Settings\já\Data aplikací\mozilla\firefox\profiles\0fpnruwx.default\minidumps [6 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on út 10.12.2013 at 22:28:51,84
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org
Verze: v2013.12.10.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
já :: FILIP [administrátor]
10.12.2013 22:31:47
mbam-log-2013-12-10 (22-31-47).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 242693
Uplynulý čas: 14 minut, 23 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Naposledy upravil(a) hadic dne 10 pro 2013 22:54, celkem upraveno 2 x.
-
- Level 1.5
- Příspěvky: 113
- Registrován: březen 07
- Bydliště: Ústí nad Orlicí
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Blokování určitých webů - "blacklist" se zvětšuje
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : já [Práva správce]
Mód : Kontrola -- Datum : 12/10/2013 22:50:42
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 6 ¤¤¤
[All Users][SUSP UNIC] LaunchTouchMon.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\LaunchTouchMon.lnk @C:\PROGRA~1\TouchKit\LAUNCH~1.EXE [-][-] -> NALEZENO
[All Users][SUSP UNIC] STK02N 2.4 PNP Monitor.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\STK02N 2.4 PNP Monitor.lnk @C:\WINDOWS\STK02N\STK02NM.exe [-][-] -> NALEZENO
[ja][SUSP UNIC] install.exe : C:\Documents and Settings\ja\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
[já][SUSP UNIC] Dropbox.lnk : C:\Documents and Settings\já\Nabídka Start\Programy\Po spuštění\Dropbox.lnk @C:\DOCUME~1\J1EA6~1\DATAAP~1\Dropbox\bin\Dropbox.exe /systemstartup [-][7] -> NALEZENO
[LocalService][SUSP UNIC] install.exe : C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
[NetworkService][SUSP UNIC] install.exe : C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FF][PROXY] 0fpnruwx.default : user_pref("network.proxy.hxxp", "165.193.102.220"); -> NALEZENO
[FF][PROXY] 0fpnruwx.default : user_pref("network.proxy.hxxp_port", 80); -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (Unknown @ 0xB86B2CA0)
[Inline] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xB86B2D40)
[Inline] SSDT[260] : NtTraceEvent @ 0x805351EE -> HOOKED (Unknown @ 0xB86B2C00)
¤¤¤ Externí včelstvo: ¤¤¤
-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\ja\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
88.208.119.60 silikonky.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJS-00VWA0 +++++
--- User ---
[MBR] a8652c28285ca6dc030aae42864bd12e
[BSP] b207bfd2826ce3a4d6ce987433bf7253 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 220399 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 451378305 | Size: 18073 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_12102013_225042.txt >>
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : já [Práva správce]
Mód : Kontrola -- Datum : 12/10/2013 22:50:42
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 6 ¤¤¤
[All Users][SUSP UNIC] LaunchTouchMon.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\LaunchTouchMon.lnk @C:\PROGRA~1\TouchKit\LAUNCH~1.EXE [-][-] -> NALEZENO
[All Users][SUSP UNIC] STK02N 2.4 PNP Monitor.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\STK02N 2.4 PNP Monitor.lnk @C:\WINDOWS\STK02N\STK02NM.exe [-][-] -> NALEZENO
[ja][SUSP UNIC] install.exe : C:\Documents and Settings\ja\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
[já][SUSP UNIC] Dropbox.lnk : C:\Documents and Settings\já\Nabídka Start\Programy\Po spuštění\Dropbox.lnk @C:\DOCUME~1\J1EA6~1\DATAAP~1\Dropbox\bin\Dropbox.exe /systemstartup [-][7] -> NALEZENO
[LocalService][SUSP UNIC] install.exe : C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
[NetworkService][SUSP UNIC] install.exe : C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FF][PROXY] 0fpnruwx.default : user_pref("network.proxy.hxxp", "165.193.102.220"); -> NALEZENO
[FF][PROXY] 0fpnruwx.default : user_pref("network.proxy.hxxp_port", 80); -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (Unknown @ 0xB86B2CA0)
[Inline] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xB86B2D40)
[Inline] SSDT[260] : NtTraceEvent @ 0x805351EE -> HOOKED (Unknown @ 0xB86B2C00)
¤¤¤ Externí včelstvo: ¤¤¤
-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\ja\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
88.208.119.60 silikonky.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJS-00VWA0 +++++
--- User ---
[MBR] a8652c28285ca6dc030aae42864bd12e
[BSP] b207bfd2826ce3a4d6ce987433bf7253 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 220399 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 451378305 | Size: 18073 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_12102013_225042.txt >>
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Blokování určitých webů - "blacklist" se zvětšuje
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 113
- Registrován: březen 07
- Bydliště: Ústí nad Orlicí
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Blokování určitých webů - "blacklist" se zvětšuje
Ok, roguekiller něco smazal,ale nesmazal jakýsi dvě proxy (vim že proxy vědomě nepoužívám), tak jsem si dovolil ještě smazat ty (pomocí funkce na proxy taky v roguekiller) takže jsou logy dva. Co se týče TDSSKilleru tak ten nic nenašel. Log je příšerně dlouhej tak to tu nechci tapetovat, proto je zde: http://pastebin.com/wm3Lzz0H Btw furt zkouším téměř po každým programu jestli se to rozchodí, a stále weby nefungují
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : já [Práva správce]
Mód : Odebrat -- Datum : 12/11/2013 15:19:23
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 6 ¤¤¤
[All Users][SUSP UNIC] LaunchTouchMon.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\LaunchTouchMon.lnk @C:\PROGRA~1\TouchKit\LAUNCH~1.EXE [-][-] -> VYMAZÁNO
[All Users][SUSP UNIC] STK02N 2.4 PNP Monitor.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\STK02N 2.4 PNP Monitor.lnk @C:\WINDOWS\STK02N\STK02NM.exe [-][-] -> VYMAZÁNO
[ja][SUSP UNIC] install.exe : C:\Documents and Settings\ja\Nabídka Start\Programy\Po spuštění\install.exe [x] ->
[já][SUSP UNIC] Dropbox.lnk : C:\Documents and Settings\já\Nabídka Start\Programy\Po spuštění\Dropbox.lnk @C:\DOCUME~1\J1EA6~1\DATAAP~1\Dropbox\bin\Dropbox.exe /systemstartup [-][7] -> VYMAZÁNO
[LocalService][SUSP UNIC] install.exe : C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění\install.exe [x] ->
[NetworkService][SUSP UNIC] install.exe : C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění\install.exe [x] ->
¤¤¤ Webové prohlížeče : 2 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (Unknown @ 0xB876CCA0)
[Inline] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xB876CD40)
[Inline] SSDT[260] : NtTraceEvent @ 0x805351EE -> HOOKED (Unknown @ 0xB876CC00)
¤¤¤ Externí včelstvo: ¤¤¤
-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\ja\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
88.208.119.60 silikonky.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJS-00VWA0 +++++
--- User ---
[MBR] a8652c28285ca6dc030aae42864bd12e
[BSP] b207bfd2826ce3a4d6ce987433bf7253 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 220399 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 451378305 | Size: 18073 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_12112013_151923.txt >>
RKreport[0]_S_12102013_225042.txt;RKreport[0]_S_12112013_151821.txt
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : já [Práva správce]
Mód : Oprava Proxy -- Datum : 12/11/2013 15:22:36
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FF][PROXY] 0fpnruwx.default : user_pref("network.proxy.hxxp", "165.193.102.220"); -> VYMAZÁNO
[FF][PROXY] 0fpnruwx.default : user_pref("network.proxy.hxxp_port", 80); -> VYMAZÁNO
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\ja\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Nákaza : ¤¤¤
Dokončeno : << RKreport[0]_PR_12112013_152236.txt >>
RKreport[0]_D_12112013_151923.txt;RKreport[0]_S_12102013_225042.txt;RKreport[0]_S_12112013_151821.txt
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : já [Práva správce]
Mód : Odebrat -- Datum : 12/11/2013 15:19:23
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 6 ¤¤¤
[All Users][SUSP UNIC] LaunchTouchMon.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\LaunchTouchMon.lnk @C:\PROGRA~1\TouchKit\LAUNCH~1.EXE [-][-] -> VYMAZÁNO
[All Users][SUSP UNIC] STK02N 2.4 PNP Monitor.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\STK02N 2.4 PNP Monitor.lnk @C:\WINDOWS\STK02N\STK02NM.exe [-][-] -> VYMAZÁNO
[ja][SUSP UNIC] install.exe : C:\Documents and Settings\ja\Nabídka Start\Programy\Po spuštění\install.exe [x] ->
[já][SUSP UNIC] Dropbox.lnk : C:\Documents and Settings\já\Nabídka Start\Programy\Po spuštění\Dropbox.lnk @C:\DOCUME~1\J1EA6~1\DATAAP~1\Dropbox\bin\Dropbox.exe /systemstartup [-][7] -> VYMAZÁNO
[LocalService][SUSP UNIC] install.exe : C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění\install.exe [x] ->
[NetworkService][SUSP UNIC] install.exe : C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění\install.exe [x] ->
¤¤¤ Webové prohlížeče : 2 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (Unknown @ 0xB876CCA0)
[Inline] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xB876CD40)
[Inline] SSDT[260] : NtTraceEvent @ 0x805351EE -> HOOKED (Unknown @ 0xB876CC00)
¤¤¤ Externí včelstvo: ¤¤¤
-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\ja\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
88.208.119.60 silikonky.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJS-00VWA0 +++++
--- User ---
[MBR] a8652c28285ca6dc030aae42864bd12e
[BSP] b207bfd2826ce3a4d6ce987433bf7253 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 220399 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 451378305 | Size: 18073 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_12112013_151923.txt >>
RKreport[0]_S_12102013_225042.txt;RKreport[0]_S_12112013_151821.txt
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : já [Práva správce]
Mód : Oprava Proxy -- Datum : 12/11/2013 15:22:36
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FF][PROXY] 0fpnruwx.default : user_pref("network.proxy.hxxp", "165.193.102.220"); -> VYMAZÁNO
[FF][PROXY] 0fpnruwx.default : user_pref("network.proxy.hxxp_port", 80); -> VYMAZÁNO
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\ja\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Nákaza : ¤¤¤
Dokončeno : << RKreport[0]_PR_12112013_152236.txt >>
RKreport[0]_D_12112013_151923.txt;RKreport[0]_S_12102013_225042.txt;RKreport[0]_S_12112013_151821.txt
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Blokování určitých webů - "blacklist" se zvětšuje
Spusť znovu RogueKiller
Pokud používáš Win Vista či W7, klikni na RogueKiller pravým a dej spustit jako správce.
Pak klikni na Oprava Host a Zpráva - otevře se log, ten sem vlož.
Pak klikni na Oprava Proxy a Zpráva - otevře se log, ten sem vlož.
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.
Pokud používáš Win Vista či W7, klikni na RogueKiller pravým a dej spustit jako správce.
Pak klikni na Oprava Host a Zpráva - otevře se log, ten sem vlož.
Pak klikni na Oprava Proxy a Zpráva - otevře se log, ten sem vlož.
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
- Level 1.5
- Příspěvky: 113
- Registrován: březen 07
- Bydliště: Ústí nad Orlicí
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Blokování určitých webů - "blacklist" se zvětšuje
TDSSKiller zase nic nenašel...
Nový TDSSKiller log: http://pastebin.com/zEA3jEZ6
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : já [Práva správce]
Mód : Kontrola -- Datum : 12/12/2013 10:08:51
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 3 ¤¤¤
[ja][SUSP UNIC] install.exe : C:\Documents and Settings\ja\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
[LocalService][SUSP UNIC] install.exe : C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
[NetworkService][SUSP UNIC] install.exe : C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (Unknown @ 0xB87D8CA0)
[Inline] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xB87D8D40)
[Inline] SSDT[260] : NtTraceEvent @ 0x805351EE -> HOOKED (Unknown @ 0xB87D8C00)
¤¤¤ Externí včelstvo: ¤¤¤
-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\ja\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
88.208.119.60 silikonky.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJS-00VWA0 +++++
--- User ---
[MBR] a8652c28285ca6dc030aae42864bd12e
[BSP] b207bfd2826ce3a4d6ce987433bf7253 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 220399 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 451378305 | Size: 18073 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_12122013_100851.txt >>
RKreport[0]_D_12112013_151923.txt;RKreport[0]_S_12102013_225042.txt;RKreport[0]_S_12112013_151821.txt
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : já [Práva správce]
Mód : Oprava HOSTS -- Datum : 12/12/2013 10:10:01
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\ja\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
88.208.119.60 silikonky.com
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[0]_H_12122013_101001.txt >>
RKreport[0]_D_12112013_151923.txt;RKreport[0]_S_12102013_225042.txt;RKreport[0]_S_12112013_151821.txt
RKreport[0]_S_12122013_100851.txt
Nový TDSSKiller log: http://pastebin.com/zEA3jEZ6
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : já [Práva správce]
Mód : Kontrola -- Datum : 12/12/2013 10:08:51
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 3 ¤¤¤
[ja][SUSP UNIC] install.exe : C:\Documents and Settings\ja\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
[LocalService][SUSP UNIC] install.exe : C:\Documents and Settings\LocalService\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
[NetworkService][SUSP UNIC] install.exe : C:\Documents and Settings\NetworkService\Nabídka Start\Programy\Po spuštění\install.exe [x] -> NALEZENO
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] SSDT[199] : NtRequestPort @ 0x805A2A52 -> HOOKED (Unknown @ 0xB87D8CA0)
[Inline] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xB87D8D40)
[Inline] SSDT[260] : NtTraceEvent @ 0x805351EE -> HOOKED (Unknown @ 0xB87D8C00)
¤¤¤ Externí včelstvo: ¤¤¤
-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\ja\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
88.208.119.60 silikonky.com
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500AAJS-00VWA0 +++++
--- User ---
[MBR] a8652c28285ca6dc030aae42864bd12e
[BSP] b207bfd2826ce3a4d6ce987433bf7253 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 220399 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 451378305 | Size: 18073 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_S_12122013_100851.txt >>
RKreport[0]_D_12112013_151923.txt;RKreport[0]_S_12102013_225042.txt;RKreport[0]_S_12112013_151821.txt
RogueKiller V8.7.11 [Dec 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : já [Práva správce]
Mód : Oprava HOSTS -- Datum : 12/12/2013 10:10:01
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
¤¤¤ Externí včelstvo: ¤¤¤
-> H:\windows\system32\config\SYSTEM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SOFTWARE | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SECURITY | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\SAM | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\windows\system32\config\DEFAULT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\ja\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> H:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - H:] | SYSTEMINFO [Sys - D:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
88.208.119.60 silikonky.com
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[0]_H_12122013_101001.txt >>
RKreport[0]_D_12112013_151923.txt;RKreport[0]_S_12102013_225042.txt;RKreport[0]_S_12112013_151821.txt
RKreport[0]_S_12122013_100851.txt
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 66 hostů