Prosím o kontrolu logu - webssearches

qviik · Příspěvekod **qviik** » 18 zář 2014 13:11

Z tohoto odkazu soubor stáhnout jde, ale při instalaci vyskakují opakovaně okna, která hlásí nějaké chyby, stejně jako před tím :-(

Reklama

Příspěvekod **Orcus** » 19 zář 2014 00:15

OK. MBAM zatím necháme, budeme pokačovat standartně.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

qviik · Příspěvekod **qviik** » 19 zář 2014 08:34

# AdwCleaner v3.310 - Report created 19/09/2014 at 08:32:18
# Updated 12/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Uživatel - NONAME-ZIQKCX9Z
# Running from : E:\HUMUS\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****

Service Found : IePluginServices
Service Found : WindowsMangerProtect

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml
Folder Found : C:\Documents and Settings\All Users\Data aplikací\IePluginServices
Folder Found : C:\Documents and Settings\All Users\Data aplikací\NCH Software
Folder Found : C:\Documents and Settings\All Users\Data aplikací\WindowsMangerProtect
Folder Found : C:\Documents and Settings\Uživatel\Data aplikací\337Games
Folder Found : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593\SafePCRepair_89
Folder Found : C:\Documents and Settings\Uživatel\Data aplikací\NCH Software
Folder Found : C:\Documents and Settings\Uživatel\Data aplikací\webssearches
Folder Found : C:\Program Files\GreenTree Applications
Folder Found : C:\Program Files\NCH Software
Folder Found : C:\Program Files\SupTab

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Found : C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX9QF3J17V )
Shortcut Found : C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (bez doplňků).lnk ( hxxp://istart.webssearches.com/?type=sc ... XX9QF3J17V )
Shortcut Found : C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (Žádné doplňky).lnk ( hxxp://istart.webssearches.com/?type=sc ... XX9QF3J17V )
Shortcut Found : C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX9QF3J17V )
Shortcut Found : C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Spustit prohlížeč Internet Explorer.lnk ( hxxp://istart.webssearches.com/?type=sc ... XX9QF3J17V )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "C:\Program Files\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc ... XX9QF3J17V
Key Found : HKCU\Software\ICQ\ICQToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKCU\Software\SupHpUISoft
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\webssearches uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Found : HKLM\SOFTWARE\Speedchecker Limited
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\supWPM
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\webssearchesSoftware
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp ... XX9QF3J17V
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp ... XX9QF3J17V

-\\ Mozilla Firefox v32.0.1 (x86 cs)

[ File : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593\prefs.js ]

Line Found : user_pref("extensions.toolbar.mindspark._89Members_.lastActivePing", "1410980920660");
Line Found : user_pref("extensions.toolbar.mindspark._89Members_.weather.location", "10001");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "safepcrepair@mindspark.com");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R1].txt - [5944 octets] - [19/09/2014 08:25:25]
AdwCleaner[R2].txt - [5864 octets] - [19/09/2014 08:32:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [5924 octets] ##########

qviik · Příspěvekod **qviik** » 19 zář 2014 08:54

""Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni"""
..... po kliknutí pravého tl. myši na JRT.exe se nabízí pouze možnost "spustit jako ...", následuje okno "otevřít soubor", spustit, otevře se okno "spustit jako" a zde jsou dvě možnosti, za 1. aktuální uživatel...po potvrzení naběhne okno s chybou: Could not create folder "C:\DOCUME-1\UIVATE-1\LOCALS-1\Temp\jrt" - přístup byl odepřen, za 2. následující uživatel a dá se vybrat administrator nebo uživatel, ale k oboum to chce dále nějaké heslo a dál mě to nepustí. Takže vůbec nevím, co s tím :huh:

qviik · Příspěvekod **qviik** » 19 zář 2014 09:26

RogueKiller

poližka Kontrola Faked tam nebyla....místo ní tam bylo: Offline Reg

RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Uživatel [Práva správce]
Mód : Kontrola -- Datum : 09/19/2014 09:23:55

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 19 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 81.90.174.50 81.90.160.1 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 81.90.174.50 81.90.160.1 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0100E881-AA8D-4A4C-B6F7-6D93DF16FF0E} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{969C7104-7AC5-4932-AA08-10F5C2E5628A} | DhcpNameServer : 10.254.2.1 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0100E881-AA8D-4A4C-B6F7-6D93DF16FF0E} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{969C7104-7AC5-4932-AA08-10F5C2E5628A} | DhcpNameServer : 10.254.2.1 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C0E445E8-6954-4986-84D3-E81D5AD7449E} | DhcpNameServer : 81.90.174.50 81.90.160.1 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C0E445E8-6954-4986-84D3-E81D5AD7449E} | DhcpNameServer : 81.90.174.50 81.90.160.1 -> NALEZENO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NALEZENO
[PUM.HomePage] HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://istart.webssearches.com/?type=hp ... XX9QF3J17V -> NALEZENO
[PUM.HomePage] HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1008\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NALEZENO
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NALEZENO
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NALEZENO
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NALEZENO
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1008\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NALEZENO
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 1 (Driver: NAHRÁNO) ¤¤¤
[IRP:Addr(Hook.IRP)] atapi.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : prosync1.sys @ 0xb85b46c1

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] osde3ijm.default-1361893236593 : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> NALEZENO

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] e8535870bcad489eb4452ba9bb69eda1
[BSP] 373a242d2d75030b9bed2f0aff53248c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 131061 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 268414020 | Size: 174181 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )

+++++ PhysicalDrive1: Samsung M3 Portable USB Device +++++
--- User ---
[MBR] 1374ab1f71d660f7b0202f22c4fb122c
[BSP] 3720cdad963c1560384104d8d1c5cf81 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 953867 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

============================================
RKreport_SCN_09192014_091631.log - RKreport_SCN_09192014_092105.log - RKreport_SCN_09192014_092113.log - RKreport_DEL_09192014_092125.log

Příspěvekod **jaro3** » 19 zář 2014 09:51

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

qviik · Příspěvekod **qviik** » 19 zář 2014 12:27

# AdwCleaner v3.310 - Report created 19/09/2014 at 12:23:09
# Updated 12/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Uživatel - NONAME-ZIQKCX9Z
# Running from : E:\HUMUS\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : IePluginServices
Service Deleted : WindowsMangerProtect

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\IePluginServices
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\WindowsMangerProtect
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\SupTab
Folder Deleted : C:\Documents and Settings\Uživatel\Data aplikací\337Games
Folder Deleted : C:\Documents and Settings\Uživatel\Data aplikací\NCH Software
Folder Deleted : C:\Documents and Settings\Uživatel\Data aplikací\webssearches
Folder Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593\SafePCRepair_89
File Deleted : C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (bez doplňků).lnk
Shortcut Disinfected : C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (Žádné doplňky).lnk
Shortcut Disinfected : C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\Uživatel\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Spustit prohlížeč Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\webssearches uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WindowsMangerProtect

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v32.0.1 (x86 cs)

[ File : C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593\prefs.js ]

Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.lastActivePing", "1410980920660");
Line Deleted : user_pref("extensions.toolbar.mindspark._89Members_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "safepcrepair@mindspark.com");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R3].txt - [5944 octets] - [19/09/2014 12:17:21]
AdwCleaner[S0].txt - [5103 octets] - [19/09/2014 12:23:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5163 octets] ##########

qviik · Příspěvekod **qviik** » 19 zář 2014 12:39

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.7 (09.18.2014:2)
OS: Microsoft Windows XP x86
Ran by Uživatel on pá 19.09.2014 at 12:31:50,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pá 19.09.2014 at 12:36:13,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

qviik · Příspěvekod **qviik** » 19 zář 2014 12:49

RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Uživatel [Práva správce]
Mód : Odebrat -- Datum : 09/19/2014 12:48:02

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 20 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 81.90.174.50 81.90.160.1 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 81.90.174.50 81.90.160.1 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0100E881-AA8D-4A4C-B6F7-6D93DF16FF0E} | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{969C7104-7AC5-4932-AA08-10F5C2E5628A} | DhcpNameServer : 10.254.2.1 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0100E881-AA8D-4A4C-B6F7-6D93DF16FF0E} | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{969C7104-7AC5-4932-AA08-10F5C2E5628A} | DhcpNameServer : 10.254.2.1 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C0E445E8-6954-4986-84D3-E81D5AD7449E} | DhcpNameServer : 81.90.174.50 81.90.160.1 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C0E445E8-6954-4986-84D3-E81D5AD7449E} | DhcpNameServer : 81.90.174.50 81.90.160.1 -> NAHRAZENO ()
[PUM.Policies] HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1008\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NAHRAZENO (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NAHRAZENO (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1008\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NAHRAZENO (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NAHRAZENO (http://go.microsoft.com/fwlink/?LinkId=54896)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost -> VYMAZÁNO

¤¤¤ Antirootkit : 1 (Driver: NAHRÁNO) ¤¤¤
[IRP:Addr(Hook.IRP)] atapi.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : prosync1.sys @ 0xb85b46c1

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[IE:Addon] System : Nástroje Lištičky [{1EA00BE1-6E54-4E2A-8099-680300BF23E1}] -> VYMAZÁNO
[PUM.HomePage][FIREFX:Config] osde3ijm.default-1361893236593 : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> NAHRAZENO (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] e8535870bcad489eb4452ba9bb69eda1
[BSP] 373a242d2d75030b9bed2f0aff53248c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 131061 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 268414020 | Size: 174181 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )

============================================
RKreport_DEL_09192014_092125.log - RKreport_SCN_09192014_091631.log - RKreport_SCN_09192014_092105.log - RKreport_SCN_09192014_092113.log
RKreport_SCN_09192014_092354.log - RKreport_SCN_09192014_124544.log

qviik · Příspěvekod **qviik** » 19 zář 2014 13:21

Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by Uživatel on pá 19.09.2014 at 12:52:02,50.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Uživatel\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19.9.2014 13:00:35 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully
HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully
HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1008\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully
HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Documents and Settings\UIVATE~1\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593\prefs.js:

Added to C:\Documents and Settings\UIVATE~1\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\UIVATE~1\Data aplikací\Mozilla\Firefox\Profiles\fpsniba6.default\prefs.js:

Added to C:\Documents and Settings\UIVATE~1\Data aplikací\Mozilla\Firefox\Profiles\fpsniba6.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\MSN Explorer\shell\open\command]
@="C:\\Program Files\\MSN\\MSNCoreFiles\\MSN6.exe"

==== Deleting Files \ Folders ======================

C:\Program Files\ComPlus Applications deleted
C:\Program Files\Yahoo! deleted
C:\UNWISE.EXE deleted
C:\Documents and Settings\Uživatel\Data aplikací\ICQ Toolbar deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Yahoo! Companion deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\boost_interprocess deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\ICQ deleted
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\adawarebp deleted
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\cache deleted
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\CrashRpt deleted
C:\Documents and Settings\UIVATE~1\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593\extensions\trash\89ffxtbr@SafePCRepair_89.com deleted
C:\Documents and Settings\UIVATE~1\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593\Invalidprefs.js deleted
C:\Documents and Settings\UIVATE~1\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593\extensions\jid1-yZwVFzbsyfMrqQ@jetpack deleted
"C:\Documents and Settings\Uživatel\Data aplikací\gnupg" deleted
"C:\Documents and Settings\Uživatel\Data aplikací\poclbm" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02.09.2009 03:00]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\UIVATE~1\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593
- Undetermined - %ProfilePath%\extensions\trash
- Kinotip Finder and Dowloander - %ProfilePath%\extensions\sracka@pica.cz.xpi

ProfilePath: C:\Documents and Settings\UIVATE~1\Data aplikací\Mozilla\Firefox\Profiles\fpsniba6.default
- Undetermined - %ProfilePath%\extensions\jid1-yZwVFzbsyfMrqQ@jetpack

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593
DFC9460CC37E5C414DC4680B10C19E7A - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
0C0C5C207121C7A78414A8250E8E099A - C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll - Shockwave for Director / Shockwave for Director
4A053A825BEC81965CD5AB72DF247D68 - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll - Uplay PC
6F2A22BB8D209D4461A7CBED5FE7450D - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll - Uplay PC Hub Plugin
21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
E0BCE90537E4A41AF36D5BDD5963A09D - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
7E54D1EC87CE306CB1A26CE59AFE6E37 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
D33D39A318AEA70691CED7530E2D9DF9 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
CFBC726A1712BD8DC9914EA06DBCE20B - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lfffjahnfbocnaooecgijfnbpcfekoik - C:\Documents and Settings\All Users\Data aplikací\adawaretb\shortcuts\chrome\adawaretb.crx[]

Docs - Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

==== Chromium Startpages ======================

C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Preferences
"homepage": "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=F0340121DE9D050542DFFF513F76B15B",
"http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=F0340121DE9D050542DFFF513F76B15B",
"homepage": "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=F0340121DE9D050542DFFF513F76B15B",
"http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=F0340121DE9D050542DFFF513F76B15B",

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Prev Search Page"="http://www.google.com"
"Prev Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Prev Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Prev Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\Uživatel\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\COMODO\Dragon\User Data\Default\Cache emptied successfully
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=134 folders=43 3757087 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\Documents and Settings\UpdatusUser\Local Settings\temp emptied successfully
C:\Documents and Settings\Uživatel\Local Settings\temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

Příspěvekod **jaro3** » 19 zář 2014 18:26

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

qviik · Příspěvekod **qviik** » 20 zář 2014 16:51

ComboFix 14-09-18.01 - Uživatel 20.09.2014 14:55:33.11.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1218 [GMT 2:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personální firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-08-20 do 2014-09-20 )))))))))))))))))))))))))))))))
.
.
2014-09-19 19:25 . 2014-09-19 19:25 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Data aplikací\COMODO
2014-09-19 11:15 . 2014-09-19 10:51 24064 ----a-w- c:\windows\zoek-delete.exe
2014-09-19 10:51 . 2014-09-19 11:12 -------- d-----w- C:\zoek_backup
2014-09-19 10:16 . 2014-09-19 10:23 -------- d-----w- C:\AdwCleaner
2014-09-19 07:08 . 2014-09-19 10:41 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-19 07:08 . 2014-09-19 07:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2014-09-18 11:05 . 2014-09-18 11:39 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-17 21:05 . 2014-09-17 21:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\COMODO
2014-09-17 21:04 . 2014-09-17 21:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2014-09-17 20:26 . 2014-09-17 20:26 -------- d-----w- c:\program files\Common Files\Skype
2014-09-17 18:49 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-09-16 12:56 . 2013-07-18 14:06 187904 --s-a-w- c:\windows\system32\lcpmnceadud.exe
2014-09-16 12:55 . 2013-10-26 18:30 972814 --s-a-w- c:\windows\system32\dcgmnceadud.exe
2014-09-16 12:55 . 2014-09-16 12:55 -------- d-----w- c:\windows\system32\bitstreams
2014-09-16 12:55 . 2013-12-09 22:30 10236928 --s-a-w- c:\windows\system32\acumnceadud.exe
2014-09-16 12:55 . 2013-06-12 13:15 100864 --s-a-w- c:\windows\system32\zlib1.dll
2014-09-16 12:55 . 2013-10-26 18:30 538126 --s-a-w- c:\windows\system32\libcurl-4.dll
2014-09-16 12:55 . 2013-10-26 18:30 192512 --s-a-w- c:\windows\system32\libidn-11.dll
2014-09-16 12:55 . 2013-10-26 18:30 171008 --s-a-w- c:\windows\system32\libssh2.dll
2014-09-16 12:55 . 2013-10-26 18:30 133632 --s-a-w- c:\windows\system32\librtmp.dll
2014-09-16 12:55 . 2013-06-12 13:15 119888 --s-a-w- c:\windows\system32\pthreadGC2.dll
2014-09-16 12:55 . 2012-09-25 21:46 472424 --s-a-w- c:\windows\system32\cudart32_50_35.dll
2014-09-16 12:55 . 2012-05-26 23:36 55808 --s-a-w- c:\windows\system32\pthreadVC2.dll
2014-09-15 18:35 . 2014-09-15 18:35 -------- d-----w- c:\windows\ERUNT
2014-08-30 10:51 . 2014-08-30 10:51 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Adobe
2014-08-28 08:29 . 2014-08-28 08:29 -------- d-----w- c:\documents and settings\Uživatel\Data aplikací\dvdcss
2014-08-25 06:36 . 2014-08-25 06:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\COMODO
2014-08-24 17:11 . 2014-08-24 17:11 -------- d-----w- C:\UpdateChromeLinksLogs
2014-08-24 17:11 . 2014-08-24 17:11 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2014-08-24 17:08 . 2014-08-24 17:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\COMODO
2014-08-24 17:08 . 2014-08-24 17:08 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\COMODO
2014-08-24 17:08 . 2014-08-24 17:08 48392 ----a-w- c:\windows\system32\certsentry.dll
2014-08-24 17:07 . 2014-08-24 17:07 -------- d-----w- c:\program files\Comodo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-19 08:11 . 2010-04-18 18:57 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-09-19 08:10 . 2010-04-18 18:57 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-09-16 12:58 . 2007-08-21 13:06 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-09-16 12:44 . 2014-09-16 12:44 454144 ----a-w- c:\windows\inf\SYSTEM-x32.exe
2014-09-16 12:44 . 2014-09-16 12:44 24064 ----a-w- c:\windows\inf\poclbm.exe
2014-09-16 12:44 . 2014-09-16 12:44 479744 ----a-w- c:\windows\inf\wxmsw28uh_html_vc.dll
2014-09-16 12:44 . 2014-09-16 12:44 3165184 ----a-w- c:\windows\inf\wxmsw28uh_core_vc.dll
2014-09-16 12:44 . 2014-09-16 12:44 730112 ----a-w- c:\windows\inf\wxmsw28uh_adv_vc.dll
2014-09-16 12:44 . 2014-09-16 12:44 1300992 ----a-w- c:\windows\inf\wxbase28uh_vc.dll
2014-09-16 12:44 . 2014-09-16 12:44 122368 ----a-w- c:\windows\inf\wxbase28uh_net_vc.dll
2014-09-16 12:44 . 2014-09-16 12:44 110080 ----a-w- c:\windows\inf\pywintypes27.dll
2014-09-16 12:44 . 2014-09-16 12:44 2303488 ----a-w- c:\windows\inf\python27.dll
2014-09-16 12:44 . 2014-09-16 12:44 569680 ----a-w- c:\windows\inf\msvcp90.dll
2014-09-16 12:43 . 2014-09-16 12:43 212992 ----a-w- c:\windows\inf\system32-x86.exe
2014-09-16 12:43 . 2014-09-16 12:43 219648 ----a-w- c:\windows\inf\boost_python-vc90-mt-1_48.dll
2014-09-16 12:43 . 2014-09-16 12:43 64000 ----a-w- c:\windows\inf\MPR.dll
2014-09-16 12:43 . 2014-09-16 12:43 4096 ----a-w- c:\windows\inf\API-MS-Win-Core-LocalRegistry-L1-1-0.dll
2014-09-16 12:22 . 2007-11-28 14:49 22328 ----a-w- c:\documents and settings\Uživatel\Data aplikací\PnkBstrK.sys
2014-09-15 19:30 . 2009-03-29 17:28 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-09-14 19:54 . 2010-04-18 18:57 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-09-13 05:44 . 2012-04-25 14:01 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-13 05:44 . 2011-11-23 17:33 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-25 10:55 . 2014-08-09 06:46 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-07-25 10:26 . 2014-08-09 06:46 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-06-22 15:37 . 2011-12-21 13:20 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"System-boot"="c:\windows\inf\SYSTEM-x32.exe" [2014-09-16 454144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-05-12 15677728]
"NvMediaCenter"="NvMCTray.dll" [2013-05-12 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-05-12 2562848]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"RTHDCPL"="RTHDCPL.EXE" [2013-04-02 20143176]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2013-12-20 807696]
"QuickTime Task"="c:\documents and settings\UŽIVATEL\PLOCHA\HUMUS\POTŘEBA\OLYMPUS\qttask.exe" [2007-10-06 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="e:\humus\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
REALTEK RTL8187B Wireless LAN Utility.lnk - c:\program files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe /H [2013-6-27 966656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"nSvcIp"=2 (0x2)
"IDriverT"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE"
"TuneUp MemOptimizer"="c:\documents and settings\Uživatel\Plocha\HUMUS\Potřeba\Tuneup utilities\MemOptimizer.exe" autostart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDogPath323VMSnap"=c:\windows\VMSnap23.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"PCSuiteTrayApplication"=e:\humus\Nokia PC Suite 6\LaunchApplication.exe -startup
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"SkyTel"=SkyTel.EXE
"BigDogPath323Domino"=c:\windows\Domino.exe
"QuickTime Task"="c:\documents and settings\UŽIVATEL\PLOCHA\HUMUS\POTŘEBA\OLYMPUS\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Documents and Settings\\Uživatel\\Plocha\\Hry\\ET\\ET.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\ICQ7.5\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Realtek\\RTL8187B Wireless LAN Utility\\RtWLan.exe"=
"c:\\Documents and Settings\\Uživatel\\Data aplikací\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Documents and Settings\\Uživatel\\Plocha\\Hry\\Carel\\Prográmky\\utorrent\\utorrent.exe"=
"e:\\Hry\\Call of Juarez\\CoJBiBGame_x86.exe"=
"e:\\Hry\\COD\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"443:TCP"= 443:TCP:War Thunder
"20010:UDP"= 20010:UDP:War Thunder
"3478:UDP"= 3478:UDP:War Thunder
"7850:TCP"= 7850:TCP:War Thunder
"7852:TCP"= 7852:TCP:War Thunder
"7853:TCP"= 7853:TCP:War Thunder
"27022:TCP"= 27022:TCP:War Thunder
"6881:TCP"= 6881:TCP:War Thunder
"33333:TCP"= 33333:TCP:War Thunder
"20443:TCP"= 20443:TCP:War Thunder
"8090:TCP"= 8090:TCP:War Thunder
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sfdrv02;FrontLine Environment Driver (v2);c:\windows\system32\drivers\sfdrv02.sys [11.9.2006 13:57 67960]
R0 sfsync05;FrontLine Synchronization Driver (v5);c:\windows\system32\drivers\sfsync05.sys [11.8.2006 18:09 59776]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 10:20 134248]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [20.12.2013 17:44 106256]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [20.12.2013 17:44 385808]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12.9.2013 13:06 1337752]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [14.6.2011 13:32 19072]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.8.2013 11:22 242240]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.4.2007 13:31 691696]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [20.12.2013 17:43 402192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.4.2014 20:21 315008]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.5.2013 11:38 1691480]
S3 RT80x86;Airlive 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [14.6.2011 13:31 1069824]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [20.9.2010 11:12 65664]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [25.7.2007 17:15 476672]
S3 ZSMC326;VIMICRO USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [21.6.2007 12:02 260096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Obsah adresáře 'Naplánované úlohy'
.
2014-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 05:44]
.
2014-08-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-14 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: Download all by FlashGet3 - c:\documents and settings\Uživatel\Data aplikací\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Uživatel\Data aplikací\FlashGetBHO\GetUrl.htm
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
Trusted Zone: kuaiche.com\software
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\osde3ijm.default-1361893236593\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-20 15:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:17,2a,ae,23,47,c7,ab,d9,f4,a3,c9,0f,ab,71,47,67,56,2f,96,5c,6a,98,c1,
da,80,97,d3,81,c4,6e,5b,aa,02,68,6a,87,1f,4e,1a,a3,7c,86,04,69,7c,ae,4e,ab,\
"??"=hex:c2,7c,3e,9a,54,a8,51,d9,69,2e,b5,10,dd,c5,51,56
.
[HKEY_USERS\S-1-5-21-1292428093-1965331169-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:ca,5d,c7,70,70,4b,50,61,96,da,c6,4b,4d,99,c5,77,a2,72,dd,23,1e,
88,02,ae,ce,54,1d,d9,9a,cb,f3,52,c6,0a,81,ac,c2,4b,9d,14,20,6e,85,e7,ab,4a,\
"rkeysecu"=hex:2b,76,63,e3,79,a5,cc,06,3a,27,34,3f,78,ee,98,29
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:58,36,3a,1b,b2,06,07,4e,cf,74,47,7b,8d,9b,2b,cf,fb,8b,a9,6c,12,8e,11,
56,65,8e,78,1f,25,88,2c,56,80,5c,f0,20,41,c9,68,f3,8c,3a,90,29,0c,5e,31,25,\
"??"=hex:68,56,ac,3c,06,a5,7f,be,cb,ba,55,3a,9c,b4,65,5a
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2144)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2014-09-20 16:04:11
ComboFix-quarantined-files.txt 2014-09-20 14:03
ComboFix2.txt 2014-09-18 08:15
.
Před spuštěním: Volných bajtů: 19 071 512 576
Po spuštění: Volných bajtů: 19 039 322 112
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin /usepmtimer
.
- - End Of File - - 652197C3A99DC5766D775FF63414E80B
8F558EB6672622401DA993E1E865C861

Prosím o kontrolu logu - webssearches Vyřešeno

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Re: Prosím o kontrolu logu - webssearches

Kdo je online