Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Zablokovanie prehliadača malware

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Zablokovanie prehliadača malware

#1 Příspěvek od maba345 »

Zdravím Dnes mi vybehol známy to malware Obrázek

Ako mám prosím postupovať pri odstránení?

Vďaka za pomoc :)

Použil som adwcleaner tu je Log:

# AdwCleaner v3.013 - Report created 29/11/2013 at 21:38:59
# Updated 24/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - MAJO
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Vuze
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default profile\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\a70bf499-915d-432a-a076-289f170e25d8
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Vuze\Azureus.exe]
Key Deleted : HKCU\Software\BlabbersToolbar
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKLM\Software\hdcode

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v25.0.1 (sk)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default profile\prefs.js ]


*************************

AdwCleaner[R0].txt - [6421 octets] - [02/09/2013 20:25:06]
AdwCleaner[R1].txt - [1009 octets] - [02/09/2013 20:31:22]
AdwCleaner[R2].txt - [1078 octets] - [04/09/2013 19:46:26]
AdwCleaner[R3].txt - [2035 octets] - [29/11/2013 21:38:19]
AdwCleaner[S0].txt - [4576 octets] - [02/09/2013 20:25:28]
AdwCleaner[S1].txt - [1145 octets] - [04/09/2013 19:47:01]
AdwCleaner[S2].txt - [1980 octets] - [29/11/2013 21:38:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2040 octets] ##########

Bude to stačiť? :)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zablokovanie prehliadača malware

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Postupujte dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=132523
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Zablokovanie prehliadača malware

#3 Příspěvek od maba345 »

Disk s názvom HITMANPRO vytvorený, no nabootovať nešiel. Tak som spustil súbory z kľúča nainštaloval a preskenoval. Našlo 2 reg klúče OutlookSecurityManager Babylon tak tie som nechal odstrániť. Tá správa o zablokovaní sa už nezobrazuje.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zablokovanie prehliadača malware

#4 Příspěvek od vyosek »

Poprosim tedy o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Zablokovanie prehliadača malware

#5 Příspěvek od maba345 »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-12-2013
Ran by Administrator (administrator) on MAJO on 02-12-2013 17:07:11
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\WINDOWS\system32\LVCOMSX.EXE
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\WINDOWS\KHALMNPR.Exe [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.)
HKLM\...\Run: [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
HKCU\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
MountPoints2: {0210ccc4-2ee1-11e1-9b9c-08002700d0a4} - H:\Startme.exe
MountPoints2: {041ee640-4252-11e0-9c48-08002700d0a4} - G:\BattleLosAngeles_Setup.exe
MountPoints2: {0c6fdf9a-45d4-11e0-9936-08002700d0a4} - H:\MoWAS_Setup.exe
MountPoints2: {8fb9e032-22c8-11df-9d15-00241d88a58d} - H:\Autorun.exe
HKU\Default User\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://178.18.68.125/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8463360 2011-01-21] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 178.18.68.16

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default profile
FF Homepage: hxxp://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll No File
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=8 - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF Extension: DownloadHelper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default profile\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: firefox - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default profile\Extensions\firefox@mega.co.nz.xpi
FF Extension: noscript - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default profile\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default profile\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

S4 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [554264 2008-12-16] (Acronis)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-12-02] (SurfRight B.V.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [16877 2006-02-25] (Adaptec)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 EIO_XP; C:\WINDOWS\system32\drivers\EIO_XP.sys [14336 2009-07-30] (ASUSTeK Computer Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
R3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [32000 2012-01-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [22400 2012-02-22] (ManyCam LLC)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 QCMerced; C:\Windows\System32\DRIVERS\LVCM.sys [1317152 2005-05-27] ()
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [104744 2009-03-25] (MCCI Corporation)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2010-02-26] (Acronis)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [428088 2011-12-04] ()
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [971552 2010-02-26] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2010-02-26] (Acronis)
S3 VM650FVM11; C:\Windows\System32\Drivers\USB650C.sys [13824 2001-08-17] (Microsoft Corporation)
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [25704 2010-12-24] (Wondershare)
S3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [25704 2010-12-24] (Wondershare)
U3 afmg179m; No ImagePath
S3 DUMeterDrv; \??\C:\Program Files\DU Meter\DUM_XP32.SYS [x]
S4 IntelIde; No ImagePath
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [x]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S1 vsdatant; System32\vsdatant.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 17:07 - 2013-12-02 17:07 - 00013390 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2013-12-02 17:06 - 2013-12-02 17:06 - 00000000 ____D C:\FRST
2013-12-02 17:05 - 2013-12-02 17:05 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
2013-12-02 17:03 - 2013-12-02 17:03 - 01092187 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2013-12-02 12:35 - 2013-12-02 13:56 - 00001300 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-02 11:58 - 2013-12-02 11:58 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-02 11:58 - 2013-12-02 11:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2013-12-02 11:38 - 2013-12-02 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-11-25 14:24 - 2013-11-25 14:24 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Hagel Technologies
2013-11-25 14:24 - 2013-11-25 14:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2013-11-17 19:11 - 2013-11-17 19:11 - 00000204 _____ C:\WINDOWS\system32\secustat.dat
2013-11-17 19:07 - 2013-11-17 19:11 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BITS
2013-11-17 19:07 - 2013-11-17 19:07 - 00000025 _____ C:\WINDOWS\emcore.INI
2013-11-17 19:06 - 2013-11-17 19:06 - 00000000 ____D C:\Program Files\FlashGet Network
2013-11-16 11:34 - 2013-11-16 15:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-12 12:27 - 2013-11-12 12:27 - 02434836 _____ () C:\Documents and Settings\Administrator\My Documents\Active.exe
2013-11-12 11:39 - 2013-11-12 11:39 - 00000809 _____ C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
2013-11-12 11:38 - 2009-01-07 18:20 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2013-11-12 11:37 - 2013-11-12 11:38 - 00000000 __HDC C:\WINDOWS\ie8
2013-11-12 11:25 - 2013-11-12 12:27 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\NetSurveillance
2013-11-12 11:25 - 2013-11-12 11:25 - 00000000 ____D C:\Program Files\NetSurveillance
2013-11-12 11:20 - 2013-11-18 21:06 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\CMS
2013-11-11 16:47 - 2013-11-11 16:47 - 00000000 ____D C:\WINDOWS\DiskPlayer
2013-11-11 16:46 - 2013-11-11 16:46 - 00000000 ____D C:\WINDOWS\Upgrade

==================== One Month Modified Files and Folders =======

2013-12-02 17:07 - 2013-12-02 17:07 - 00013390 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2013-12-02 17:06 - 2013-12-02 17:06 - 00000000 ____D C:\FRST
2013-12-02 17:05 - 2013-12-02 17:05 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
2013-12-02 17:03 - 2013-12-02 17:03 - 01092187 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2013-12-02 16:43 - 2013-10-01 11:48 - 00008816 _____ C:\WINDOWS\system32\nvAppTimestamps
2013-12-02 13:56 - 2013-12-02 12:35 - 00001300 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-02 13:56 - 2010-02-22 15:22 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-12-02 13:56 - 2010-02-22 15:22 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-02 12:44 - 2010-02-24 14:28 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Programy
2013-12-02 12:37 - 2013-03-19 22:10 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-02 12:37 - 2013-03-19 22:10 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-12-02 12:37 - 2010-02-24 18:33 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-12-02 12:23 - 2010-02-24 19:25 - 00000000 __SHD C:\Documents and Settings\Administrator\UserData
2013-12-02 12:02 - 2013-12-02 11:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-12-02 11:58 - 2013-12-02 11:58 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-02 11:58 - 2013-12-02 11:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2013-12-01 10:47 - 2013-09-02 20:25 - 00000000 ____D C:\AdwCleaner
2013-11-29 15:17 - 2012-04-09 14:59 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2013-11-29 11:30 - 2008-04-14 11:00 - 00002228 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-27 17:34 - 2010-02-24 20:59 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Hry
2013-11-27 17:34 - 2010-02-24 18:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Azureus
2013-11-26 15:33 - 2011-06-19 10:45 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\dvdcss
2013-11-25 17:13 - 2013-03-06 22:20 - 00003216 _____ C:\Documents and Settings\Administrator\My Documents\TombRaider.log
2013-11-25 14:24 - 2013-11-25 14:24 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Hagel Technologies
2013-11-25 14:24 - 2013-11-25 14:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2013-11-25 13:24 - 2013-03-05 11:58 - 00000000 ____D C:\Program Files\Winamp
2013-11-25 13:23 - 2013-03-05 11:58 - 00000660 _____ C:\Documents and Settings\All Users\Desktop\Winamp.lnk
2013-11-25 13:23 - 2013-03-05 11:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
2013-11-23 10:53 - 2010-02-22 15:22 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-19 23:13 - 2010-02-25 12:51 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2013-11-19 14:30 - 2010-10-25 18:17 - 00000000 ____D C:\Documents and Settings\Administrator\.VirtualBox
2013-11-18 21:32 - 2013-03-10 22:18 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-11-18 21:28 - 2013-10-01 13:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\NVIDIA
2013-11-18 21:28 - 2013-10-01 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2013-11-18 21:28 - 2013-10-01 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA
2013-11-18 21:28 - 2012-04-07 22:31 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-18 21:09 - 2011-04-13 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TopCD
2013-11-18 21:06 - 2013-11-12 11:20 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\CMS
2013-11-17 19:11 - 2013-11-17 19:11 - 00000204 _____ C:\WINDOWS\system32\secustat.dat
2013-11-17 19:11 - 2013-11-17 19:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\BITS
2013-11-17 19:07 - 2013-11-17 19:07 - 00000025 _____ C:\WINDOWS\emcore.INI
2013-11-17 19:06 - 2013-11-17 19:06 - 00000000 ____D C:\Program Files\FlashGet Network
2013-11-17 17:19 - 2013-01-04 11:37 - 00001755 _____ C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2013-11-17 17:19 - 2012-04-09 14:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sony
2013-11-17 17:19 - 2010-02-22 16:33 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-17 17:15 - 2010-11-02 21:42 - 00000000 ____D C:\Program Files\DOSBox-0.74
2013-11-17 10:53 - 2013-09-27 20:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-16 15:03 - 2013-11-16 11:34 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-13 19:50 - 2013-09-09 15:18 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-13 19:50 - 2013-09-09 15:18 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-13 19:50 - 2013-09-09 15:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-13 19:50 - 2013-07-04 11:52 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-11-13 19:48 - 2011-02-04 20:19 - 00000152 _____ C:\Documents and Settings\Administrator\My Documents\Presnet.txt
2013-11-12 12:27 - 2013-11-12 12:27 - 02434836 _____ () C:\Documents and Settings\Administrator\My Documents\Active.exe
2013-11-12 12:27 - 2013-11-12 11:25 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\NetSurveillance
2013-11-12 11:45 - 2010-02-22 16:09 - 00000000 ____D C:\WINDOWS\system32\ias
2013-11-12 11:39 - 2013-11-12 11:39 - 00000809 _____ C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
2013-11-12 11:39 - 2010-02-22 16:09 - 00000000 ____D C:\WINDOWS\Help
2013-11-12 11:38 - 2013-11-12 11:37 - 00000000 __HDC C:\WINDOWS\ie8
2013-11-12 11:38 - 2010-02-22 16:09 - 00000000 ____D C:\WINDOWS\Media
2013-11-12 11:25 - 2013-11-12 11:25 - 00000000 ____D C:\Program Files\NetSurveillance
2013-11-11 16:47 - 2013-11-11 16:47 - 00000000 ____D C:\WINDOWS\DiskPlayer
2013-11-11 16:46 - 2013-11-11 16:46 - 00000000 ____D C:\WINDOWS\Upgrade

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-07-03 10:38] - [2008-07-03 10:38] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (System) (Fixed) (Total:9.67 GB) (Free:1.28 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:223.11 GB) (Free:18.58 GB) NTFS
Drive h: (MAJO) (Removable) (Total:14.87 GB) (Free:14.87 GB) FAT32

Available physical RAM: 2135.46 MB
Total physical RAM: 3070.42 MB
Percentage of memory in use: 30%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 02480248)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=05)
Disk: 1 (Size: 15 GB) (Disk ID: 67DC9428)
Partition 1: (Active) - (Size=15 GB) - (Type=0B)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1364589140-725345543-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce91dfe8b0f4ee.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1364589140-725345543-500Core1cebbb6f0b56fac.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0

==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Administrator\Desktop" je 87 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
C:\Program Files\Samsung\Kies\Kies.exe /preload [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload
C:\WINDOWS\system32\LVCOMSX.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX
"C:\Program Files\Messenger\msmsgs.exe" /background [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
C:\WINDOWS\inf\ntvdm.vbe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nektra OEAPI
"C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe
ECHO is off.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PUSH650C.lnk
C:\WINDOWS\twain_32\PUSH650C.EXE


HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services
OMSI download service REG_DWORD 0x2
LBTServ REG_DWORD 0x3
IDriverT REG_DWORD 0x3
JavaQuickStarterService REG_DWORD 0x3
vsmon REG_DWORD 0x2
idsvc REG_DWORD 0x3
FontCache3.0.0.0 REG_DWORD 0x3
DfSdkS REG_DWORD 0x3
AntiVirUpgradeService REG_DWORD 0x2
WMPNetworkSvc REG_DWORD 0x3
wuauserv REG_DWORD 0x2
Sony Ericsson PCCompanion REG_DWORD 0x3
gupdate REG_DWORD 0x2
wlidsvc REG_DWORD 0x2
avast! Firewall REG_DWORD 0x2
MozillaMaintenance REG_DWORD 0x3
AdobeFlashPlayerUpdateSvc REG_DWORD 0x3
AcrSch2Svc REG_DWORD 0x3
SkypeUpdate REG_DWORD 0x2
WiseBootAssistant REG_DWORD 0x2
TuneUp.UtilitiesSvc REG_DWORD 0x2
nvUpdatusService REG_DWORD 0x2
gupdatem REG_DWORD 0x3

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
DisableUnicastResponsesToMulticastBroadcast REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
DisableUnicastResponsesToMulticastBroadcast REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"="C:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"="C:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"H:\\Zaloha\\Hry\\Dirt 3\\dirt3_game.exe"="H:\\Zaloha\\Hry\\Dirt 3\\dirt3_game.exe:*:Enabled:DiRT3 Executable"
"H:\\Zaloha\\Hry\\AC 2\\AssassinsCreedIIGame.exe"="H:\\Zaloha\\Hry\\AC 2\\AssassinsCreedIIGame.exe:*:Enabled:AssassinsCreedIIGame"
"H:\\Zaloha\\Hry\\NFS HP\\NFS11.exe"="H:\\Zaloha\\Hry\\NFS HP\\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application"
"D:\\Hry\\Karateka\\Binaries\\Karateka.exe"="D:\\Hry\\Karateka\\Binaries\\Karateka.exe:*:Enabled:Karateka"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"="C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\Hry\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe"="D:\\Hry\\GTA IV\\Grand Theft Auto IV\\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"="C:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe:*:Enabled:Flashget3"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
"8396:TCP"="8396:TCP:*:Enabled:League of Legends Launcher"
"8396:UDP"="8396:UDP:*:Enabled:League of Legends Launcher"
"6922:TCP"="6922:TCP:*:Enabled:League of Legends Launcher"
"6922:UDP"="6922:UDP:*:Enabled:League of Legends Launcher"
"6991:TCP"="6991:TCP:*:Enabled:League of Legends Launcher"
"6991:UDP"="6991:UDP:*:Enabled:League of Legends Launcher"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001


==================== End Of Log ==============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-12-2013
Ran by Administrator at 2013-12-02 17:07:38
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

3 Skulls of the Toltecs CZ verze (DOSBox 0.74 emulace) (Version: (DOSBox 0.74 emulace))
Acronis True Image Home (Version: 12.0.9646.9)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Angry Birds Rio (Version: 1.3.2)
Angry Birds Seasons (Version: 2.0.0)
Angry Birds Space (Version: 1.0.0)
AngryBirdsStarWars 1.00 (Version: 1.00)
Ashampoo WinOptimizer 2012 v.8.1.4 (Version: 8.1.4)
Assassin's Creed Brotherhood (Version: 1.02)
Assassin's Creed Revelations (Version: 1.01)
AstraSlim
Audacity 2.0.3 (Version: 2.0.3)
Auta 2 (Version: 1.00.0000)
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.3
Bad Piggies (Version: 1.0.0)
Bandicam (Version: 1.8.6.321)
Bandisoft MPEG-1 Decoder
CCleaner (Version: 2.28)
CDDRV_Installer (Version: 4.60)
Crash Time 5 - Undercover
Dead Space™ (Version: 1.0.222.0)
Defraggler (Version: 1.17)
DiRT 3 (Version: 1.0.0000.130)
Duke Nukem 3D (Version: 2.0.0.84)
erLT (Version: 1.20.137.31)
ESET Online Scanner v3
EVEREST Ultimate Edition v5.01 (Version: 5.01)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Fenimore Fillmore's Revenge CZ
Fighting Force
Foxit PDF Editor (Version: 2.2.1.1119)
Foxit Reader (Version: 6.0.6.722)
Fraps (remove only)
Geeks3D.com FurMark 1.9.0
Gone Home
Google Talk Plugin (Version: 4.7.0.15362)
Grand Theft Auto IV (Version: 1.00.0000)
GTA2
HD Tune 2.55
Heart Of Darkness (Version: v1.4)
HeavyLoad V3.0 (Version: 3.0)
HijackThis 2.0.2 (Version: 2.0.2)
HitmanPro 3.7 (Version: 3.7.8.208)
IrfanView (remove only) (Version: 4.32)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.0.2.1)
Karateka (DOSBox 0.74 emulation)
KhalInstallWrapper (Version: 4.60.122)
K-Lite Mega Codec Pack 5.7.0 (Version: 5.7.0)
Logitech SetPoint (Version: 4.60)
Logitech® Camera Driver
Luxor - 5th Passage (Version: 1.0)
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.106
Malwarebytes Anti-Malware verzia 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE (Version: 2.0.687.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 2.0.687.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Moorhuhn Piraten (Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 sk) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
Need for Speed(TM) Hot Pursuit (Version: 1.0.0.0)
Nero 8 (Version: 8.10.21)
neroxml (Version: 1.0.0)
NetSurveillance
NHL® 09 (Version: 2.0.1.0)
NVIDIA Control Panel 327.23 (Version: 327.23)
NVIDIA Graphics Driver 327.23 (Version: 327.23)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA nView 140.62 (Version: 140.62)
NVIDIA PhysX (Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
OpenAL
OpenOffice.org 3.1 (Version: 3.1.9420)
Opera Stable 17.0.1241.53 (Version: 17.0.1241.53)
Oracle VM VirtualBox 3.2.10 (Version: 3.2.10)
OverDisk (remove only)
Papers, Please (Version: 2.0.0.4)
Polda II
Rapture3D 2.4.9 Game
Rayman Origins (Version: 1.02)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.20.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5780)
Revo Uninstaller 1.85 (Version: 1.85)
Rockstar Games Social Club (Version: 1.1.0.6)
Samsung Kies (Version: 2.5.2.13021_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
Scorpions WinCheater
Skype™ 6.9 (Version: 6.9.106)
Sony Ericsson Update Engine (Version: 2.12.3.5)
Sony PC Companion 2.10.181 (Version: 2.10.181)
System Requirements Lab
System Requirements Lab (Version: 4.1.71.0)
System Requirements Lab CYRI (Version: 6.0.7.0)
The Testament of Sherlock Holmes (Version: 1.00.0777)
TmNationsForever
Tombraider
Total Commander (Remove or Repair) (Version: 7.50a)
Ubisoft Game Launcher (Version: 1.0.0.0)
Uplay (Version: 2.0)
Utility (Version: 1.00.0002)
VC 9.0 Runtime (Version: 1.0.0)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
Virtua Tennis 4™ (Version: 1.0.0000.130)
VLC media player 1.0.5 (Version: 1.0.5)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.66 )
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver (Version: 4.01.0)
Wolfenstein Demo (Version: 1.0)

==================== Restore Points =========================

10-02-2013 19:20:45 System Checkpoint

==================== Hosts content: ==========================

2008-04-14 11:00 - 2013-10-09 17:03 - 00000736 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1364589140-725345543-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce91dfe8b0f4ee.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1364589140-725345543-500Core1cebbb6f0b56fac.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-16 11:34 - 2013-11-16 11:34 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-11-13 19:50 - 2013-11-13 19:50 - 16237448 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll
2008-05-07 04:04 - 2011-11-03 16:27 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2013 11:36:47 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (11/12/2013 11:36:47 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (11/12/2013 11:36:47 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (11/12/2013 11:36:47 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (10/28/2013 07:24:38 PM) (Source: EventSystem) (User: )
Description: The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.

Error: (10/18/2013 08:38:56 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe . Error code = 0x8013101b

Error: (10/18/2013 08:14:33 PM) (Source: MsiInstaller) (User: MAJO)
Description: Product: Microsoft .NET Framework 4 Extended -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)

Error: (10/18/2013 08:14:27 PM) (Source: MsiInstaller) (User: MAJO)
Description: Product: Microsoft .NET Framework 4 Extended -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)

Error: (10/18/2013 08:14:24 PM) (Source: MsiInstaller) (User: MAJO)
Description: Product: Microsoft .NET Framework 4 Extended -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)

Error: (09/09/2013 02:21:47 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll . Error code = 0x80131047


System errors:
=============
Error: (12/02/2013 00:37:40 PM) (Source: LDMS) (User: )
Description: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&8f99a14&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.

Error: (12/02/2013 00:00:34 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/02/2013 00:00:24 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/02/2013 11:59:14 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (12/02/2013 11:43:15 AM) (Source: LDMS) (User: )
Description: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&8f99a14&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.

Error: (12/01/2013 06:26:40 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 178.18.68.100 on the
Network Card with network address 00241D88A58D.

Error: (11/30/2013 07:36:24 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 178.18.68.100 on the
Network Card with network address 00241D88A58D.

Error: (11/27/2013 00:47:03 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (11/27/2013 00:46:56 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1

Error: (11/27/2013 00:46:24 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort1


Microsoft Office Sessions:
=========================
Error: (11/12/2013 11:36:47 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (11/12/2013 11:36:47 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (11/12/2013 11:36:47 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (11/12/2013 11:36:47 AM) (Source: Userenv)(User: NT AUTHORITY)
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (10/28/2013 07:24:38 PM) (Source: EventSystem)(User: )
Description: d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp162GetLastError() == 122L

Error: (10/18/2013 08:38:56 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe . Error code = 0x8013101b
C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

Error: (10/18/2013 08:14:33 PM) (Source: MsiInstaller)(User: MAJO)
Description: Product: Microsoft .NET Framework 4 Extended -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)

Error: (10/18/2013 08:14:27 PM) (Source: MsiInstaller)(User: MAJO)
Description: Product: Microsoft .NET Framework 4 Extended -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)

Error: (10/18/2013 08:14:24 PM) (Source: MsiInstaller)(User: MAJO)
Description: Product: Microsoft .NET Framework 4 Extended -- Error 1711. An error occurred while writing installation information to disk. Check to make sure enough disk space is available, and click Retry, or Cancel to end the install.(NULL)(NULL)(NULL)(NULL)

Error: (09/09/2013 02:21:47 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll . Error code = 0x80131047
C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 3070.42 MB
Available physical RAM: 2135.46 MB
Total Pagefile: 5978.8 MB
Available Pagefile: 5238.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.05 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:9.67 GB) (Free:1.28 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:223.11 GB) (Free:18.58 GB) NTFS
Drive h: (MAJO) (Removable) (Total:14.87 GB) (Free:14.87 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 02480248)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=05)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 67DC9428)
Partition 1: (Active) - (Size=15 GB) - (Type=0B)

==================== End Of Log ============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zablokovanie prehliadača malware

#6 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
HKCU\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
MountPoints2: {0210ccc4-2ee1-11e1-9b9c-08002700d0a4} - H:\Startme.exe
MountPoints2: {041ee640-4252-11e0-9c48-08002700d0a4} - G:\BattleLosAngeles_Setup.exe
MountPoints2: {0c6fdf9a-45d4-11e0-9936-08002700d0a4} - H:\MoWAS_Setup.exe
MountPoints2: {8fb9e032-22c8-11df-9d15-00241d88a58d} - H:\Autorun.exe
HKU\Default User\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://178.18.68.125/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-12-02] (SurfRight B.V.)
U3 afmg179m; No ImagePath
S3 DUMeterDrv; \??\C:\Program Files\DU Meter\DUM_XP32.SYS [x]
S4 IntelIde; No ImagePath
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [x]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vsdatant; System32\vsdatant.sys [x]
2013-12-02 11:58 - 2013-12-02 11:58 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-02 11:58 - 2013-12-02 11:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2013-12-02 11:38 - 2013-12-02 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1364589140-725345543-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce91dfe8b0f4ee.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1364589140-725345543-500Core1cebbb6f0b56fac.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nektra OEAPI" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe" /f
REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "DisableSR" /t REG_DWORD /d "0" /f

Hosts:
CMD: shutdown /r /f /t 2

End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Zablokovanie prehliadača malware

#7 Příspěvek od maba345 »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-12-2013
Ran by Administrator at 2013-12-02 23:13:09 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKCU\...\Policies\Explorer: [NoResolveSearch] 1
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKCU\...\Policies\Explorer: [NoInstrumentation] 1
HKCU\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
MountPoints2: {0210ccc4-2ee1-11e1-9b9c-08002700d0a4} - H:\Startme.exe
MountPoints2: {041ee640-4252-11e0-9c48-08002700d0a4} - G:\BattleLosAngeles_Setup.exe
MountPoints2: {0c6fdf9a-45d4-11e0-9936-08002700d0a4} - H:\MoWAS_Setup.exe
MountPoints2: {8fb9e032-22c8-11df-9d15-00241d88a58d} - H:\Autorun.exe
HKU\Default User\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://178.18.68.125/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-12-02] (SurfRight B.V.)
U3 afmg179m; No ImagePath
S3 DUMeterDrv; \??\C:\Program Files\DU Meter\DUM_XP32.SYS [x]
S4 IntelIde; No ImagePath
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [x]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vsdatant; System32\vsdatant.sys [x]
2013-12-02 11:58 - 2013-12-02 11:58 - 00000000 ____D C:\Program Files\HitmanPro
2013-12-02 11:58 - 2013-12-02 11:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2013-12-02 11:38 - 2013-12-02 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1364589140-725345543-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce91dfe8b0f4ee.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1364589140-725345543-500Core1cebbb6f0b56fac.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8FF81EB0

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nektra OEAPI" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe" /f
REG: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "DisableSR" /t REG_DWORD /d "0" /f

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktopCleanupWizard => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuMFUprogramsList => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0210ccc4-2ee1-11e1-9b9c-08002700d0a4} => Key deleted successfully.
HKCR\CLSID\{0210ccc4-2ee1-11e1-9b9c-08002700d0a4} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{041ee640-4252-11e0-9c48-08002700d0a4} => Key deleted successfully.
HKCR\CLSID\{041ee640-4252-11e0-9c48-08002700d0a4} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c6fdf9a-45d4-11e0-9936-08002700d0a4} => Key deleted successfully.
HKCR\CLSID\{0c6fdf9a-45d4-11e0-9936-08002700d0a4} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fb9e032-22c8-11df-9d15-00241d88a58d} => Key deleted successfully.
HKCR\CLSID\{8fb9e032-22c8-11df-9d15-00241d88a58d} => Key not found.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_3 => Value deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => Value deleted successfully.
HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} => Key deleted successfully.
HitmanProScheduler => Service not found.
afmg179m => Service deleted successfully.
DUMeterDrv => Service deleted successfully.
IntelIde => Service deleted successfully.
SASDIFSV => Service deleted successfully.
SASENUM => Service deleted successfully.
SASKUTIL => Service deleted successfully.
vsdatant => Service deleted successfully.
"C:\Program Files\HitmanPro" => File/Directory not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro" => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\HitmanPro => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1123561945-1364589140-725345543-500Core.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1ce91dfe8b0f4ee.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1364589140-725345543-500Core1cebbb6f0b56fac.job => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":8FF81EB0" ADS removed successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nektra OEAPI" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe" /f =========


The operation completed successfully


========= End of Reg: =========


========= reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v "DisableSR" /t REG_DWORD /d "0" /f =========


The operation completed successfully


========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zablokovanie prehliadača malware

#8 Příspěvek od vyosek »

Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Zablokovanie prehliadača malware

#9 Příspěvek od maba345 »

Prečistené Ccleaner a Ashampoo WinOptimzer 2012 používam často,sú aj nejaké lepšie programy na optimalizáciu systému? :)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zablokovanie prehliadača malware

#10 Příspěvek od vyosek »

:arrow: Ja doporucuji jen CCleaner, na defragmentaci pak Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
maba345
Návštěvník
Návštěvník
Příspěvky: 99
Registrován: 29 srp 2009 15:05

Re: Zablokovanie prehliadača malware

#11 Příspěvek od maba345 »

OK tak diky za pomoc Pekný deň prajem :)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Zablokovanie prehliadača malware

#12 Příspěvek od vyosek »

Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat :lock:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“