Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vir české spořitelny

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
vavral
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 05 dub 2014 11:09

Re: Vir české spořitelny

#16 Příspěvek od vavral »

Teď chce po mně MBAM ještě restart pc, mám ho zatím odložit?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vir české spořitelny

#17 Příspěvek od vyosek »

Restart udelejte at vse smaze
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
vavral
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 05 dub 2014 11:09

Re: Vir české spořitelny

#18 Příspěvek od vavral »

A co pak?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vir české spořitelny

#19 Příspěvek od vyosek »

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
vavral
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 05 dub 2014 11:09

Re: Vir české spořitelny

#20 Příspěvek od vavral »

Posílám log z Rkill (po restartu pc):

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/05/2014 09:12:01 PM in x86 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\Windows\$NtUninstallKB45969$ => <Unknown Target> [Dir]

* No issues found.

Checking Windows Service Integrity:

* Ovladač ověření brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual

* BFE [Missing Service]
* iphlpsvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]

* MpsSvc [Missing ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 04/05/2014 09:13:10 PM
Execution time: 0 hours(s), 1 minute(s), and 8 seconds(s)
Nahoru
vavral
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 05 dub 2014 11:09

Re: Vir české spořitelny

#21 Příspěvek od vavral »

Mám tedy spustit ComboFix?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vir české spořitelny

#22 Příspěvek od vyosek »

Ano, spustte ComboFix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
vavral
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 05 dub 2014 11:09

Re: Vir české spořitelny

#23 Příspěvek od vavral »

Posílám log report z ComboFix, je už teď můj pc čistý?
Nahoru
vavral
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 05 dub 2014 11:09

Re: Vir české spořitelny

#24 Příspěvek od vavral »

ComboFix 14-04-05.01 - Lukáš V 05.04.2014 21:55:53.1.3 - x86
Spuštěný z: c:\users\LukßÜ V\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB45969$
c:\windows\$NtUninstallKB45969$\1572269607\@
c:\windows\$NtUninstallKB45969$\1572269607\cfg.ini
c:\windows\$NtUninstallKB45969$\1572269607\Desktop.ini
c:\windows\$NtUninstallKB45969$\1572269607\L\xadqgnnk
c:\windows\$NtUninstallKB45969$\1572269607\twl.dll
c:\windows\$NtUninstallKB45969$\1572269607\U\00000001.@
c:\windows\$NtUninstallKB45969$\1572269607\U\00000002.@
c:\windows\$NtUninstallKB45969$\1572269607\U\00000004.@
c:\windows\$NtUninstallKB45969$\1572269607\U\80000000.@
c:\windows\$NtUninstallKB45969$\1572269607\U\80000004.@
c:\windows\$NtUninstallKB45969$\1572269607\U\80000032.@
c:\windows\$NtUninstallKB45969$\1572269607\version
c:\windows\$NtUninstallKB45969$\2984056609
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-05 do 2014-04-05 )))))))))))))))))))))))))))))))
.
.
2014-04-05 10:23 . 2014-04-05 10:24 -------- d-----w- c:\program files\trend micro
2014-04-05 10:23 . 2014-04-05 10:24 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-17 10:54 . 2014-01-09 09:30 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-17 10:54 . 2012-04-09 02:42 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-17 10:54 . 2012-04-09 02:42 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-17 10:54 . 2012-04-09 02:42 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-17 10:54 . 2012-04-09 02:42 43152 ----a-w- c:\windows\avastSS.scr
2014-02-17 10:54 . 2012-04-09 02:42 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-09 09:30 . 2013-03-20 18:11 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-26 14:33 . 2013-11-26 14:33 325960 ----a-w- c:\program files\lua5.1.dll
2013-11-26 14:33 . 2013-11-26 14:33 1345024 ----a-w- c:\program files\uninstall.exe
2013-10-18 21:54 . 2013-10-18 21:57 644608 ----a-r- c:\program files\msvcr90.dll
2013-10-18 09:56 . 2013-10-18 21:57 542240 ----a-w- c:\program files\FabCore.exe
2013-10-18 09:56 . 2013-10-18 21:57 12617248 ----a-w- c:\program files\DVDFab.exe
2013-10-12 11:16 . 2013-10-18 21:57 4253216 ----a-w- c:\program files\FabUpdate.exe
2013-10-12 11:16 . 2013-10-18 21:57 183840 ----a-w- c:\program files\FabCopy.exe
2013-10-12 11:16 . 2013-10-18 21:57 361504 ----a-w- c:\program files\FabCheck.exe
2013-10-12 11:11 . 2013-10-18 21:57 149024 ----a-w- c:\program files\FabRegOp.exe
2013-10-12 11:11 . 2013-10-18 21:57 2095136 ----a-w- c:\program files\FabReport.exe
2013-10-12 11:11 . 2013-10-18 21:57 1206816 ----a-w- c:\program files\FileMover.exe
2013-09-13 14:57 . 2013-10-18 21:57 4729344 ----a-w- c:\program files\Qt5Widgets.dll
2013-09-06 14:51 . 2013-10-18 21:57 62464 ----a-w- c:\program files\libEGL.dll
2013-09-06 14:51 . 2013-10-18 21:57 778240 ----a-w- c:\program files\Qt5Network.dll
2013-09-06 14:51 . 2013-10-18 21:57 3127808 ----a-w- c:\program files\Qt5V8.dll
2013-09-06 14:51 . 2013-10-18 21:57 280064 ----a-w- c:\program files\Qt5OpenGL.dll
2013-09-06 14:51 . 2013-10-18 21:57 1901568 ----a-w- c:\program files\Qt5Qml.dll
2013-09-06 14:51 . 2013-10-18 21:57 973312 ----a-w- c:\program files\libGLESv2.dll
2013-09-06 14:51 . 2013-10-18 21:57 4855296 ----a-w- c:\program files\Qt5Core.dll
2013-09-06 14:51 . 2013-10-18 21:57 3271680 ----a-w- c:\program files\Qt5Gui.dll
2013-09-06 14:51 . 2013-10-18 21:57 2106216 ----a-w- c:\program files\D3DCompiler_43.dll
2013-09-06 14:51 . 2013-10-18 21:57 2331648 ----a-w- c:\program files\Qt5Quick.dll
2013-07-04 10:47 . 2013-10-18 21:57 5283328 ----a-w- c:\program files\libplayercore.dll
2013-03-14 11:20 . 2013-10-18 21:57 3875808 ----a-w- c:\program files\vso_hwe.dll
2013-03-04 08:57 . 2013-10-18 21:57 86528 ----a-w- c:\program files\mgwz.dll
2013-03-04 08:57 . 2013-10-18 21:57 78336 ----a-w- c:\program files\CrashRpt.dll
2013-03-04 08:57 . 2013-10-18 21:57 73382 ----a-w- c:\program files\pthreadGC2.dll
2013-03-04 08:57 . 2013-10-18 21:57 65536 ----a-w- c:\program files\zlibwapi.dll
2013-03-04 08:57 . 2013-10-18 21:57 640000 ----a-w- c:\program files\dbghelp.dll
2013-03-04 08:57 . 2013-10-18 21:57 550704 ----a-w- c:\program files\msvcp90.dll
2013-03-04 08:57 . 2013-10-18 21:57 2632898 ----a-w- c:\program files\codecs.dll
2012-11-10 16:21 . 2013-10-18 21:57 2314240 ----a-w- c:\program files\libass.dll
2012-11-10 16:20 . 2013-10-18 21:57 134656 ----a-w- c:\program files\libmad.dll
2012-10-12 10:29 . 2013-10-18 21:57 117774 ----a-w- c:\program files\libmpeg2-0.dll
2012-10-12 10:24 . 2013-10-18 21:57 8002696 ----a-w- c:\program files\avcodec-53.dll
2012-10-12 10:24 . 2013-10-18 21:57 74588 ----a-w- c:\program files\swresample-0.dll
2012-10-12 10:24 . 2013-10-18 21:57 725752 ----a-w- c:\program files\avfilter-2.dll
2012-10-12 10:24 . 2013-10-18 21:57 403719 ----a-w- c:\program files\swscale-2.dll
2012-10-12 10:24 . 2013-10-18 21:57 288639 ----a-w- c:\program files\avutil-51.dll
2012-10-12 10:24 . 2013-10-18 21:57 197988 ----a-w- c:\program files\postproc-52.dll
2012-10-12 10:24 . 2013-10-18 21:57 1498848 ----a-w- c:\program files\avformat-53.dll
2011-09-25 13:47 . 2013-10-18 21:57 458752 ----a-w- c:\program files\freetype6.dll
2010-02-05 21:55 . 2013-10-18 21:57 279059 ----a-w- c:\program files\libfontconfig-1.dll
2009-01-31 22:42 . 2013-10-18 21:57 143096 ----a-w- c:\program files\libexpat-1.dll
2012-10-24 17:50 . 2012-11-11 16:59 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-17 10:54 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-02 3774312]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2013-11-26 283712]
"mine"="c:\users\Public\Documents\pooler-cpuminer-2.3.2-win64\nieco.vbs" [2014-01-18 150]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-15 247968]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Engine\Definitions
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoGear SA3MXX Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GoGear SA3MXX Device Manager.lnk
backup=c:\windows\pss\GoGear SA3MXX Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2011-12-12 16:00 6318696 ------w- c:\program files\Realtek\Audio\HDA\RtkNGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-09-30 21:28 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-02-17 64168]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2010-03-09 80680]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-17 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-17 410784]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-17 67824]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
S3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ScFBPNT2
oracleorahome811cmadmin
dimension4
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-21 18:21]
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-21 18:21]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Lukáš V\AppData\Roaming\Mozilla\Firefox\Profiles\sleh4do6.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109980&babsrc=KW_ss&mntrId=78622b7b0000000000005404a6b2ece6&q=
FF - user.js: extensions.BabylonToolbar_i.id - 78622b7b0000000000005404a6b2ece6
FF - user.js: extensions.BabylonToolbar_i.hardId - 78622b7b0000000000005404a6b2ece6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15446
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:36
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyDyEtDyE0AyC0BtB0E0C0EyCtB0ByB0BtN0D0TzutBtDtCtBtDyCtCtC&cr=152119310
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyDyEtDyE0AyC0BtB0E0C0EyCtB0ByB0BtN0D0TzutBtDtCtBtDyCtCtC&cr=152119310
FF - user.js: extensions.funmoods.tlbrSrchUrl -
FF - user.js: extensions.funmoods.id - 11111111
FF - user.js: extensions.funmoods.instlDay - 15502
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2221:35
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - iron2
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - iron2
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-EPSON Scanner - c:\program files\epson\escndv\setup\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,0f,0c,32,0a,14,b9,4b,a1,44,00,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,0f,0c,32,0a,14,b9,4b,a1,44,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Adobe\Reader 10.0\Reader\AcroRd32.exe
c:\program files\Adobe\Reader 10.0\Reader\AcroRd32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Celkový čas: 2014-04-05 22:11:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-05 20:11
.
Před spuštěním: Volných bajtů: 252 102 684 672
Po spuštění: Volných bajtů: 251 717 918 720
.
- - End Of File - - 3435350C6486985125BCDD2379627822
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vir české spořitelny

#25 Příspěvek od vyosek »

Jeste to neni zdaleka ciste, mate tam toho opravdu spousty :boxed:

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
vavral
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 05 dub 2014 11:09

Re: Vir české spořitelny

#26 Příspěvek od vavral »

Posílám log:

# AdwCleaner v3.023 - Report created 05/04/2014 at 22:39:31
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Lukáš V - LUKÁŠV
# Running from : C:\Users\Lukáš V\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\fbphotozoom
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Lukáš V\AppData\Local\Babylon
Folder Deleted : C:\Users\Lukáš V\AppData\Local\PackageAware
Folder Deleted : C:\Users\Lukáš V\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lukáš V\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Lukáš V\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Lukáš V\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Lukáš V\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Lukáš V\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Lukáš V\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Lukáš V\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Lukáš V\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\Lukáš V\Documents\Tutorials
Folder Deleted : C:\Users\Lukáš V\AppData\Roaming\Mozilla\Firefox\Profiles\sleh4do6.default\ConduitCommon
Folder Deleted : C:\Users\Lukáš V\AppData\Roaming\Mozilla\Firefox\Profiles\sleh4do6.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File Deleted : C:\Program Files\Uninstall.exe
File Deleted : C:\Users\Lukáš V\AppData\Roaming\Mozilla\Firefox\Profiles\sleh4do6.default\searchplugins\search.xml
File Deleted : C:\Users\Lukáš V\AppData\Roaming\Mozilla\Firefox\Profiles\sleh4do6.default\user.js
File Deleted : C:\Windows\System32\Tasks\Your File Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F212DD6-3F5B-4A51-BB4B-81CF9F27FB0A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F212DD6-3F5B-4A51-BB4B-81CF9F27FB0A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\YourFileDownloader

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Mozilla Firefox v16.0.2 (cs)

[ File : C:\Users\Lukáš V\AppData\Roaming\Mozilla\Firefox\Profiles\sleh4do6.default\prefs.js ]

Line Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Wed Feb 01 2012 20:31:43 GMT+0100");
Line Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "1-2-2012");
Line Deleted : user_pref("CT2786678.DSInstall", false);
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Wed Feb 01 2012 20:31:33 GMT+0100");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Mon Jan 16 2012 20:20:35 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 222);
Line Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Mon Jan 16 2012 19:28:51 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Mon Jan 16 2012 19:28:50 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Mon Jan 16 2012 19:28:50 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Mon Jan 16 2012 19:28:50 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Mon Jan 16 2012 19:28:51 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Mon Jan 16 2012 19:28:50 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Mon Jan 16 2012 19:28:50 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Mon Jan 16 2012 19:28:51 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Mon Jan 16 2012 19:28:51 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Mon Jan 16 2012 19:28:50 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Mon Jan 16 2012 19:28:50 GMT+0100");
Line Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "16-1-2012");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HPInstall", false);
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://www.seznam.cz/");
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstallationId", "ConduitXPEIntegration");
Line Deleted : user_pref("CT2786678.InstallationType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Mon Jan 16 2012 00:36:26 GMT+0100");
Line Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Wed Feb 01 2012 20:31:33 GMT+0100");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Wed Feb 01 2012 20:31:33 GMT+0100");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.9.0.3");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.8.1.0");
Line Deleted : user_pref("CT2786678.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
Line Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Wed Feb 01 2012 20:31:33 GMT+0100");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Feb 01 2012 20:31:33 GMT+0100");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Wed Feb 01 2012 20:31:33 GMT+0100");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1326994324");
Line Deleted : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Mon Jan 16 2012 00:36:25 GMT+0100");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2786678.Uninstall", true);
Line Deleted : user_pref("CT2786678.UserID", "UN17293997850694298");
Line Deleted : user_pref("CT2786678.ValidationData_Search", 1);
Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Mon Jan 16 2012 19:58:51 GMT+0100");
Line Deleted : user_pref("CT2786678.WeatherUnit", "C");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "4D6F6E204A616E20313620323031322030303A33363A323820474D542B30313030");
Line Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Line Deleted : user_pref("CT2786678.components.1000034", false);
Line Deleted : user_pref("CT2786678.components.1000234", false);
Line Deleted : user_pref("CT2786678.components.129295698017012804", false);
Line Deleted : user_pref("CT2786678.components.129309485163350924", false);
Line Deleted : user_pref("CT2786678.components.129309489763975460", false);
Line Deleted : user_pref("CT2786678.components.129315411424256896", false);
Line Deleted : user_pref("CT2786678.components.129526967958500204", false);
Line Deleted : user_pref("CT2786678.components.129579220236217502", false);
Line Deleted : user_pref("CT2786678.components.5690698542593514850", false);
Line Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Wed Feb 01 2012 20:31:34 GMT+0100");
Line Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.initDone", true);
Line Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804,1000034,129526967958500204,129309489763975460,5690698542593514850,129309485163350924,12931541142425[...]
Line Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Wed Feb 01 2012 20:31:33 GMT+0100");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Feb 01 2012 20:31:33 GMT+0100");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"b00a1ff66f98c26c86a5eba79b4ca9ec1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1313448428\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"13a760730d9291f1df061003ecf304ce\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde759bd30c070995eab32eddc00c079\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Lukáa V\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\sleh4do6.default\\conduitCommon\\modules\\3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jan 16 2012 00:36:27 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "1e690d0c-63c3-4960-95de-51c6af2e197b");
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.seznam.cz/");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("backup.old.browser.search.defaultenginename", "Search the web (Babylon)");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=109980");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 17);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "78622b7b0000000000005404a6b2ece6");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15446");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=109980&babsrc=KW_ss&mntrId=78622b7b0000000000005404a6b2ece6&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 17);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1723:36:32");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 73175407);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1723:36:32");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109980");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "78622b7b0000000000005404a6b2ece6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "78622b7b0000000000005404a6b2ece6");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15446");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1723:36:32");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.enabledItems", "wrc@avast.com:7.0.1466,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10,gencrawler@some.com:2.6,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26");
Line Deleted : user_pref("extensions.funmoods.aflt", "iron2");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Line Deleted : user_pref("extensions.funmoods.cntry", "CZ");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Line Deleted : user_pref("extensions.funmoods.dfltsrch", "false");
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "");
Line Deleted : user_pref("extensions.funmoods.hmpg", true);
Line Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyDyEtDyE0AyC0BtB0E0C0EyCtB0ByB0BtN0D0TzutBtDtCtBtDyCtCtC&cr=152119310");
Line Deleted : user_pref("extensions.funmoods.hrdid", "11111111");
Line Deleted : user_pref("extensions.funmoods.id", "11111111");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15502");
Line Deleted : user_pref("extensions.funmoods.instlRef", "iron2");
Line Deleted : user_pref("extensions.funmoods.instlday", "15502");
Line Deleted : user_pref("extensions.funmoods.instlref", "iron2");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.keywordurl", "");
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2221:35:17");
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTab", true);
Line Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyDyEtDyE0AyC0BtB0E0C0EyCtB0ByB0BtN0D0TzutBtDtCtBtDyCtCtC&cr=152119310");
Line Deleted : user_pref("extensions.funmoods.newtab", true);
Line Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyDyEtDyE0AyC0BtB0E0C0EyCtB0ByB0BtN0D0TzutBtDtCtBtDyCtCtC&cr=152119310");
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Line Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Line Deleted : user_pref("extensions.funmoods.sg", "none");
Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Line Deleted : user_pref("extensions.funmoods.srch", "");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Line Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "");
Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2221:35:17");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2221:35:17");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:35:17");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #psa-teoma-result .ptbs .WRCN, #teoma-results .ptbs .WRCN {display:inline !important; background: url(\"IMAGE\") right no-[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\\\:\\\\/\\\\/(.+\\\\.)?ask\\\\.com\\\\/.*");
Line Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109980&babsrc=KW_ss&mntrId=78622b7b0000000000005404a6b2ece6&q=");

*************************

AdwCleaner[R0].txt - [28449 octets] - [05/04/2014 22:38:53]
AdwCleaner[S0].txt - [29132 octets] - [05/04/2014 22:39:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29193 octets] ##########
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vir české spořitelny

#27 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix primo na disk c:\
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mine"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt tez primo na c:\
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
vavral
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 05 dub 2014 11:09

Re: Vir české spořitelny

#28 Příspěvek od vavral »

Posílám log:

ComboFix 14-04-05.01 - Lukáš V 06.04.2014 22:34:50.2.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3326.2333 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: c:\users\LukßÜ V\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-06 do 2014-04-06 )))))))))))))))))))))))))))))))
.
.
2014-04-06 20:44 . 2014-04-06 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-06 20:37 . 2014-04-06 20:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{747A82BC-3672-4192-B69E-DD1C507518FF}\offreg.dll
2014-04-05 20:38 . 2014-04-05 20:39 -------- d-----w- C:\AdwCleaner
2014-04-05 20:06 . 2014-04-06 20:44 -------- d-----w- c:\users\Lukáš V\AppData\Local\temp
2014-04-05 10:23 . 2014-04-05 10:24 -------- d-----w- c:\program files\trend micro
2014-04-05 10:23 . 2014-04-05 10:24 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-17 10:54 . 2014-01-09 09:30 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-17 10:54 . 2012-04-09 02:42 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-17 10:54 . 2012-04-09 02:42 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-17 10:54 . 2012-04-09 02:42 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-17 10:54 . 2012-04-09 02:42 43152 ----a-w- c:\windows\avastSS.scr
2014-02-17 10:54 . 2012-04-09 02:42 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-09 09:30 . 2013-03-20 18:11 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-26 14:33 . 2013-11-26 14:33 325960 ----a-w- c:\program files\lua5.1.dll
2013-10-18 21:54 . 2013-10-18 21:57 644608 ----a-r- c:\program files\msvcr90.dll
2013-10-18 09:56 . 2013-10-18 21:57 542240 ----a-w- c:\program files\FabCore.exe
2013-10-18 09:56 . 2013-10-18 21:57 12617248 ----a-w- c:\program files\DVDFab.exe
2013-10-12 11:16 . 2013-10-18 21:57 4253216 ----a-w- c:\program files\FabUpdate.exe
2013-10-12 11:16 . 2013-10-18 21:57 183840 ----a-w- c:\program files\FabCopy.exe
2013-10-12 11:16 . 2013-10-18 21:57 361504 ----a-w- c:\program files\FabCheck.exe
2013-10-12 11:11 . 2013-10-18 21:57 149024 ----a-w- c:\program files\FabRegOp.exe
2013-10-12 11:11 . 2013-10-18 21:57 2095136 ----a-w- c:\program files\FabReport.exe
2013-10-12 11:11 . 2013-10-18 21:57 1206816 ----a-w- c:\program files\FileMover.exe
2013-09-13 14:57 . 2013-10-18 21:57 4729344 ----a-w- c:\program files\Qt5Widgets.dll
2013-09-06 14:51 . 2013-10-18 21:57 62464 ----a-w- c:\program files\libEGL.dll
2013-09-06 14:51 . 2013-10-18 21:57 778240 ----a-w- c:\program files\Qt5Network.dll
2013-09-06 14:51 . 2013-10-18 21:57 3127808 ----a-w- c:\program files\Qt5V8.dll
2013-09-06 14:51 . 2013-10-18 21:57 280064 ----a-w- c:\program files\Qt5OpenGL.dll
2013-09-06 14:51 . 2013-10-18 21:57 1901568 ----a-w- c:\program files\Qt5Qml.dll
2013-09-06 14:51 . 2013-10-18 21:57 973312 ----a-w- c:\program files\libGLESv2.dll
2013-09-06 14:51 . 2013-10-18 21:57 4855296 ----a-w- c:\program files\Qt5Core.dll
2013-09-06 14:51 . 2013-10-18 21:57 3271680 ----a-w- c:\program files\Qt5Gui.dll
2013-09-06 14:51 . 2013-10-18 21:57 2106216 ----a-w- c:\program files\D3DCompiler_43.dll
2013-09-06 14:51 . 2013-10-18 21:57 2331648 ----a-w- c:\program files\Qt5Quick.dll
2013-07-04 10:47 . 2013-10-18 21:57 5283328 ----a-w- c:\program files\libplayercore.dll
2013-03-14 11:20 . 2013-10-18 21:57 3875808 ----a-w- c:\program files\vso_hwe.dll
2013-03-04 08:57 . 2013-10-18 21:57 86528 ----a-w- c:\program files\mgwz.dll
2013-03-04 08:57 . 2013-10-18 21:57 78336 ----a-w- c:\program files\CrashRpt.dll
2013-03-04 08:57 . 2013-10-18 21:57 73382 ----a-w- c:\program files\pthreadGC2.dll
2013-03-04 08:57 . 2013-10-18 21:57 65536 ----a-w- c:\program files\zlibwapi.dll
2013-03-04 08:57 . 2013-10-18 21:57 640000 ----a-w- c:\program files\dbghelp.dll
2013-03-04 08:57 . 2013-10-18 21:57 550704 ----a-w- c:\program files\msvcp90.dll
2013-03-04 08:57 . 2013-10-18 21:57 2632898 ----a-w- c:\program files\codecs.dll
2012-11-10 16:21 . 2013-10-18 21:57 2314240 ----a-w- c:\program files\libass.dll
2012-11-10 16:20 . 2013-10-18 21:57 134656 ----a-w- c:\program files\libmad.dll
2012-10-12 10:29 . 2013-10-18 21:57 117774 ----a-w- c:\program files\libmpeg2-0.dll
2012-10-12 10:24 . 2013-10-18 21:57 8002696 ----a-w- c:\program files\avcodec-53.dll
2012-10-12 10:24 . 2013-10-18 21:57 74588 ----a-w- c:\program files\swresample-0.dll
2012-10-12 10:24 . 2013-10-18 21:57 725752 ----a-w- c:\program files\avfilter-2.dll
2012-10-12 10:24 . 2013-10-18 21:57 403719 ----a-w- c:\program files\swscale-2.dll
2012-10-12 10:24 . 2013-10-18 21:57 288639 ----a-w- c:\program files\avutil-51.dll
2012-10-12 10:24 . 2013-10-18 21:57 197988 ----a-w- c:\program files\postproc-52.dll
2012-10-12 10:24 . 2013-10-18 21:57 1498848 ----a-w- c:\program files\avformat-53.dll
2011-09-25 13:47 . 2013-10-18 21:57 458752 ----a-w- c:\program files\freetype6.dll
2010-02-05 21:55 . 2013-10-18 21:57 279059 ----a-w- c:\program files\libfontconfig-1.dll
2009-01-31 22:42 . 2013-10-18 21:57 143096 ----a-w- c:\program files\libexpat-1.dll
2012-10-24 17:50 . 2012-11-11 16:59 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-17 10:54 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-02 3774312]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2013-11-26 283712]
"mine"="c:\users\Public\Documents\pooler-cpuminer-2.3.2-win64\nieco.vbs" [2014-01-18 150]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-15 247968]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume2\Program Files\Ad-Aware Antivirus\Engine\Definitions
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GoGear SA3MXX Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GoGear SA3MXX Device Manager.lnk
backup=c:\windows\pss\GoGear SA3MXX Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2011-12-12 16:00 6318696 ------w- c:\program files\Realtek\Audio\HDA\RtkNGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-09-30 21:28 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-02-17 64168]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2010-03-09 80680]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-02-17 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-02-17 410784]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-02-17 67824]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
S3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ScFBPNT2
oracleorahome811cmadmin
dimension4
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-21 18:21]
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-21 18:21]
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Lukáš V\AppData\Roaming\Mozilla\Firefox\Profiles\sleh4do6.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,0f,0c,32,0a,14,b9,4b,a1,44,00,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5f,0f,0c,32,0a,14,b9,4b,a1,44,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-04-06 22:46:29
ComboFix-quarantined-files.txt 2014-04-06 20:46
ComboFix2.txt 2014-04-05 20:11
.
Před spuštěním: Volných bajtů: 251 299 241 984
Po spuštění: Volných bajtů: 250 918 400 000
.
- - End Of File - - 1BBC9197C6BCAD242E6FB120EAA7FBB6
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
vavral
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 05 dub 2014 11:09

Re: Vir české spořitelny

#29 Příspěvek od vavral »

Ještě jedna věc, po naběhnutí windowsů mi vždy vyskočí hláška: "Smart File Advisor is not currently associated to Unknown files. Do you want to run Smart File Advisor installer to fix the problem?"
Mám dát Ano či Ne? Děkuju
Nahoru
vavral
Návštěvník
Návštěvník
Příspěvky: 19
Registrován: 05 dub 2014 11:09

Re: Vir české spořitelny

#30 Příspěvek od vavral »

Dobrý večer, mohu poprosit o zhodnocení loga z CF (viz výše)? Děkuji
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“