Dobrý večer,
prosím Vás o zkontrolování logu. V NTB mi vyskakují nežádoucí okna. Zkoušel jsem projíždět Avastem - nic, ve stavu nouze pomocí eset online scan - našlo nějaký bordel, smázán. I tak pořád vyskakují okna. Dále kontrolováno Spyware Termenátorem, Housecallem atd. Poradtě mi, díky.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:40:14, on 31.12.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
FIREFOX: 43.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\Jirka\Plocha\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://stoppblock.me/wpad.dat?166754966 ... 8fd3532330
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [MsgTranAgt] "C:\Program Files\ATK Hotkey\MsgTranAgt.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group, LLC - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 6431 bytes
Problém s nežádoucím otevíráním oknen reklam, her Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Problém s nežádoucím otevíráním oknen reklam, her
Odinstaluj:
Spyware Terminator
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Spyware Terminator
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu klikni na „Logfile“ ,objeví log ( jinak je uložen systémovem disku jako AdwCleaner[C?].txt), jeho obsah sem celý vlož.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Problém s nežádoucím otevíráním oknen reklam, her
# AdwCleaner v5.027 - Logfile created 01/01/2016 at 13:52:16
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Jirka - LTM-58C8FE6C6C1
# Running from : C:\Documents and Settings\Jirka\Plocha\adwcleaner_5.027.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\Documents and Settings\All Users\Data aplikací\simplitec
Folder Found : C:\Documents and Settings\Jirka\Data aplikací\SimpleFiles
Folder Found : C:\Documents and Settings\Jirka\Local Settings\Data aplikací\TNT2
Folder Found : C:\Program Files\TNT2
***** [ Files ] *****
File Found : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
***** [ DLL ] *****
***** [ Shortcuts ] *****
Shortcut Infected : C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk ( "hxxp://esurf.biz/?ssid=1451556228&a=1024132&src=sh&uuid=53351884-5410-4e1a-823b-90161b4a3842" --proxy-pac-url=hxxp://stoppblock.me/wpad.dat?16675496684d7831f84e1f9ce24fd8fd3532330 )
Shortcut Infected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome\Google Chrome.lnk ( "hxxp://esurf.biz/?ssid=1451556228&a=1024132&src=sh&uuid=53351884-5410-4e1a-823b-90161b4a3842" --proxy-pac-url=hxxp://stoppblock.me/wpad.dat?16675496684d7831f84e1f9ce24fd8fd3532330 )
Shortcut Infected : C:\Documents and Settings\Jirka\Nabídka Start\Programy\Internet Explorer.lnk ( "hxxp://esurf.biz/?ssid=1451556228&a=1024132&src=sh&uuid=53351884-5410-4e1a-823b-90161b4a3842" )
Shortcut Infected : C:\Documents and Settings\Jirka\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (bez doplňků).lnk ( "hxxp://esurf.biz/?ssid=1451556228&a=1024132&src=sh&uuid=53351884-5410-4e1a-823b-90161b4a3842" )
Shortcut Infected : C:\Documents and Settings\Jirka\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( "hxxp://esurf.biz/?ssid=1451556228&a=1024132&src=sh&uuid=53351884-5410-4e1a-823b-90161b4a3842" --proxy-pac-url=hxxp://stoppblock.me/wpad.dat?16675496684d7831f84e1f9ce24fd8fd3532330 )
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKCU\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin
Key Found : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00011268-E188-40DF-A514-835FCD78B1BF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00011268-E188-40DF-A514-835FCD78B1BF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{00011268-E188-40DF-A514-835FCD78B1BF}]
Key Found : HKCU\Software\SimpleFiles
Key Found : HKCU\Software\TNT2
Key Found : HKLM\SOFTWARE\SimpleFiles
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0EDC9CD8-2C9F-453F-B406-6AF6AA9AFB38}
***** [ Web browsers ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5193 bytes] ##########
U toho RogueKiller by Adlice Software mi nefungujou odkazy, píše to server nenalezen
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Jirka - LTM-58C8FE6C6C1
# Running from : C:\Documents and Settings\Jirka\Plocha\adwcleaner_5.027.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\Documents and Settings\All Users\Data aplikací\simplitec
Folder Found : C:\Documents and Settings\Jirka\Data aplikací\SimpleFiles
Folder Found : C:\Documents and Settings\Jirka\Local Settings\Data aplikací\TNT2
Folder Found : C:\Program Files\TNT2
***** [ Files ] *****
File Found : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
***** [ DLL ] *****
***** [ Shortcuts ] *****
Shortcut Infected : C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk ( "hxxp://esurf.biz/?ssid=1451556228&a=1024132&src=sh&uuid=53351884-5410-4e1a-823b-90161b4a3842" --proxy-pac-url=hxxp://stoppblock.me/wpad.dat?16675496684d7831f84e1f9ce24fd8fd3532330 )
Shortcut Infected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome\Google Chrome.lnk ( "hxxp://esurf.biz/?ssid=1451556228&a=1024132&src=sh&uuid=53351884-5410-4e1a-823b-90161b4a3842" --proxy-pac-url=hxxp://stoppblock.me/wpad.dat?16675496684d7831f84e1f9ce24fd8fd3532330 )
Shortcut Infected : C:\Documents and Settings\Jirka\Nabídka Start\Programy\Internet Explorer.lnk ( "hxxp://esurf.biz/?ssid=1451556228&a=1024132&src=sh&uuid=53351884-5410-4e1a-823b-90161b4a3842" )
Shortcut Infected : C:\Documents and Settings\Jirka\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (bez doplňků).lnk ( "hxxp://esurf.biz/?ssid=1451556228&a=1024132&src=sh&uuid=53351884-5410-4e1a-823b-90161b4a3842" )
Shortcut Infected : C:\Documents and Settings\Jirka\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( "hxxp://esurf.biz/?ssid=1451556228&a=1024132&src=sh&uuid=53351884-5410-4e1a-823b-90161b4a3842" --proxy-pac-url=hxxp://stoppblock.me/wpad.dat?16675496684d7831f84e1f9ce24fd8fd3532330 )
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
Key Found : HKCU\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin
Key Found : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00011268-E188-40DF-A514-835FCD78B1BF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00011268-E188-40DF-A514-835FCD78B1BF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{00011268-E188-40DF-A514-835FCD78B1BF}]
Key Found : HKCU\Software\SimpleFiles
Key Found : HKCU\Software\TNT2
Key Found : HKLM\SOFTWARE\SimpleFiles
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0EDC9CD8-2C9F-453F-B406-6AF6AA9AFB38}
***** [ Web browsers ] *****
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5193 bytes] ##########
U toho RogueKiller by Adlice Software mi nefungujou odkazy, píše to server nenalezen
Re: Problém s nežádoucím otevíráním oknen reklam, her
Už se zadařilo
RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Started from : C:\Documents and Settings\Jirka\Plocha\RogueKiller.exe
Mód : Prohledat -- Datum : 01/01/2016 14:14:16
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 2 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\SimpleFiles -> Nalezeno
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {00011268-E188-40DF-A514-835FCD78B1BF} : -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 1 ¤¤¤
[PUP][Složka] C:\Program Files\TNT2 -> Nalezeno
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-22A23T0 +++++
--- User ---
[MBR] 4b7c61fc7f08589b32327789e7de5b15
[BSP] dfc6b97af0bf3870b90305c5799dd862 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 29996 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 61432560 | Size: 122628 MB
User = LL1 ... OK
User = LL2 ... OK
RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Started from : C:\Documents and Settings\Jirka\Plocha\RogueKiller.exe
Mód : Prohledat -- Datum : 01/01/2016 14:14:16
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 2 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\SimpleFiles -> Nalezeno
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {00011268-E188-40DF-A514-835FCD78B1BF} : -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 1 ¤¤¤
[PUP][Složka] C:\Program Files\TNT2 -> Nalezeno
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-22A23T0 +++++
--- User ---
[MBR] 4b7c61fc7f08589b32327789e7de5b15
[BSP] dfc6b97af0bf3870b90305c5799dd862 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 29996 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 61432560 | Size: 122628 MB
User = LL1 ... OK
User = LL2 ... OK
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Problém s nežádoucím otevíráním oknen reklam, her
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vlož nový log z HJT + informuj o problémech.
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts; klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vlož nový log z HJT + informuj o problémech.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Problém s nežádoucím otevíráním oknen reklam, her
Posílám příslušné logy dle požadavku. Stále vyskakují panely.
# AdwCleaner v5.027 - Logfile created 02/01/2016 at 02:27:16
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Jirka - LTM-58C8FE6C6C1
# Running from : C:\Documents and Settings\Jirka\Plocha\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\simplitec
[-] Folder Deleted : C:\Documents and Settings\Jirka\Data aplikací\SimpleFiles
[-] Folder Deleted : C:\Documents and Settings\Jirka\Local Settings\Data aplikací\TNT2
***** [ Files ] *****
[-] File Deleted : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Jirka\Nabídka Start\Programy\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Jirka\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (bez doplňků).lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Jirka\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKCU\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin
[-] Key Deleted : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{00011268-E188-40DF-A514-835FCD78B1BF}]
[-] Key Deleted : HKCU\Software\SimpleFiles
[-] Key Deleted : HKCU\Software\TNT2
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0EDC9CD8-2C9F-453F-B406-6AF6AA9AFB38}
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4763 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Microsoft Windows XP x86
Ran by Jirka (Administrator) on so 02.01.2016 at 12:17:58,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 5
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\54KZTWXA (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GI1G0RUN (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RYXYNWMQ (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WKH35I7I (Folder)
Successfully deleted: C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77 (Folder)
Registry: 1
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 02.01.2016 at 12:19:06,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Started from : C:\Documents and Settings\Jirka\Plocha\RogueKiller.exe
Mód : Smazat -- Datum : 01/02/2016 12:36:08
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhostSmazáno
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FIREFX:Addon] 89sdtb07.default-1451589567062 : Bitdefender QuickScan [{e001c731-5e37-4538-a5cb-8168736a2360}] -> Smazáno
[FIREFX:Addon] 89sdtb07.default-1451589567062 : Avast Online Security [wrc@avast.com] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-22A23T0 +++++
--- User ---
[MBR] 4b7c61fc7f08589b32327789e7de5b15
[BSP] dfc6b97af0bf3870b90305c5799dd862 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 29996 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 61432560 | Size: 122628 MB
User = LL1 ... OK
User = LL2 ... OK
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Jirka on so 02.01.2016 at 12:40:55,42.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Jirka\Plocha\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
2.1.2016 12:41:49 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1644491937-1844237615-2147058177-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D03CBA7F-D04C-4F87-A8E8-53E0ED46E227} deleted successfully
HKEY_USERS\S-1-5-21-1644491937-1844237615-2147058177-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1644491937-1844237615-2147058177-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{00011268-E188-40DF-A514-835FCD78B1BF} deleted successfully
HKEY_USERS\S-1-5-21-1644491937-1844237615-2147058177-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{00011268-E188-40DF-A514-835FCD78B1BF} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\4f596ec3-77fb-4fc3-82cb-691c42c71d77 deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Package Cache deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14.12.2015 22:58]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dkmjljdbbgogihjcapfhgkonfmccbffp - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17.11.2015 13:34]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Bar"="https://www.google.com/?trackid=sp-006"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKCU\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms}
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=19 7226507 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Jirka\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on so 02.01.2016 at 12:51:35,68 ======================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:44, on 2.1.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
FIREFOX: 43.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\Jirka\Plocha\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://stoppblock.me/wpad.dat?166754966 ... 8fd3532330
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [MsgTranAgt] "C:\Program Files\ATK Hotkey\MsgTranAgt.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5883 bytes
# AdwCleaner v5.027 - Logfile created 02/01/2016 at 02:27:16
# Updated 30/12/2015 by Xplode
# Database : 2015-12-30.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Jirka - LTM-58C8FE6C6C1
# Running from : C:\Documents and Settings\Jirka\Plocha\adwcleaner_5.027.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\simplitec
[-] Folder Deleted : C:\Documents and Settings\Jirka\Data aplikací\SimpleFiles
[-] Folder Deleted : C:\Documents and Settings\Jirka\Local Settings\Data aplikací\TNT2
***** [ Files ] *****
[-] File Deleted : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Jirka\Nabídka Start\Programy\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Jirka\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Internet Explorer (bez doplňků).lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Jirka\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKCU\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin
[-] Key Deleted : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{00011268-E188-40DF-A514-835FCD78B1BF}]
[-] Key Deleted : HKCU\Software\SimpleFiles
[-] Key Deleted : HKCU\Software\TNT2
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0EDC9CD8-2C9F-453F-B406-6AF6AA9AFB38}
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4763 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Microsoft Windows XP x86
Ran by Jirka (Administrator) on so 02.01.2016 at 12:17:58,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 5
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\54KZTWXA (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GI1G0RUN (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RYXYNWMQ (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WKH35I7I (Folder)
Successfully deleted: C:\Program Files\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77 (Folder)
Registry: 1
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 02.01.2016 at 12:19:06,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Started from : C:\Documents and Settings\Jirka\Plocha\RogueKiller.exe
Mód : Smazat -- Datum : 01/02/2016 12:36:08
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhostSmazáno
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FIREFX:Addon] 89sdtb07.default-1451589567062 : Bitdefender QuickScan [{e001c731-5e37-4538-a5cb-8168736a2360}] -> Smazáno
[FIREFX:Addon] 89sdtb07.default-1451589567062 : Avast Online Security [wrc@avast.com] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-22A23T0 +++++
--- User ---
[MBR] 4b7c61fc7f08589b32327789e7de5b15
[BSP] dfc6b97af0bf3870b90305c5799dd862 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 29996 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 61432560 | Size: 122628 MB
User = LL1 ... OK
User = LL2 ... OK
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Jirka on so 02.01.2016 at 12:40:55,42.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Jirka\Plocha\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
2.1.2016 12:41:49 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1644491937-1844237615-2147058177-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D03CBA7F-D04C-4F87-A8E8-53E0ED46E227} deleted successfully
HKEY_USERS\S-1-5-21-1644491937-1844237615-2147058177-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-1644491937-1844237615-2147058177-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{00011268-E188-40DF-A514-835FCD78B1BF} deleted successfully
HKEY_USERS\S-1-5-21-1644491937-1844237615-2147058177-1003\Software\Microsoft\Internet Explorer\Approved Extensions\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{00011268-E188-40DF-A514-835FCD78B1BF} deleted successfully
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\4f596ec3-77fb-4fc3-82cb-691c42c71d77 deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\Package Cache deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14.12.2015 22:58]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dkmjljdbbgogihjcapfhgkonfmccbffp - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17.11.2015 13:34]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Bar"="https://www.google.com/?trackid=sp-006"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKLM\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKCU\SearchScopes "DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} - https://www.google.com/search?trackid=sp-006&q={searchTerms}
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=9 folders=19 7226507 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Jirka\LOCALS~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
==== EOF on so 02.01.2016 at 12:51:35,68 ======================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:44, on 2.1.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
FIREFOX: 43.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\Jirka\Plocha\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://stoppblock.me/wpad.dat?166754966 ... 8fd3532330
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [MsgTranAgt] "C:\Program Files\ATK Hotkey\MsgTranAgt.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5883 bytes
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Problém s nežádoucím otevíráním oknen reklam, her
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Problém s nežádoucím otevíráním oknen reklam, her
Nicméně po dokončení Combofixu a poté spouštění webu mi opět vyskočil nevyžádaný panel.
ComboFix 16-01-01.01 - Jirka 02.01.2016 16:34:48.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.458 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVAST Software\Avast\setup\01f56980-ee3a-4f4f-8ba9-1e3fde8acfbc.exe
c:\program files\AVAST Software\Avast\setup\02bd3ecf-e595-4e03-ae73-2a6a5efd1a5c.exe
c:\program files\AVAST Software\Avast\setup\045a04aa-59c5-47c8-bcfa-138828c7c3c7.exe
c:\program files\AVAST Software\Avast\setup\045d168e-a3cd-4c38-a9b6-1b3311785941.exe
c:\program files\AVAST Software\Avast\setup\0cf65538-4968-473c-bb40-db32c685ef0e.exe
c:\program files\AVAST Software\Avast\setup\0eda54c5-593f-480b-b1ef-9c41a7ebc768.exe
c:\program files\AVAST Software\Avast\setup\159c0473-2b12-4cdb-9f00-9dae5b6bc11c.exe
c:\program files\AVAST Software\Avast\setup\1d04f827-f802-4a7c-ab8e-2d8593769843.exe
c:\program files\AVAST Software\Avast\setup\20e7bc92-b9f7-471e-957a-c1d4ab1c76f6.exe
c:\program files\AVAST Software\Avast\setup\21f3f29c-0031-4fdc-8d92-c8379ec3c53e.exe
c:\program files\AVAST Software\Avast\setup\27e9eed1-1d8c-4773-9a5e-c07a8fc46423.exe
c:\program files\AVAST Software\Avast\setup\2b28abea-8967-4179-83bb-d180aa28e6ba.exe
c:\program files\AVAST Software\Avast\setup\2bba6e44-8c7a-4aff-9f22-33c0affe23ea.exe
c:\program files\AVAST Software\Avast\setup\2e7763ce-9f3d-42aa-930d-ba4fc5317f3c.exe
c:\program files\AVAST Software\Avast\setup\3c465565-917a-446c-b465-1163f4dfc4ec.exe
c:\program files\AVAST Software\Avast\setup\41b3813f-bec5-4dde-b256-4026e489e0b8.exe
c:\program files\AVAST Software\Avast\setup\4e526a69-4a17-41c9-ae95-ac44f5a9c739.exe
c:\program files\AVAST Software\Avast\setup\4f7ed938-d1fd-4870-abb4-da6d17a74479.exe
c:\program files\AVAST Software\Avast\setup\5a62f224-b328-4cc8-938e-2b1611744fe1.exe
c:\program files\AVAST Software\Avast\setup\5f595638-e880-4990-90d5-c0824a39af4f.exe
c:\program files\AVAST Software\Avast\setup\5f5b6bdf-63f5-4863-8205-395808f53cd2.exe
c:\program files\AVAST Software\Avast\setup\6768c6c2-a50d-436d-9980-306601b838e6.exe
c:\program files\AVAST Software\Avast\setup\67b30560-f42d-42d1-9983-3047feae98da.exe
c:\program files\AVAST Software\Avast\setup\692dcd77-2d30-45cf-9de9-40e300d78789.exe
c:\program files\AVAST Software\Avast\setup\6b3ec8d9-6f51-4298-9518-9cf80bee56d6.exe
c:\program files\AVAST Software\Avast\setup\710f1588-1265-4f83-b563-69ff37c91332.exe
c:\program files\AVAST Software\Avast\setup\72402b3a-1afd-45ba-8c7f-9d17c45bee35.exe
c:\program files\AVAST Software\Avast\setup\728fdac8-fbd6-4222-bec2-6e3aca6c16f1.exe
c:\program files\AVAST Software\Avast\setup\7aca0402-ccea-4b66-b95a-0aa04e35eb29.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\7ad109d1-29b2-486b-b024-61f71f0a6223.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\7e6c4777-cb3a-4a69-9e97-fd622f196b30.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\8d403a2c-50c0-48d3-903f-6d2d47135526.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\8dd36451-865c-4f22-97ed-fd172653b3f2.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\941688af-4533-4e27-9628-5a85aa5f4653.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\9693db6f-a9d0-4a76-a4ae-ed480d5462a3.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\a1340291-6e49-43e2-a165-a7c5a1f9f620.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\a191912f-8a6c-42fc-a1ef-e93daccf3e9b.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\aa3cb71f-4993-40b7-9b53-e7797279a800.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\aa675a03-3c80-4240-ba87-29bbada2fbd3.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\baaaad28-6881-43fa-87ae-7e38af72d025.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\bfd0db54-ec65-4c3d-96ab-b70ade91648d.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\c136bfda-b1b4-48e5-b08b-b336f9c17786.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\c5d46d43-30e0-4aba-bf95-7ce9c3b8493d.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\c5f4e748-2539-44ee-aa0b-1e6c50afc00d.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\cca3588c-e636-4421-a487-00edbc104d0f.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\d75f16a6-994c-4e93-813f-f2277de55b52.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\dc8ad36e-2d9e-4403-aedf-2c251bb5b981.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\e46224ab-feac-45ac-9d26-cb24f8026cb5.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\e93a9bf7-88ec-4d48-ae07-7b07a74a77be.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\f317f82c-4ecd-42c8-937e-280cca5b0b07.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\f4997afc-0600-49ff-8cba-69ecf78bce56.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\f53fa2af-ea8e-4231-b48b-9d59d6ff5c66.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\fa2ab919-af09-4b4c-959d-63f1487da602.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\ffaf646c-4699-4489-803f-168890a1243d.exe . . . . nemohl být smazán
.
----- Souboroví replikátoři -----
.
c:\program files\AVAST Software\Avast\setup\01f56980-ee3a-4f4f-8ba9-1e3fde8acfbc.exe
c:\program files\AVAST Software\Avast\setup\02bd3ecf-e595-4e03-ae73-2a6a5efd1a5c.exe
c:\program files\AVAST Software\Avast\setup\045a04aa-59c5-47c8-bcfa-138828c7c3c7.exe
c:\program files\AVAST Software\Avast\setup\045d168e-a3cd-4c38-a9b6-1b3311785941.exe
c:\program files\AVAST Software\Avast\setup\0cf65538-4968-473c-bb40-db32c685ef0e.exe
c:\program files\AVAST Software\Avast\setup\0eda54c5-593f-480b-b1ef-9c41a7ebc768.exe
c:\program files\AVAST Software\Avast\setup\159c0473-2b12-4cdb-9f00-9dae5b6bc11c.exe
c:\program files\AVAST Software\Avast\setup\1d04f827-f802-4a7c-ab8e-2d8593769843.exe
c:\program files\AVAST Software\Avast\setup\20e7bc92-b9f7-471e-957a-c1d4ab1c76f6.exe
c:\program files\AVAST Software\Avast\setup\21f3f29c-0031-4fdc-8d92-c8379ec3c53e.exe
c:\program files\AVAST Software\Avast\setup\27e9eed1-1d8c-4773-9a5e-c07a8fc46423.exe
c:\program files\AVAST Software\Avast\setup\2b28abea-8967-4179-83bb-d180aa28e6ba.exe
c:\program files\AVAST Software\Avast\setup\2bba6e44-8c7a-4aff-9f22-33c0affe23ea.exe
c:\program files\AVAST Software\Avast\setup\2e7763ce-9f3d-42aa-930d-ba4fc5317f3c.exe
c:\program files\AVAST Software\Avast\setup\3c465565-917a-446c-b465-1163f4dfc4ec.exe
c:\program files\AVAST Software\Avast\setup\41b3813f-bec5-4dde-b256-4026e489e0b8.exe
c:\program files\AVAST Software\Avast\setup\4e526a69-4a17-41c9-ae95-ac44f5a9c739.exe
c:\program files\AVAST Software\Avast\setup\4f7ed938-d1fd-4870-abb4-da6d17a74479.exe
c:\program files\AVAST Software\Avast\setup\5a62f224-b328-4cc8-938e-2b1611744fe1.exe
c:\program files\AVAST Software\Avast\setup\5f595638-e880-4990-90d5-c0824a39af4f.exe
c:\program files\AVAST Software\Avast\setup\5f5b6bdf-63f5-4863-8205-395808f53cd2.exe
c:\program files\AVAST Software\Avast\setup\6768c6c2-a50d-436d-9980-306601b838e6.exe
c:\program files\AVAST Software\Avast\setup\67b30560-f42d-42d1-9983-3047feae98da.exe
c:\program files\AVAST Software\Avast\setup\692dcd77-2d30-45cf-9de9-40e300d78789.exe
c:\program files\AVAST Software\Avast\setup\6b3ec8d9-6f51-4298-9518-9cf80bee56d6.exe
c:\program files\AVAST Software\Avast\setup\710f1588-1265-4f83-b563-69ff37c91332.exe
c:\program files\AVAST Software\Avast\setup\72402b3a-1afd-45ba-8c7f-9d17c45bee35.exe
c:\program files\AVAST Software\Avast\setup\728fdac8-fbd6-4222-bec2-6e3aca6c16f1.exe
c:\program files\AVAST Software\Avast\setup\7aca0402-ccea-4b66-b95a-0aa04e35eb29.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\7ad109d1-29b2-486b-b024-61f71f0a6223.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\7e6c4777-cb3a-4a69-9e97-fd622f196b30.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\8d403a2c-50c0-48d3-903f-6d2d47135526.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\8dd36451-865c-4f22-97ed-fd172653b3f2.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\941688af-4533-4e27-9628-5a85aa5f4653.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\9693db6f-a9d0-4a76-a4ae-ed480d5462a3.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\a1340291-6e49-43e2-a165-a7c5a1f9f620.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\a191912f-8a6c-42fc-a1ef-e93daccf3e9b.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\aa3cb71f-4993-40b7-9b53-e7797279a800.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\aa675a03-3c80-4240-ba87-29bbada2fbd3.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\baaaad28-6881-43fa-87ae-7e38af72d025.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\bfd0db54-ec65-4c3d-96ab-b70ade91648d.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\c136bfda-b1b4-48e5-b08b-b336f9c17786.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\c5d46d43-30e0-4aba-bf95-7ce9c3b8493d.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\c5f4e748-2539-44ee-aa0b-1e6c50afc00d.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\cca3588c-e636-4421-a487-00edbc104d0f.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\d75f16a6-994c-4e93-813f-f2277de55b52.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\dc8ad36e-2d9e-4403-aedf-2c251bb5b981.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\e46224ab-feac-45ac-9d26-cb24f8026cb5.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\e93a9bf7-88ec-4d48-ae07-7b07a74a77be.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\f317f82c-4ecd-42c8-937e-280cca5b0b07.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\f4997afc-0600-49ff-8cba-69ecf78bce56.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\f53fa2af-ea8e-4231-b48b-9d59d6ff5c66.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\fa2ab919-af09-4b4c-959d-63f1487da602.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\ffaf646c-4699-4489-803f-168890a1243d.exe .. failed to delete
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-02 do 2016-01-02 )))))))))))))))))))))))))))))))
.
.
2016-01-02 11:50 . 2016-01-02 11:40 24064 ----a-w- c:\windows\zoek-delete.exe
2016-01-02 11:40 . 2016-01-02 11:48 -------- d-----w- C:\zoek_backup
2016-01-01 13:05 . 2016-01-02 11:21 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-01-01 13:05 . 2016-01-01 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2016-01-01 12:52 . 2016-01-02 01:27 -------- d-----w- C:\AdwCleaner
2015-12-31 19:27 . 2015-12-31 19:38 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\QuickScan
2015-12-31 18:23 . 2015-12-31 18:23 -------- d-----w- c:\program files\VS Revo Group
2015-12-31 12:18 . 2015-12-31 12:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2015-12-31 12:18 . 2015-10-05 08:50 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-31 12:18 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-31 11:08 . 2015-12-31 11:08 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-12-31 11:08 . 2015-12-31 11:08 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\DiskDefrag
2015-12-31 11:08 . 2015-12-31 11:08 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\GlarySoft
2015-12-31 11:08 . 2015-12-31 18:20 -------- d-----w- c:\program files\Glary Utilities 5
2015-12-31 09:59 . 2015-12-31 18:33 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\uTorrent
2015-12-21 08:43 . 2015-12-21 08:43 -------- d-sh--w- c:\documents and settings\Jirka\PrivacIE
2015-12-21 08:38 . 2015-12-23 15:32 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Google
2015-12-21 08:37 . 2015-12-21 08:44 -------- d-----w- c:\program files\Google
2015-12-20 22:10 . 2015-12-31 18:28 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Opera Software
2015-12-20 22:10 . 2015-12-31 18:28 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Opera Software
2015-12-20 22:10 . 2015-12-31 18:29 -------- d-----w- c:\program files\Opera
2015-12-14 21:54 . 2015-12-14 21:54 322760 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-14 21:54 . 2015-12-14 21:54 43112 ----a-w- c:\windows\avastSS.scr
2015-12-14 10:32 . 2015-12-14 10:32 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\LibreOffice
2015-12-14 10:28 . 2015-12-14 10:30 -------- d-----w- c:\program files\LibreOffice 5
2015-12-14 10:11 . 2015-12-14 10:22 -------- d-----w- c:\windows\system32\MRT
2015-12-07 22:54 . 2015-12-07 22:54 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Temp
2015-12-06 15:16 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2015-12-06 15:16 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-29 21:19 . 2015-11-17 12:53 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-29 21:19 . 2015-11-17 12:53 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-18 21:55 . 2015-11-17 12:35 436360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-12-18 21:55 . 2015-11-17 12:35 81168 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-12-14 21:54 . 2015-11-17 12:35 58016 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-12-14 21:54 . 2015-11-17 12:35 165104 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-12-14 21:54 . 2015-11-17 12:35 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-14 21:54 . 2015-11-17 12:35 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-12-14 21:54 . 2015-11-17 12:35 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-14 21:54 . 2015-11-17 12:35 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-14 21:54 . 2015-11-17 12:35 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-11-17 12:01 . 2015-11-17 12:01 315392 ----a-w- c:\windows\HideWin.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-14 21:54 750216 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2015-12-21 36776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-28 16861696]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-29 13529088]
"nwiz"="nwiz.exe" [2008-03-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-29 86016]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-14 7021880]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2008-02-01 233472]
"MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [17.11.2015 13:35 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [17.11.2015 13:35 209432]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.11.2015 13:35 794952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [17.11.2015 13:35 436360]
R1 GUBootStartup;GUBootStartup;c:\windows\system32\drivers\GUBootStartup.sys [31.12.2015 12:08 17472]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [17.11.2015 13:35 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [17.11.2015 13:35 81168]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [17.11.2015 12:16 36864]
S3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [17.11.2015 13:35 165104]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-21 08:44 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-17 21:19]
.
2016-01-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-14 21:54]
.
2016-01-02 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files\Glary Utilities 5\Initialize.exe [2015-12-21 08:07]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-21 08:44]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-21 08:44]
.
2015-12-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2015-11-17 23:28]
.
2016-01-02 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2015-11-17 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.com/?trackid=sp-006
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\89sdtb07.default-1451589567062\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{4fcf070a-daac-45e9-a8b0-6850941f7ed8} - c:\documents and settings\All Users\Data aplikací\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe
AddRemove-{5F26AD9B-E989-4228-8D0C-9C677B635B01} - c:\documents and settings\Jirka\Local Settings\Data aplikací\TNT2\2.0.0.2010\TNT2User.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-01-02 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2016-01-02 16:46:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-02 15:46
.
Před spuštěním: Volných bajtů: 20 924 669 952
Po spuštění: Volných bajtů: 20 883 517 440
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5580322D4F43E8A6869BDA9C12C6FCFE
413FC2A0C716421B3158746D63736515
ComboFix 16-01-01.01 - Jirka 02.01.2016 16:34:48.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.458 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AVAST Software\Avast\setup\01f56980-ee3a-4f4f-8ba9-1e3fde8acfbc.exe
c:\program files\AVAST Software\Avast\setup\02bd3ecf-e595-4e03-ae73-2a6a5efd1a5c.exe
c:\program files\AVAST Software\Avast\setup\045a04aa-59c5-47c8-bcfa-138828c7c3c7.exe
c:\program files\AVAST Software\Avast\setup\045d168e-a3cd-4c38-a9b6-1b3311785941.exe
c:\program files\AVAST Software\Avast\setup\0cf65538-4968-473c-bb40-db32c685ef0e.exe
c:\program files\AVAST Software\Avast\setup\0eda54c5-593f-480b-b1ef-9c41a7ebc768.exe
c:\program files\AVAST Software\Avast\setup\159c0473-2b12-4cdb-9f00-9dae5b6bc11c.exe
c:\program files\AVAST Software\Avast\setup\1d04f827-f802-4a7c-ab8e-2d8593769843.exe
c:\program files\AVAST Software\Avast\setup\20e7bc92-b9f7-471e-957a-c1d4ab1c76f6.exe
c:\program files\AVAST Software\Avast\setup\21f3f29c-0031-4fdc-8d92-c8379ec3c53e.exe
c:\program files\AVAST Software\Avast\setup\27e9eed1-1d8c-4773-9a5e-c07a8fc46423.exe
c:\program files\AVAST Software\Avast\setup\2b28abea-8967-4179-83bb-d180aa28e6ba.exe
c:\program files\AVAST Software\Avast\setup\2bba6e44-8c7a-4aff-9f22-33c0affe23ea.exe
c:\program files\AVAST Software\Avast\setup\2e7763ce-9f3d-42aa-930d-ba4fc5317f3c.exe
c:\program files\AVAST Software\Avast\setup\3c465565-917a-446c-b465-1163f4dfc4ec.exe
c:\program files\AVAST Software\Avast\setup\41b3813f-bec5-4dde-b256-4026e489e0b8.exe
c:\program files\AVAST Software\Avast\setup\4e526a69-4a17-41c9-ae95-ac44f5a9c739.exe
c:\program files\AVAST Software\Avast\setup\4f7ed938-d1fd-4870-abb4-da6d17a74479.exe
c:\program files\AVAST Software\Avast\setup\5a62f224-b328-4cc8-938e-2b1611744fe1.exe
c:\program files\AVAST Software\Avast\setup\5f595638-e880-4990-90d5-c0824a39af4f.exe
c:\program files\AVAST Software\Avast\setup\5f5b6bdf-63f5-4863-8205-395808f53cd2.exe
c:\program files\AVAST Software\Avast\setup\6768c6c2-a50d-436d-9980-306601b838e6.exe
c:\program files\AVAST Software\Avast\setup\67b30560-f42d-42d1-9983-3047feae98da.exe
c:\program files\AVAST Software\Avast\setup\692dcd77-2d30-45cf-9de9-40e300d78789.exe
c:\program files\AVAST Software\Avast\setup\6b3ec8d9-6f51-4298-9518-9cf80bee56d6.exe
c:\program files\AVAST Software\Avast\setup\710f1588-1265-4f83-b563-69ff37c91332.exe
c:\program files\AVAST Software\Avast\setup\72402b3a-1afd-45ba-8c7f-9d17c45bee35.exe
c:\program files\AVAST Software\Avast\setup\728fdac8-fbd6-4222-bec2-6e3aca6c16f1.exe
c:\program files\AVAST Software\Avast\setup\7aca0402-ccea-4b66-b95a-0aa04e35eb29.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\7ad109d1-29b2-486b-b024-61f71f0a6223.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\7e6c4777-cb3a-4a69-9e97-fd622f196b30.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\8d403a2c-50c0-48d3-903f-6d2d47135526.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\8dd36451-865c-4f22-97ed-fd172653b3f2.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\941688af-4533-4e27-9628-5a85aa5f4653.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\9693db6f-a9d0-4a76-a4ae-ed480d5462a3.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\a1340291-6e49-43e2-a165-a7c5a1f9f620.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\a191912f-8a6c-42fc-a1ef-e93daccf3e9b.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\aa3cb71f-4993-40b7-9b53-e7797279a800.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\aa675a03-3c80-4240-ba87-29bbada2fbd3.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\baaaad28-6881-43fa-87ae-7e38af72d025.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\bfd0db54-ec65-4c3d-96ab-b70ade91648d.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\c136bfda-b1b4-48e5-b08b-b336f9c17786.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\c5d46d43-30e0-4aba-bf95-7ce9c3b8493d.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\c5f4e748-2539-44ee-aa0b-1e6c50afc00d.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\cca3588c-e636-4421-a487-00edbc104d0f.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\d75f16a6-994c-4e93-813f-f2277de55b52.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\dc8ad36e-2d9e-4403-aedf-2c251bb5b981.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\e46224ab-feac-45ac-9d26-cb24f8026cb5.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\e93a9bf7-88ec-4d48-ae07-7b07a74a77be.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\f317f82c-4ecd-42c8-937e-280cca5b0b07.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\f4997afc-0600-49ff-8cba-69ecf78bce56.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\f53fa2af-ea8e-4231-b48b-9d59d6ff5c66.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\fa2ab919-af09-4b4c-959d-63f1487da602.exe . . . . nemohl být smazán
c:\program files\AVAST Software\Avast\setup\ffaf646c-4699-4489-803f-168890a1243d.exe . . . . nemohl být smazán
.
----- Souboroví replikátoři -----
.
c:\program files\AVAST Software\Avast\setup\01f56980-ee3a-4f4f-8ba9-1e3fde8acfbc.exe
c:\program files\AVAST Software\Avast\setup\02bd3ecf-e595-4e03-ae73-2a6a5efd1a5c.exe
c:\program files\AVAST Software\Avast\setup\045a04aa-59c5-47c8-bcfa-138828c7c3c7.exe
c:\program files\AVAST Software\Avast\setup\045d168e-a3cd-4c38-a9b6-1b3311785941.exe
c:\program files\AVAST Software\Avast\setup\0cf65538-4968-473c-bb40-db32c685ef0e.exe
c:\program files\AVAST Software\Avast\setup\0eda54c5-593f-480b-b1ef-9c41a7ebc768.exe
c:\program files\AVAST Software\Avast\setup\159c0473-2b12-4cdb-9f00-9dae5b6bc11c.exe
c:\program files\AVAST Software\Avast\setup\1d04f827-f802-4a7c-ab8e-2d8593769843.exe
c:\program files\AVAST Software\Avast\setup\20e7bc92-b9f7-471e-957a-c1d4ab1c76f6.exe
c:\program files\AVAST Software\Avast\setup\21f3f29c-0031-4fdc-8d92-c8379ec3c53e.exe
c:\program files\AVAST Software\Avast\setup\27e9eed1-1d8c-4773-9a5e-c07a8fc46423.exe
c:\program files\AVAST Software\Avast\setup\2b28abea-8967-4179-83bb-d180aa28e6ba.exe
c:\program files\AVAST Software\Avast\setup\2bba6e44-8c7a-4aff-9f22-33c0affe23ea.exe
c:\program files\AVAST Software\Avast\setup\2e7763ce-9f3d-42aa-930d-ba4fc5317f3c.exe
c:\program files\AVAST Software\Avast\setup\3c465565-917a-446c-b465-1163f4dfc4ec.exe
c:\program files\AVAST Software\Avast\setup\41b3813f-bec5-4dde-b256-4026e489e0b8.exe
c:\program files\AVAST Software\Avast\setup\4e526a69-4a17-41c9-ae95-ac44f5a9c739.exe
c:\program files\AVAST Software\Avast\setup\4f7ed938-d1fd-4870-abb4-da6d17a74479.exe
c:\program files\AVAST Software\Avast\setup\5a62f224-b328-4cc8-938e-2b1611744fe1.exe
c:\program files\AVAST Software\Avast\setup\5f595638-e880-4990-90d5-c0824a39af4f.exe
c:\program files\AVAST Software\Avast\setup\5f5b6bdf-63f5-4863-8205-395808f53cd2.exe
c:\program files\AVAST Software\Avast\setup\6768c6c2-a50d-436d-9980-306601b838e6.exe
c:\program files\AVAST Software\Avast\setup\67b30560-f42d-42d1-9983-3047feae98da.exe
c:\program files\AVAST Software\Avast\setup\692dcd77-2d30-45cf-9de9-40e300d78789.exe
c:\program files\AVAST Software\Avast\setup\6b3ec8d9-6f51-4298-9518-9cf80bee56d6.exe
c:\program files\AVAST Software\Avast\setup\710f1588-1265-4f83-b563-69ff37c91332.exe
c:\program files\AVAST Software\Avast\setup\72402b3a-1afd-45ba-8c7f-9d17c45bee35.exe
c:\program files\AVAST Software\Avast\setup\728fdac8-fbd6-4222-bec2-6e3aca6c16f1.exe
c:\program files\AVAST Software\Avast\setup\7aca0402-ccea-4b66-b95a-0aa04e35eb29.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\7ad109d1-29b2-486b-b024-61f71f0a6223.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\7e6c4777-cb3a-4a69-9e97-fd622f196b30.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\8d403a2c-50c0-48d3-903f-6d2d47135526.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\8dd36451-865c-4f22-97ed-fd172653b3f2.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\941688af-4533-4e27-9628-5a85aa5f4653.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\9693db6f-a9d0-4a76-a4ae-ed480d5462a3.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\a1340291-6e49-43e2-a165-a7c5a1f9f620.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\a191912f-8a6c-42fc-a1ef-e93daccf3e9b.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\aa3cb71f-4993-40b7-9b53-e7797279a800.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\aa675a03-3c80-4240-ba87-29bbada2fbd3.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\baaaad28-6881-43fa-87ae-7e38af72d025.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\bfd0db54-ec65-4c3d-96ab-b70ade91648d.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\c136bfda-b1b4-48e5-b08b-b336f9c17786.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\c5d46d43-30e0-4aba-bf95-7ce9c3b8493d.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\c5f4e748-2539-44ee-aa0b-1e6c50afc00d.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\cca3588c-e636-4421-a487-00edbc104d0f.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\d75f16a6-994c-4e93-813f-f2277de55b52.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\dc8ad36e-2d9e-4403-aedf-2c251bb5b981.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\e46224ab-feac-45ac-9d26-cb24f8026cb5.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\e93a9bf7-88ec-4d48-ae07-7b07a74a77be.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\f317f82c-4ecd-42c8-937e-280cca5b0b07.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\f4997afc-0600-49ff-8cba-69ecf78bce56.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\f53fa2af-ea8e-4231-b48b-9d59d6ff5c66.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\fa2ab919-af09-4b4c-959d-63f1487da602.exe .. failed to delete
c:\program files\AVAST Software\Avast\setup\ffaf646c-4699-4489-803f-168890a1243d.exe .. failed to delete
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-02 do 2016-01-02 )))))))))))))))))))))))))))))))
.
.
2016-01-02 11:50 . 2016-01-02 11:40 24064 ----a-w- c:\windows\zoek-delete.exe
2016-01-02 11:40 . 2016-01-02 11:48 -------- d-----w- C:\zoek_backup
2016-01-01 13:05 . 2016-01-02 11:21 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-01-01 13:05 . 2016-01-01 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2016-01-01 12:52 . 2016-01-02 01:27 -------- d-----w- C:\AdwCleaner
2015-12-31 19:27 . 2015-12-31 19:38 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\QuickScan
2015-12-31 18:23 . 2015-12-31 18:23 -------- d-----w- c:\program files\VS Revo Group
2015-12-31 12:18 . 2015-12-31 12:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2015-12-31 12:18 . 2015-10-05 08:50 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-31 12:18 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-31 11:08 . 2015-12-31 11:08 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-12-31 11:08 . 2015-12-31 11:08 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\DiskDefrag
2015-12-31 11:08 . 2015-12-31 11:08 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\GlarySoft
2015-12-31 11:08 . 2015-12-31 18:20 -------- d-----w- c:\program files\Glary Utilities 5
2015-12-31 09:59 . 2015-12-31 18:33 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\uTorrent
2015-12-21 08:43 . 2015-12-21 08:43 -------- d-sh--w- c:\documents and settings\Jirka\PrivacIE
2015-12-21 08:38 . 2015-12-23 15:32 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Google
2015-12-21 08:37 . 2015-12-21 08:44 -------- d-----w- c:\program files\Google
2015-12-20 22:10 . 2015-12-31 18:28 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Opera Software
2015-12-20 22:10 . 2015-12-31 18:28 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Opera Software
2015-12-20 22:10 . 2015-12-31 18:29 -------- d-----w- c:\program files\Opera
2015-12-14 21:54 . 2015-12-14 21:54 322760 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-14 21:54 . 2015-12-14 21:54 43112 ----a-w- c:\windows\avastSS.scr
2015-12-14 10:32 . 2015-12-14 10:32 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\LibreOffice
2015-12-14 10:28 . 2015-12-14 10:30 -------- d-----w- c:\program files\LibreOffice 5
2015-12-14 10:11 . 2015-12-14 10:22 -------- d-----w- c:\windows\system32\MRT
2015-12-07 22:54 . 2015-12-07 22:54 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Temp
2015-12-06 15:16 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2015-12-06 15:16 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-29 21:19 . 2015-11-17 12:53 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-29 21:19 . 2015-11-17 12:53 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-18 21:55 . 2015-11-17 12:35 436360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-12-18 21:55 . 2015-11-17 12:35 81168 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-12-14 21:54 . 2015-11-17 12:35 58016 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-12-14 21:54 . 2015-11-17 12:35 165104 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-12-14 21:54 . 2015-11-17 12:35 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-14 21:54 . 2015-11-17 12:35 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-12-14 21:54 . 2015-11-17 12:35 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-14 21:54 . 2015-11-17 12:35 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-14 21:54 . 2015-11-17 12:35 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-11-17 12:01 . 2015-11-17 12:01 315392 ----a-w- c:\windows\HideWin.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-14 21:54 750216 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2015-12-21 36776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-28 16861696]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-29 13529088]
"nwiz"="nwiz.exe" [2008-03-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-29 86016]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-14 7021880]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2008-02-01 233472]
"MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [17.11.2015 13:35 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [17.11.2015 13:35 209432]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.11.2015 13:35 794952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [17.11.2015 13:35 436360]
R1 GUBootStartup;GUBootStartup;c:\windows\system32\drivers\GUBootStartup.sys [31.12.2015 12:08 17472]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [17.11.2015 13:35 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [17.11.2015 13:35 81168]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [17.11.2015 12:16 36864]
S3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [17.11.2015 13:35 165104]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-21 08:44 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-17 21:19]
.
2016-01-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-14 21:54]
.
2016-01-02 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files\Glary Utilities 5\Initialize.exe [2015-12-21 08:07]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-21 08:44]
.
2016-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-12-21 08:44]
.
2015-12-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2015-11-17 23:28]
.
2016-01-02 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2015-11-17 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.com/?trackid=sp-006
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\89sdtb07.default-1451589567062\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{4fcf070a-daac-45e9-a8b0-6850941f7ed8} - c:\documents and settings\All Users\Data aplikací\Package Cache\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}\vcredist_x86.exe
AddRemove-{5F26AD9B-E989-4228-8D0C-9C677B635B01} - c:\documents and settings\Jirka\Local Settings\Data aplikací\TNT2\2.0.0.2010\TNT2User.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-01-02 16:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
.
**************************************************************************
.
Celkový čas: 2016-01-02 16:46:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-02 15:46
.
Před spuštěním: Volných bajtů: 20 924 669 952
Po spuštění: Volných bajtů: 20 883 517 440
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5580322D4F43E8A6869BDA9C12C6FCFE
413FC2A0C716421B3158746D63736515
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Problém s nežádoucím otevíráním oknen reklam, her
Odinstaluj Glary Utilities 5
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
Folder::
c:\program files\Glary Utilities 5
c:\documents and settings\Jirka\Data aplikací\GlarySoft
c:\documents and settings\Jirka\Data aplikací\DiskDefrag
c:\program files\Google\Update
File::
c:\windows\system32\drivers\GUBootStartup.sys
c:\windows\HideWin.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GlaryInitialize 5.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\program files\AVAST Software\Avast\setup\7aca0402-ccea-4b66-b95a-0aa04e35eb29.exe
c:\program files\AVAST Software\Avast\setup\7ad109d1-29b2-486b-b024-61f71f0a6223.exe
c:\program files\AVAST Software\Avast\setup\7e6c4777-cb3a-4a69-9e97-fd622f196b30.exe
c:\program files\AVAST Software\Avast\setup\8d403a2c-50c0-48d3-903f-6d2d47135526.exe
c:\program files\AVAST Software\Avast\setup\8dd36451-865c-4f22-97ed-fd172653b3f2.exe
c:\program files\AVAST Software\Avast\setup\941688af-4533-4e27-9628-5a85aa5f4653.exe
c:\program files\AVAST Software\Avast\setup\9693db6f-a9d0-4a76-a4ae-ed480d5462a3.exe
c:\program files\AVAST Software\Avast\setup\a1340291-6e49-43e2-a165-a7c5a1f9f620.exe
c:\program files\AVAST Software\Avast\setup\a191912f-8a6c-42fc-a1ef-e93daccf3e9b.exe
c:\program files\AVAST Software\Avast\setup\aa3cb71f-4993-40b7-9b53-e7797279a800.exe
c:\program files\AVAST Software\Avast\setup\aa675a03-3c80-4240-ba87-29bbada2fbd3.exe
c:\program files\AVAST Software\Avast\setup\baaaad28-6881-43fa-87ae-7e38af72d025.exe
c:\program files\AVAST Software\Avast\setup\bfd0db54-ec65-4c3d-96ab-b70ade91648d.exe
c:\program files\AVAST Software\Avast\setup\c136bfda-b1b4-48e5-b08b-b336f9c17786.exe
c:\program files\AVAST Software\Avast\setup\c5d46d43-30e0-4aba-bf95-7ce9c3b8493d.exe
c:\program files\AVAST Software\Avast\setup\c5f4e748-2539-44ee-aa0b-1e6c50afc00d.exe
c:\program files\AVAST Software\Avast\setup\cca3588c-e636-4421-a487-00edbc104d0f.exe
c:\program files\AVAST Software\Avast\setup\d75f16a6-994c-4e93-813f-f2277de55b52.exe
c:\program files\AVAST Software\Avast\setup\dc8ad36e-2d9e-4403-aedf-2c251bb5b981.exe
c:\program files\AVAST Software\Avast\setup\e46224ab-feac-45ac-9d26-cb24f8026cb5.exe
c:\program files\AVAST Software\Avast\setup\e93a9bf7-88ec-4d48-ae07-7b07a74a77be.exe
c:\program files\AVAST Software\Avast\setup\f317f82c-4ecd-42c8-937e-280cca5b0b07.exe
c:\program files\AVAST Software\Avast\setup\f4997afc-0600-49ff-8cba-69ecf78bce56.exe
c:\program files\AVAST Software\Avast\setup\f53fa2af-ea8e-4231-b48b-9d59d6ff5c66.exe
c:\program files\AVAST Software\Avast\setup\fa2ab919-af09-4b4c-959d-63f1487da602.exe
c:\program files\AVAST Software\Avast\setup\ffaf646c-4699-4489-803f-168890a1243d.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"=-
Driver::
GUBootStartup
DDS::
uStart Page = https://www.google.com/?trackid=sp-006Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Problém s nežádoucím otevíráním oknen reklam, her
ComboFix 16-01-01.01 - Jirka 03.01.2016 0:34.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.458 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\HideWin.exe"
"c:\windows\system32\drivers\GUBootStartup.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdate.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateWebPlugin.exe
c:\program files\Google\Update\1.3.29.1\goopdate.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_am.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ar.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_bg.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_bn.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ca.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_cs.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_da.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_de.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_el.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_en.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_es.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_et.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fa.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fi.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fil.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_gu.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_hi.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_hr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_hu.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_id.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_is.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_it.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_iw.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ja.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_kn.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ko.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_lt.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_lv.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ml.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_mr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ms.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_nl.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_no.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_pl.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ro.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ru.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sk.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sl.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sv.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sw.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ta.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_te.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_th.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_tr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_uk.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ur.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_vi.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.29.1\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.29.1\psmachine.dll
c:\program files\Google\Update\1.3.29.1\psmachine_64.dll
c:\program files\Google\Update\1.3.29.1\psuser.dll
c:\program files\Google\Update\1.3.29.1\psuser_64.dll
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\47.0.2526.106\47.0.2526.106_chrome_installer.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-02 do 2016-01-02 )))))))))))))))))))))))))))))))
.
.
2016-01-02 11:50 . 2016-01-02 11:40 24064 ----a-w- c:\windows\zoek-delete.exe
2016-01-02 11:40 . 2016-01-02 11:48 -------- d-----w- C:\zoek_backup
2016-01-01 13:05 . 2016-01-02 11:21 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-01-01 13:05 . 2016-01-01 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2016-01-01 12:52 . 2016-01-02 01:27 -------- d-----w- C:\AdwCleaner
2015-12-31 19:27 . 2015-12-31 19:38 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\QuickScan
2015-12-31 18:23 . 2015-12-31 18:23 -------- d-----w- c:\program files\VS Revo Group
2015-12-31 12:18 . 2015-12-31 12:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2015-12-31 12:18 . 2015-10-05 08:50 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-31 12:18 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-31 11:08 . 2015-12-31 11:08 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\DiskDefrag
2015-12-31 11:08 . 2016-01-02 23:20 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\GlarySoft
2015-12-31 09:59 . 2015-12-31 18:33 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\uTorrent
2015-12-21 08:43 . 2015-12-21 08:43 -------- d-sh--w- c:\documents and settings\Jirka\PrivacIE
2015-12-21 08:38 . 2015-12-23 15:32 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Google
2015-12-21 08:37 . 2015-12-21 08:44 -------- d-----w- c:\program files\Google
2015-12-20 22:10 . 2015-12-31 18:28 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Opera Software
2015-12-20 22:10 . 2015-12-31 18:28 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Opera Software
2015-12-20 22:10 . 2015-12-31 18:29 -------- d-----w- c:\program files\Opera
2015-12-14 21:54 . 2015-12-14 21:54 322760 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-14 21:54 . 2015-12-14 21:54 43112 ----a-w- c:\windows\avastSS.scr
2015-12-14 10:32 . 2015-12-14 10:32 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\LibreOffice
2015-12-14 10:28 . 2015-12-14 10:30 -------- d-----w- c:\program files\LibreOffice 5
2015-12-14 10:11 . 2015-12-14 10:22 -------- d-----w- c:\windows\system32\MRT
2015-12-07 22:54 . 2015-12-07 22:54 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Temp
2015-12-06 15:16 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2015-12-06 15:16 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-29 21:19 . 2015-11-17 12:53 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-29 21:19 . 2015-11-17 12:53 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-18 21:55 . 2015-11-17 12:35 436360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-12-18 21:55 . 2015-11-17 12:35 81168 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-12-14 21:54 . 2015-11-17 12:35 58016 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-12-14 21:54 . 2015-11-17 12:35 165104 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-12-14 21:54 . 2015-11-17 12:35 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-14 21:54 . 2015-11-17 12:35 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-12-14 21:54 . 2015-11-17 12:35 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-14 21:54 . 2015-11-17 12:35 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-14 21:54 . 2015-11-17 12:35 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-11-17 12:01 . 2015-11-17 12:01 315392 ----a-w- c:\windows\HideWin.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-14 21:54 750216 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-28 16861696]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-29 13529088]
"nwiz"="nwiz.exe" [2008-03-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-29 86016]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-14 7021880]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2008-02-01 233472]
"MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [17.11.2015 13:35 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [17.11.2015 13:35 209432]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.11.2015 13:35 794952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [17.11.2015 13:35 436360]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [17.11.2015 13:35 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [17.11.2015 13:35 81168]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [17.11.2015 12:16 36864]
S3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [17.11.2015 13:35 165104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-21 08:44 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-17 21:19]
.
2016-01-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-14 21:54]
.
2015-12-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2015-11-17 23:28]
.
2016-01-02 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2015-11-17 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.com/?trackid=sp-006
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\89sdtb07.default-1451589567062\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-01-03 00:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2016-01-03 00:46:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-02 23:46
ComboFix2.txt 2016-01-02 15:46
.
Před spuštěním: Volných bajtů: 21 112 578 048
Po spuštění: Volných bajtů: 21 128 327 168
.
- - End Of File - - E3C4C78A6EA8418C7FFA0BE743855A81
413FC2A0C716421B3158746D63736515
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.458 [GMT 1:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\HideWin.exe"
"c:\windows\system32\drivers\GUBootStartup.sys"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdate.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.29.1\GoogleUpdateWebPlugin.exe
c:\program files\Google\Update\1.3.29.1\goopdate.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_am.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ar.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_bg.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_bn.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ca.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_cs.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_da.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_de.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_el.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_en.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_es.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_et.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fa.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fi.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fil.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_fr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_gu.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_hi.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_hr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_hu.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_id.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_is.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_it.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_iw.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ja.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_kn.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ko.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_lt.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_lv.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ml.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_mr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ms.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_nl.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_no.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_pl.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ro.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ru.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sk.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sl.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sv.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_sw.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ta.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_te.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_th.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_tr.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_uk.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_ur.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_vi.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.29.1\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.29.1\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.29.1\psmachine.dll
c:\program files\Google\Update\1.3.29.1\psmachine_64.dll
c:\program files\Google\Update\1.3.29.1\psuser.dll
c:\program files\Google\Update\1.3.29.1\psuser_64.dll
c:\program files\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\47.0.2526.106\47.0.2526.106_chrome_installer.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate
-------\Legacy_gupdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-12-02 do 2016-01-02 )))))))))))))))))))))))))))))))
.
.
2016-01-02 11:50 . 2016-01-02 11:40 24064 ----a-w- c:\windows\zoek-delete.exe
2016-01-02 11:40 . 2016-01-02 11:48 -------- d-----w- C:\zoek_backup
2016-01-01 13:05 . 2016-01-02 11:21 30848 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-01-01 13:05 . 2016-01-01 13:45 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2016-01-01 12:52 . 2016-01-02 01:27 -------- d-----w- C:\AdwCleaner
2015-12-31 19:27 . 2015-12-31 19:38 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\QuickScan
2015-12-31 18:23 . 2015-12-31 18:23 -------- d-----w- c:\program files\VS Revo Group
2015-12-31 12:18 . 2015-12-31 12:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2015-12-31 12:18 . 2015-10-05 08:50 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-31 12:18 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-31 11:08 . 2015-12-31 11:08 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\DiskDefrag
2015-12-31 11:08 . 2016-01-02 23:20 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\GlarySoft
2015-12-31 09:59 . 2015-12-31 18:33 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\uTorrent
2015-12-21 08:43 . 2015-12-21 08:43 -------- d-sh--w- c:\documents and settings\Jirka\PrivacIE
2015-12-21 08:38 . 2015-12-23 15:32 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Google
2015-12-21 08:37 . 2015-12-21 08:44 -------- d-----w- c:\program files\Google
2015-12-20 22:10 . 2015-12-31 18:28 -------- d-----w- c:\documents and settings\Jirka\Local Settings\Data aplikací\Opera Software
2015-12-20 22:10 . 2015-12-31 18:28 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Opera Software
2015-12-20 22:10 . 2015-12-31 18:29 -------- d-----w- c:\program files\Opera
2015-12-14 21:54 . 2015-12-14 21:54 322760 ----a-w- c:\windows\system32\aswBoot.exe
2015-12-14 21:54 . 2015-12-14 21:54 43112 ----a-w- c:\windows\avastSS.scr
2015-12-14 10:32 . 2015-12-14 10:32 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\LibreOffice
2015-12-14 10:28 . 2015-12-14 10:30 -------- d-----w- c:\program files\LibreOffice 5
2015-12-14 10:11 . 2015-12-14 10:22 -------- d-----w- c:\windows\system32\MRT
2015-12-07 22:54 . 2015-12-07 22:54 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Data aplikací\Temp
2015-12-06 15:16 . 2008-04-14 07:51 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2015-12-06 15:16 . 2008-04-14 07:51 21504 ----a-w- c:\windows\system32\hidserv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-29 21:19 . 2015-11-17 12:53 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-29 21:19 . 2015-11-17 12:53 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-12-18 21:55 . 2015-11-17 12:35 436360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-12-18 21:55 . 2015-11-17 12:35 81168 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-12-14 21:54 . 2015-11-17 12:35 58016 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2015-12-14 21:54 . 2015-11-17 12:35 165104 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2015-12-14 21:54 . 2015-11-17 12:35 209432 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-12-14 21:54 . 2015-11-17 12:35 55200 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2015-12-14 21:54 . 2015-11-17 12:35 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-12-14 21:54 . 2015-11-17 12:35 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-12-14 21:54 . 2015-11-17 12:35 794952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-11-17 12:01 . 2015-11-17 12:01 315392 ----a-w- c:\windows\HideWin.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-12-14 21:54 750216 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-12 815104]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-28 16861696]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-29 13529088]
"nwiz"="nwiz.exe" [2008-03-29 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-29 86016]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-12-14 7021880]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2008-02-01 233472]
"MsgTranAgt"="c:\program files\ATK Hotkey\MsgTranAgt.exe" [2007-11-04 106496]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [17.11.2015 13:35 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [17.11.2015 13:35 209432]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.11.2015 13:35 794952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [17.11.2015 13:35 436360]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [17.11.2015 13:35 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [17.11.2015 13:35 81168]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [17.11.2015 12:16 36864]
S3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [17.11.2015 13:35 165104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-21 08:44 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-17 21:19]
.
2016-01-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-14 21:54]
.
2015-12-08 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2015-11-17 23:28]
.
2016-01-02 c:\windows\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2015-11-17 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.com/?trackid=sp-006
TCP: DhcpNameServer = 213.46.172.37 213.46.172.36
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\89sdtb07.default-1451589567062\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-01-03 00:43
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2016-01-03 00:46:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-01-02 23:46
ComboFix2.txt 2016-01-02 15:46
.
Před spuštěním: Volných bajtů: 21 112 578 048
Po spuštění: Volných bajtů: 21 128 327 168
.
- - End Of File - - E3C4C78A6EA8418C7FFA0BE743855A81
413FC2A0C716421B3158746D63736515
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Problém s nežádoucím otevíráním oknen reklam, her
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Vlož nový log z HJT + informuj o problémech.
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Problém s nežádoucím otevíráním oknen reklam, her
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-01-03 10:59:25
-----------------------------
10:59:25.343 OS Version: Windows 5.1.2600 Service Pack 3
10:59:25.343 Number of processors: 2 586 0xF0D
10:59:25.343 ComputerName: LTM-58C8FE6C6C1 UserName: Jirka
10:59:25.640 Initialize success
10:59:25.656 VM: initialized successfully
10:59:25.656 VM: Intel CPU virtualization not supported
10:59:27.734 AVAST engine defs: 16010300
10:59:43.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:59:43.281 Disk 0 Vendor: WDC_WD1600BEVT-22A23T0 01.01A01 Size: 152627MB BusType: 3
10:59:43.421 Disk 0 MBR read successfully
10:59:43.421 Disk 0 MBR scan
10:59:43.421 Disk 0 Windows XP default MBR code
10:59:43.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
10:59:43.453 Disk 0 Boot: NTFS code=1
10:59:43.453 Disk 0 Partition - 00 0F Extended LBA 122628 MB offset 61432560
10:59:43.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122628 MB offset 61432623
10:59:43.468 Disk 0 scanning sectors +312576705
10:59:43.546 Disk 0 scanning C:\WINDOWS\system32\drivers
10:59:54.937 Service scanning
11:00:13.750 Modules scanning
11:00:13.765 Disk 0 trace - called modules:
11:00:13.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:00:13.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86765ab8]
11:00:13.812 3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\0000007a[0x867c6030]
11:00:13.812 5 ACPI.sys[f74b3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86767940]
11:00:14.015 AVAST engine scan C:\WINDOWS
11:00:18.093 AVAST engine scan C:\WINDOWS\system32
11:01:48.843 AVAST engine scan C:\WINDOWS\system32\drivers
11:01:58.984 AVAST engine scan C:\Documents and Settings\Jirka
11:03:04.359 AVAST engine scan C:\Documents and Settings\All Users
11:03:32.156 Disk 0 statistics 921102/0/0 @ 3,32 MB/s
11:03:32.156 Scan finished successfully
11:07:14.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jirka\Plocha\MBR.dat"
11:07:14.859 The log file has been saved successfully to "C:\Documents and Settings\Jirka\Plocha\aswMBR.txt"
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:20, on 3.1.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
FIREFOX: 43.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\Jirka\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [MsgTranAgt] "C:\Program Files\ATK Hotkey\MsgTranAgt.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5058 bytes
Zdá se, že mi už žádné okno nevyskakuje. Můžu ty prográmky bezpečně smazat? Nebo je mám nechat být? Pokud teda už v lozích nic není špatně.
Run date: 2016-01-03 10:59:25
-----------------------------
10:59:25.343 OS Version: Windows 5.1.2600 Service Pack 3
10:59:25.343 Number of processors: 2 586 0xF0D
10:59:25.343 ComputerName: LTM-58C8FE6C6C1 UserName: Jirka
10:59:25.640 Initialize success
10:59:25.656 VM: initialized successfully
10:59:25.656 VM: Intel CPU virtualization not supported
10:59:27.734 AVAST engine defs: 16010300
10:59:43.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:59:43.281 Disk 0 Vendor: WDC_WD1600BEVT-22A23T0 01.01A01 Size: 152627MB BusType: 3
10:59:43.421 Disk 0 MBR read successfully
10:59:43.421 Disk 0 MBR scan
10:59:43.421 Disk 0 Windows XP default MBR code
10:59:43.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29996 MB offset 63
10:59:43.453 Disk 0 Boot: NTFS code=1
10:59:43.453 Disk 0 Partition - 00 0F Extended LBA 122628 MB offset 61432560
10:59:43.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122628 MB offset 61432623
10:59:43.468 Disk 0 scanning sectors +312576705
10:59:43.546 Disk 0 scanning C:\WINDOWS\system32\drivers
10:59:54.937 Service scanning
11:00:13.750 Modules scanning
11:00:13.765 Disk 0 trace - called modules:
11:00:13.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:00:13.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86765ab8]
11:00:13.812 3 CLASSPNP.SYS[f763cfd7] -> nt!IofCallDriver -> \Device\0000007a[0x867c6030]
11:00:13.812 5 ACPI.sys[f74b3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86767940]
11:00:14.015 AVAST engine scan C:\WINDOWS
11:00:18.093 AVAST engine scan C:\WINDOWS\system32
11:01:48.843 AVAST engine scan C:\WINDOWS\system32\drivers
11:01:58.984 AVAST engine scan C:\Documents and Settings\Jirka
11:03:04.359 AVAST engine scan C:\Documents and Settings\All Users
11:03:32.156 Disk 0 statistics 921102/0/0 @ 3,32 MB/s
11:03:32.156 Scan finished successfully
11:07:14.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jirka\Plocha\MBR.dat"
11:07:14.859 The log file has been saved successfully to "C:\Documents and Settings\Jirka\Plocha\aswMBR.txt"
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:09:20, on 3.1.2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
FIREFOX: 43.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Documents and Settings\Jirka\Plocha\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [MsgTranAgt] "C:\Program Files\ATK Hotkey\MsgTranAgt.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5058 bytes
Zdá se, že mi už žádné okno nevyskakuje. Můžu ty prográmky bezpečně smazat? Nebo je mám nechat být? Pokud teda už v lozích nic není špatně.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 109 hostů