POMOC - prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Dracolich
nováček
Příspěvky: 11
Registrován: únor 15
Pohlaví: Nespecifikováno
Stav:
Offline

Re: POMOC - prosím o kontrolu logu

Příspěvekod Dracolich » 04 úno 2015 21:11

ZoEK:


Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Marco on st 04. 02. 2015 at 20:03:49,09.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Marco\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4. 2. 2015 20:08:12 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\DAEMON Tools Lite deleted successfully
C:\PROGRA~2\McAfee Security Scan deleted successfully
C:\PROGRA~2\Trend Micro deleted successfully
C:\PROGRA~2\WinZip deleted successfully
C:\Users\Marco\AppData\Roaming\TP deleted successfully
C:\Users\Marco\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Marco\AppData\Local\Adobe deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\bvpd8r08.default-1422820174100\prefs.js:

Added to C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\bvpd8r08.default-1422820174100\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Program Files\syncables deleted
C:\Users\Marco\.android deleted
C:\PROGRA~2\OberonGameConsole deleted
C:\windows\system32\config\systemprofile\Searches deleted
"C:\Users\Marco\AppData\Local\{0B730C0C-9228-48D4-8E90-9296818954F1}" deleted
"C:\Users\Marco\AppData\Roaming\GHISLER\default.bar" deleted
"C:\Users\Marco\AppData\Roaming\GHISLER\default.br2" deleted
"C:\Users\Marco\AppData\Roaming\GHISLER" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [29. 01. 2015 16:21]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\bvpd8r08.default-1422820174100
0FC325593893749364EC4A733E7D9100 - C:\windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash
1959AF26718C63AA015D7C4F5C1F538B - C:\windows\system32\Adobe\Director\np32dsw_1215155.dll - Shockwave for Director / Shockwave for Director
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
01D93217A9EE48DD37072B671378CC9C - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99 - C:\windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
28986F0A2342A033345EF9E70D395E4F - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight
15E298B5EC5B89C5994A59863969D9FF - C:\windows\system32\npmproxy.dll - Microsoft® Windows® Operating System


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[13. 12. 2014 14:20]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully
HKEY_USERS\S-1-5-21-36651612-4139712469-2546235913-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyService deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables deleted successfully

==== Empty IE Cache ======================

C:\Users\Marco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Marco\AppData\Local\Mozilla\Firefox\Profiles\bvpd8r08.default-1422820174100\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=809 folders=94 169324603 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Marco\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Marco\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on st 04. 02. 2015 at 21:08:00,61 ======================

Reklama
Dracolich
nováček
Příspěvky: 11
Registrován: únor 15
Pohlaví: Nespecifikováno
Stav:
Offline

Re: POMOC - prosím o kontrolu logu

Příspěvekod Dracolich » 04 úno 2015 22:04

ComboFix 15-02-02.01 - Marco . 02. 2015 21:33:32.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.421.1051.18.1014.309 [GMT 1:00]
Running from: c:\users\Marco\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-01-04 to 2015-02-04 )))))))))))))))))))))))))))))))
.
.
2015-02-04 20:56 . 2015-02-04 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-04 19:55 . 2015-02-04 19:03 24064 ----a-w- c:\windows\zoek-delete.exe
2015-02-04 19:55 . 2015-02-04 20:56 -------- d-----w- c:\users\Marco\AppData\Local\Temp
2015-02-04 19:03 . 2015-02-04 19:45 -------- d-----w- C:\zoek_backup
2015-02-03 17:58 . 2015-02-04 17:18 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-03 17:57 . 2015-02-03 17:57 -------- d-----w- c:\programdata\RogueKiller
2015-02-02 18:17 . 2015-02-03 17:20 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-02 18:16 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-02 18:16 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-02 18:16 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-02 18:16 . 2015-02-02 18:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-02-02 17:32 . 2015-02-03 16:26 -------- d-----w- C:\AdwCleaner
2015-02-02 17:24 . 2015-02-02 17:24 -------- d-----w- c:\users\Marco\AppData\Local\Macromedia
2015-02-02 17:23 . 2015-02-02 17:23 -------- d-----w- c:\users\Marco\AppData\Local\ASUS
2015-02-01 13:33 . 2015-02-01 13:33 -------- d-sh--w- c:\windows\ftpcache
2015-01-31 19:31 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{830132B8-EBBA-415E-B360-5A8626508094}\mpengine.dll
2015-01-31 18:06 . 2011-05-12 19:57 1493608 ----a-w- c:\windows\system32\RTSndMgr.cpl
2015-01-31 18:06 . 2011-05-17 16:02 3499752 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2015-01-31 18:06 . 2011-05-17 12:43 2170472 ----a-w- c:\windows\system32\RtkPgExt.dll
2015-01-31 18:06 . 2011-05-17 12:56 74344 ----a-w- c:\windows\system32\RtkCoInst.dll
2015-01-31 18:05 . 2011-03-15 14:32 485992 ----a-w- c:\windows\system32\RtkApoApi.dll
2015-01-31 18:05 . 2011-05-17 12:43 4169832 ----a-w- c:\windows\system32\RtkAPO.dll
2015-01-31 18:05 . 2010-11-08 06:31 78680 ----a-w- c:\windows\system32\RTEEL32A.dll
2015-01-31 18:05 . 2010-11-08 06:31 359768 ----a-w- c:\windows\system32\RTEEP32A.dll
2015-01-31 18:05 . 2010-11-08 06:31 64856 ----a-w- c:\windows\system32\RTEEG32A.dll
2015-01-31 18:05 . 2010-11-08 06:31 170840 ----a-w- c:\windows\system32\RTEED32A.dll
2015-01-31 18:05 . 2010-11-08 06:31 295768 ----a-w- c:\windows\system32\RP3DHT32.dll
2015-01-31 18:05 . 2010-11-08 06:31 295768 ----a-w- c:\windows\system32\RP3DAA32.dll
2015-01-31 18:05 . 2011-05-05 14:24 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2015-01-31 18:05 . 2010-07-22 15:37 175200 ----a-w- c:\windows\system32\AERTACap.dll
2015-01-31 18:05 . 2009-11-17 17:13 96160 ----a-w- c:\windows\system32\AERTARen.dll
2015-01-31 18:04 . 2011-02-25 18:37 1284712 ----a-w- c:\windows\RtlExUpd.dll
2015-01-29 16:44 . 2005-06-24 15:24 438272 ----a-r- c:\windows\system32\vp6vfw.dll
2015-01-29 16:44 . 2015-01-29 16:44 -------- d-----w- c:\program files\Electronic Arts
2015-01-29 16:44 . 2004-12-10 08:06 327680 ----a-w- c:\windows\system32\vp6dec.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-29 19:47 . 2013-03-21 19:11 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-29 19:47 . 2013-03-21 19:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-22 23:50 . 2012-02-01 17:09 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 13:21 . 2011-12-25 03:46 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-13 13:21 . 2011-12-25 03:46 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-13 13:20 . 2014-02-04 16:40 91496 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-12-13 13:20 . 2013-03-04 19:50 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-13 13:20 . 2014-04-20 11:17 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-13 13:20 . 2013-03-04 19:50 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-13 13:20 . 2012-03-25 18:02 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-13 13:20 . 2011-12-25 03:46 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-13 13:20 . 2014-12-13 13:21 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-13 13:20 . 2014-12-13 13:20 43152 ----a-w- c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-13 13:20 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CapsHook"="AsusSender.exe" [2012-01-05 34728]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-03-24 45448]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-30 2018032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 150808]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-28 5227112]
"SuperHybridEngine"="AsusSender.exe" [2012-01-05 34728]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-23 10082920]
"LiveUpdate"="AsusSender.exe" [2012-01-05 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2011-01-06 14:16 414384 ----a-w- c:\program files\Asus\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2010-04-13 07:32 548744 ----a-w- c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-05-23 15:50 10082920 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-12-13 91496]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2014-07-23 13528]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys [2014-07-23 26328]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-25 697328]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-12-13 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-12-13 423784]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-03-03 224680]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-12-13 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-12-13 70384]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-13 218192]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-13 3192344]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-09-27 68208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 19:47]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-13 15:13]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-13 15:13]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\bvpd8r08.default-1422820174100\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-36651612-4139712469-2546235913-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cb,
07,9f,ba,ea,0e,bb,80,bc,0b,8f,64,ff,de
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,2a,b5,
03,2f,8e,3b,06,8b,93,28,5a,06,45,ee,4e
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,24,
8f,30,1e,d6,06,90,da,17,38,75,42,21,db
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,3b,1b,ed,a7,b8,
a4,6c,a8,10,0c,95,25,46,b7,9c,59,96,b1
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3b,4a,
91,1f,ff,d6,04,b2,3b,97,23,03,c3,cf,1b
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,3b,1b,bc,87,1d,
2d,00,93,5f,0d,80,8c,08,6a,49,08,0c,0a
"{45564571-A21B-48ED-B584-69752EEE9C3D}"=hex:51,66,7a,6c,4c,1d,3b,1b,61,58,42,
5a,29,f0,84,04,ab,92,2f,29,2d,a4,de,20
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,26,39,
52,8c,3b,13,0b,8e,e3,bb,87,06,7f,3b,68
.
[HKEY_USERS\S-1-5-21-36651612-4139712469-2546235913-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%’%c*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-36651612-4139712469-2546235913-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%’%c*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-04 22:01:40
ComboFix-quarantined-files.txt 2015-02-04 21:01
.
Pre-Run: 10 726 133 760 bytes free
Post-Run: 10 619 695 104 bytes free
.
- - End Of File - - 74DF6397A3BE83D52F89EE14D301B11A
A36C5E4F47E84449FF07ED3517B43A31

Dracolich
nováček
Příspěvky: 11
Registrován: únor 15
Pohlaví: Nespecifikováno
Stav:
Offline

Re: POMOC - prosím o kontrolu logu

Příspěvekod Dracolich » 04 úno 2015 22:05

ComboFix 15-02-02.01 - Marco . 02. 2015 21:33:32.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.421.1051.18.1014.309 [GMT 1:00]
Running from: c:\users\Marco\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-01-04 to 2015-02-04 )))))))))))))))))))))))))))))))
.
.
2015-02-04 20:56 . 2015-02-04 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-04 19:55 . 2015-02-04 19:03 24064 ----a-w- c:\windows\zoek-delete.exe
2015-02-04 19:55 . 2015-02-04 20:56 -------- d-----w- c:\users\Marco\AppData\Local\Temp
2015-02-04 19:03 . 2015-02-04 19:45 -------- d-----w- C:\zoek_backup
2015-02-03 17:58 . 2015-02-04 17:18 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-03 17:57 . 2015-02-03 17:57 -------- d-----w- c:\programdata\RogueKiller
2015-02-02 18:17 . 2015-02-03 17:20 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-02 18:16 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-02 18:16 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-02 18:16 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-02 18:16 . 2015-02-02 18:17 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-02-02 17:32 . 2015-02-03 16:26 -------- d-----w- C:\AdwCleaner
2015-02-02 17:24 . 2015-02-02 17:24 -------- d-----w- c:\users\Marco\AppData\Local\Macromedia
2015-02-02 17:23 . 2015-02-02 17:23 -------- d-----w- c:\users\Marco\AppData\Local\ASUS
2015-02-01 13:33 . 2015-02-01 13:33 -------- d-sh--w- c:\windows\ftpcache
2015-01-31 19:31 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{830132B8-EBBA-415E-B360-5A8626508094}\mpengine.dll
2015-01-31 18:06 . 2011-05-12 19:57 1493608 ----a-w- c:\windows\system32\RTSndMgr.cpl
2015-01-31 18:06 . 2011-05-17 16:02 3499752 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2015-01-31 18:06 . 2011-05-17 12:43 2170472 ----a-w- c:\windows\system32\RtkPgExt.dll
2015-01-31 18:06 . 2011-05-17 12:56 74344 ----a-w- c:\windows\system32\RtkCoInst.dll
2015-01-31 18:05 . 2011-03-15 14:32 485992 ----a-w- c:\windows\system32\RtkApoApi.dll
2015-01-31 18:05 . 2011-05-17 12:43 4169832 ----a-w- c:\windows\system32\RtkAPO.dll
2015-01-31 18:05 . 2010-11-08 06:31 78680 ----a-w- c:\windows\system32\RTEEL32A.dll
2015-01-31 18:05 . 2010-11-08 06:31 359768 ----a-w- c:\windows\system32\RTEEP32A.dll
2015-01-31 18:05 . 2010-11-08 06:31 64856 ----a-w- c:\windows\system32\RTEEG32A.dll
2015-01-31 18:05 . 2010-11-08 06:31 170840 ----a-w- c:\windows\system32\RTEED32A.dll
2015-01-31 18:05 . 2010-11-08 06:31 295768 ----a-w- c:\windows\system32\RP3DHT32.dll
2015-01-31 18:05 . 2010-11-08 06:31 295768 ----a-w- c:\windows\system32\RP3DAA32.dll
2015-01-31 18:05 . 2011-05-05 14:24 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2015-01-31 18:05 . 2010-07-22 15:37 175200 ----a-w- c:\windows\system32\AERTACap.dll
2015-01-31 18:05 . 2009-11-17 17:13 96160 ----a-w- c:\windows\system32\AERTARen.dll
2015-01-31 18:04 . 2011-02-25 18:37 1284712 ----a-w- c:\windows\RtlExUpd.dll
2015-01-29 16:44 . 2005-06-24 15:24 438272 ----a-r- c:\windows\system32\vp6vfw.dll
2015-01-29 16:44 . 2015-01-29 16:44 -------- d-----w- c:\program files\Electronic Arts
2015-01-29 16:44 . 2004-12-10 08:06 327680 ----a-w- c:\windows\system32\vp6dec.ax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-29 19:47 . 2013-03-21 19:11 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-29 19:47 . 2013-03-21 19:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-22 23:50 . 2012-02-01 17:09 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 13:21 . 2011-12-25 03:46 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-13 13:21 . 2011-12-25 03:46 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-13 13:20 . 2014-02-04 16:40 91496 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-12-13 13:20 . 2013-03-04 19:50 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-12-13 13:20 . 2014-04-20 11:17 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-13 13:20 . 2013-03-04 19:50 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-13 13:20 . 2012-03-25 18:02 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-13 13:20 . 2011-12-25 03:46 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-13 13:20 . 2014-12-13 13:21 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-13 13:20 . 2014-12-13 13:20 43152 ----a-w- c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-13 13:20 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CapsHook"="AsusSender.exe" [2012-01-05 34728]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-03-24 45448]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2011-04-30 2018032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-19 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-19 174360]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-19 150808]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-28 5227112]
"SuperHybridEngine"="AsusSender.exe" [2012-01-05 34728]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-23 10082920]
"LiveUpdate"="AsusSender.exe" [2012-01-05 34728]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2011-01-06 414384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2011-01-06 14:16 414384 ----a-w- c:\program files\Asus\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2010-04-13 07:32 548744 ----a-w- c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-05-23 15:50 10082920 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-12-13 91496]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2014-07-23 13528]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys [2014-07-23 26328]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-25 697328]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-12-13 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-12-13 423784]
S2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2011-03-03 224680]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-12-13 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-12-13 70384]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-13 218192]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-12 91464]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-13 3192344]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-09-27 68208]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 19:47]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-13 15:13]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-13 15:13]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\bvpd8r08.default-1422820174100\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-36651612-4139712469-2546235913-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cb,
07,9f,ba,ea,0e,bb,80,bc,0b,8f,64,ff,de
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,2a,b5,
03,2f,8e,3b,06,8b,93,28,5a,06,45,ee,4e
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,24,
8f,30,1e,d6,06,90,da,17,38,75,42,21,db
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,3b,1b,ed,a7,b8,
a4,6c,a8,10,0c,95,25,46,b7,9c,59,96,b1
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3b,4a,
91,1f,ff,d6,04,b2,3b,97,23,03,c3,cf,1b
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,3b,1b,bc,87,1d,
2d,00,93,5f,0d,80,8c,08,6a,49,08,0c,0a
"{45564571-A21B-48ED-B584-69752EEE9C3D}"=hex:51,66,7a,6c,4c,1d,3b,1b,61,58,42,
5a,29,f0,84,04,ab,92,2f,29,2d,a4,de,20
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,26,39,
52,8c,3b,13,0b,8e,e3,bb,87,06,7f,3b,68
.
[HKEY_USERS\S-1-5-21-36651612-4139712469-2546235913-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%’%c*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-36651612-4139712469-2546235913-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%’%c*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-04 22:01:40
ComboFix-quarantined-files.txt 2015-02-04 21:01
.
Pre-Run: 10 726 133 760 bytes free
Post-Run: 10 619 695 104 bytes free
.
- - End Of File - - 74DF6397A3BE83D52F89EE14D301B11A
A36C5E4F47E84449FF07ED3517B43A31

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: POMOC - prosím o kontrolu logu

Příspěvekod jaro3 » 04 úno 2015 22:09

Odinstaluj:
McAfee Security Scan

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\Update

RegLock::
[HKEY_USERS\S-1-5-21-36651612-4139712469-2546235913-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,cb,
 07,9f,ba,ea,0e,bb,80,bc,0b,8f,64,ff,de
"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,2a,b5,
 03,2f,8e,3b,06,8b,93,28,5a,06,45,ee,4e
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c9,24,
 8f,30,1e,d6,06,90,da,17,38,75,42,21,db
"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,3b,1b,ed,a7,b8,
 a4,6c,a8,10,0c,95,25,46,b7,9c,59,96,b1
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3b,4a,
 91,1f,ff,d6,04,b2,3b,97,23,03,c3,cf,1b
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=hex:51,66,7a,6c,4c,1d,3b,1b,bc,87,1d,
 2d,00,93,5f,0d,80,8c,08,6a,49,08,0c,0a
"{45564571-A21B-48ED-B584-69752EEE9C3D}"=hex:51,66,7a,6c,4c,1d,3b,1b,61,58,42,
 5a,29,f0,84,04,ab,92,2f,29,2d,a4,de,20
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,26,39,
 52,8c,3b,13,0b,8e,e3,bb,87,06,7f,3b,68
.
[HKEY_USERS\S-1-5-21-36651612-4139712469-2546235913-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%’%c*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-36651612-4139712469-2546235913-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*’%’%c*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 115 hostů