Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Windows Script Host

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Attistar
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 19 črc 2014 18:09

Windows Script Host

#1 Příspěvek od Attistar »

Dobrý den, při spuštění počítače se mi zobrazí hned dvě tyto tabulky: Skriptovací stroj VBScript.Encode pro skript C:\Windows\inf\mncptdjtb.vbe nebyl nalezen. A druhá: Skriptovací stroj VBScript.Encode pro skript C:\Windows\System32\msstp.vbe nebyl nalezen. Předem děkuji za pomoc.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Windows Script Host

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=30&t=133101
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Attistar
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 19 črc 2014 18:09

Re: Windows Script Host

#3 Příspěvek od Attistar »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-07-2014 01
Ran by uzivatel (administrator) on UZIVATEL-PC on 23-07-2014 23:27:00
Running from C:\Users\uzivatel\Downloads
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent Inc.) C:\Users\uzivatel\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
() C:\Program Files\GameforgeLive\gfl_client.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(NCSOFT Corporation) D:\CZE_ces\AION\NCLauncher.exe


==================== Registry (Whitelisted) ==================

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000\...\Run: [BitTorrent] => C:\Users\uzivatel\AppData\Roaming\BitTorrent\BitTorrent.exe [1267032 2014-07-03] (BitTorrent Inc.)
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000\...\RunOnce: [Shockwave Updater] => C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe [460216 2009-03-19] (Adobe Systems, Inc.)
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000\...\MountPoints2: {09ff0de5-1b0f-11e3-a78c-00241d667b41} - F:\Autorun.exe
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000\...\MountPoints2: {119d049d-f361-11e2-9d73-00241d667b41} - F:\Autorun.exe
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000\...\MountPoints2: {2ade2360-2399-11e3-900c-9bd53c174f4e} - F:\Autorun.exe
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000\...\MountPoints2: {d80e42cc-def9-11e2-b93c-00241d667b41} - F:\Autorun.exe
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000\...\MountPoints2: {d80e42d7-def9-11e2-b93c-00241d667b41} - F:\Autorun.exe
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000\...\MountPoints2: {f6d71a40-668d-11e0-9759-806e6f6e6963} - E:\BlueBirds.exe
AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll => C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll File Not Found
AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll => C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKCU - (No Name) - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No File
URLSearchHook: HKCU - (No Name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No File
URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2790392
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb ... earchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2790392
SearchScopes: HKLM - {D5D47440-0750-463D-BAEF-A47D02414806} URL = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
SearchScopes: HKCU - URL http://search.centrum.cz/index.php?q={s ... trum-1.0.0
SearchScopes: HKCU - {371017D2-F356-4669-8BB2-E07013D1CB90} URL = http://www.search.ask.com/web?tpid=SGT- ... erms}&psv=
SearchScopes: HKCU - {67B72FD4-64F5-4E86-B632-922E484DB5EA} URL = http://search.avg.com/route/?d=4dce2982 ... =&ychte=us
SearchScopes: HKCU - {BB3FE1B3-D036-496C-90CD-229EBF9B204B} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {D5D47440-0750-463D-BAEF-A47D02414806} URL = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Help the General-Search Project -> {CA4520F3-AE13-4FB1-A513-58E23991C86D} -> C:\Users\uzivatel\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gg7cf7o4.default
FF Homepage: hxxp://eu.ask.com/?l=dis&o=14200
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\uzivatel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\uzivatel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: General Crawler - C:\Users\uzivatel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-08-29]
FF Extension: ADDICT-THING - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gg7cf7o4.default\Extensions\4fa261a8b94ba@4fa261a8b94bb.info [2012-05-04]
FF Extension: Babylon - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gg7cf7o4.default\Extensions\ffxtlbr@babylon.com [2012-03-19]
FF Extension: BitTorrentBar - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gg7cf7o4.default\Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} [2012-07-28]
FF Extension: Seznam lištička - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gg7cf7o4.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [2011-11-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-14]
FF HKLM\...\Firefox\Extensions: [4fa261a8b94ba@4fa261a8b94bb.info] - C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gg7cf7o4.default\extensions\4fa261a8b94ba@4fa261a8b94bb.info

Chrome:
=======
CHR StartupUrls: "hxxp://www.search.ask.com/?tpid=SGT-V7&o=APN11 ... 02-25&psv=", "hxxp://www.google.cz/"
CHR DefaultSearchKeyword: ask search
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Angry Birds) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-11-20]
CHR Extension: (Disk Google) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-18]
CHR Extension: (YouTube) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-18]
CHR Extension: (Vyhledávání Google) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-18]
CHR Extension: (AdBlock) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-27]
CHR Extension: (Peněženka Google) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-18]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\uzivatel\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2012-08-29]
CHR HKLM\...\Chrome\Extension: [jcpbbbapaiahneeinklkepfjemkkhhhj] - C:\ProgramData\ADDICT-THING\jcpbbbapaiahneeinklkepfjemkkhhhj.crx [2012-05-04]
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\uzivatel\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-30]
CHR HKCU\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\uzivatel\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-30]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-24]

========================== Services (Whitelisted) =================

S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2012-05-05] ()
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S4 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [360192 2011-05-13] (TuneUp Software)
S4 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [603904 2011-05-13] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

S3 bdacap; C:\Windows\System32\drivers\bdacap.sys [217728 2006-02-14] (Genesys Logic, Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 GLHIDKBFILTER; C:\Windows\System32\DRIVERS\GLKbFilter.sys [11264 2006-01-06] (Genesys Logic)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [80576 2004-10-07] (Protection Technology) [File not signed]
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115744 2004-10-07] (Protection Technology) [File not signed]
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology) [File not signed]
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology) [File not signed]
R0 sfsync03; C:\Windows\System32\drivers\sfsync03.sys [35328 2005-12-06] (Protection Technology) [File not signed]
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
S3 snpstd; C:\Windows\System32\DRIVERS\snpstd.sys [390784 2006-05-03] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2011-08-23] () [File not signed]
R2 SVKP; C:\Windows\system32\SVKP.sys [2368 2012-12-24] (AntiCracking) [File not signed]
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [99152 2009-12-17] (Sun Microsystems, Inc.)
S3 ATP; No ImagePath
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [112640 2009-10-20] (Huawei Technologies Co., Ltd.)
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath
S3 VBoxNetFlt; No ImagePath
U3 agvt2t7r; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2030-08-29 15:22 - 2030-08-29 15:22 - 00143872 ____N (Intel Corporation) C:\Windows\system32\iacenc.dll
2030-08-29 15:22 - 2030-08-29 15:22 - 00056832 ____N () C:\Windows\system32\iyvu9_32.dll
2014-07-23 23:27 - 2014-07-23 23:27 - 00018534 _____ () C:\Users\uzivatel\Downloads\FRST.txt
2014-07-23 23:26 - 2014-07-23 23:27 - 00000000 ____D () C:\FRST
2014-07-23 23:25 - 2014-07-23 23:25 - 01082368 _____ (Farbar) C:\Users\uzivatel\Downloads\FRST.exe
2014-07-23 23:25 - 2014-07-23 23:25 - 00112640 _____ (forum.viry.cz) C:\Users\uzivatel\Downloads\FRSTLauncher.exe
2014-07-23 23:25 - 2014-07-23 23:25 - 00029696 _____ () C:\Users\uzivatel\AppData\Local\MSGBOX.EXE
2014-07-23 23:25 - 2014-07-23 23:25 - 00015327 _____ () C:\Users\uzivatel\Desktop\LM.bat
2014-07-09 22:34 - 2014-06-07 02:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 22:34 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 22:34 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 22:34 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 22:34 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 22:34 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 22:34 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 22:34 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 22:34 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 22:34 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 22:34 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 22:34 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 22:34 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 22:34 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 22:34 - 2014-06-06 10:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 22:34 - 2014-05-30 08:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 22:33 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 22:33 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 22:33 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 22:33 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 22:33 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 22:33 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 22:33 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 22:33 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-06 13:47 - 2014-07-06 14:23 - 347848939 _____ () C:\Users\uzivatel\Downloads\FIFA-14-CZ-dabing.rar
2014-07-04 08:20 - 2014-07-04 08:20 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-07-04 08:20 - 2014-07-04 08:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-07-04 08:19 - 2014-07-04 08:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-07-04 08:18 - 2014-07-04 08:19 - 02420880 _____ () C:\Users\uzivatel\Downloads\Fraps-full-version-3.3.2.---100%.rar
2014-07-04 08:17 - 2014-07-04 08:17 - 00000000 ____D () C:\Program Files\FreeTime
2014-07-04 08:15 - 2014-07-04 08:16 - 55003752 _____ (Free Time) C:\Users\uzivatel\Downloads\FFSetup3.3.4.0.exe
2014-07-03 13:03 - 2014-07-03 13:03 - 00063780 _____ () C:\Users\uzivatel\Downloads\Modifed_100%_Complete.zip
2014-07-02 09:29 - 2014-07-02 09:39 - 171801293 _____ () C:\Users\uzivatel\Downloads\AirConflictsSecretWars-CZ+Dabing.rar
2014-06-30 19:54 - 2010-08-12 11:46 - 00758784 _____ (NVIDIA Corporation) C:\Windows\system32\cohelper.dll
2014-06-30 19:54 - 2010-08-09 22:33 - 00011164 _____ () C:\Windows\system32\Drivers\nvphy.bin
2014-06-30 19:21 - 2014-06-30 19:22 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-06-30 19:21 - 2014-06-30 19:21 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-30 19:20 - 2014-06-30 19:22 - 00000000 ____D () C:\Program Files\Windows Live
2014-06-30 19:09 - 2014-06-30 19:09 - 00000000 ____D () C:\Users\uzivatel\AppData\Local\Windows Live
2014-06-30 19:09 - 2014-06-30 19:09 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-06-30 19:09 - 2009-08-04 10:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2014-06-29 13:39 - 2014-06-29 13:39 - 00011904 _____ () C:\Users\uzivatel\Downloads\[kickass.to]fifa14.crack.v5.final.skidrow.torrent
2014-06-28 23:55 - 2014-06-28 23:55 - 00020422 _____ () C:\Users\uzivatel\Downloads\[SkT]Bytost_-_The_Entity_(1981)(CZ)_=_68%.torrent
2014-06-28 23:53 - 2014-06-28 23:53 - 00000823 _____ () C:\Users\uzivatel\Desktop\BitTorrent.lnk
2014-06-28 23:53 - 2014-06-28 23:53 - 00000803 _____ () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-06-28 23:51 - 2014-06-28 23:51 - 00016685 _____ () C:\Users\uzivatel\Downloads\[CzT]Bytost_Entity_The_1981_.torrent
2014-06-28 14:34 - 2014-06-28 22:53 - 00000000 ____D () C:\Users\uzivatel\Desktop\Modern Talking a Blue System

==================== One Month Modified Files and Folders =======

2030-08-29 15:22 - 2030-08-29 15:22 - 00143872 ____N (Intel Corporation) C:\Windows\system32\iacenc.dll
2030-08-29 15:22 - 2030-08-29 15:22 - 00056832 ____N () C:\Windows\system32\iyvu9_32.dll
2014-07-23 23:27 - 2014-07-23 23:27 - 00018534 _____ () C:\Users\uzivatel\Downloads\FRST.txt
2014-07-23 23:27 - 2014-07-23 23:26 - 00000000 ____D () C:\FRST
2014-07-23 23:27 - 2013-10-26 18:05 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\BitTorrent
2014-07-23 23:26 - 2011-06-06 18:32 - 00000468 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D15C8F01-0B9D-4B12-AD22-F37C5F81E78B}.job
2014-07-23 23:26 - 2006-11-02 14:45 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-23 23:26 - 2006-11-02 14:45 - 00003840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-23 23:25 - 2014-07-23 23:25 - 01082368 _____ (Farbar) C:\Users\uzivatel\Downloads\FRST.exe
2014-07-23 23:25 - 2014-07-23 23:25 - 00112640 _____ (forum.viry.cz) C:\Users\uzivatel\Downloads\FRSTLauncher.exe
2014-07-23 23:25 - 2014-07-23 23:25 - 00029696 _____ () C:\Users\uzivatel\AppData\Local\MSGBOX.EXE
2014-07-23 23:25 - 2014-07-23 23:25 - 00015327 _____ () C:\Users\uzivatel\Desktop\LM.bat
2014-07-23 23:23 - 2014-01-30 21:36 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-07-23 23:23 - 2014-01-30 21:32 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\GlarySoft
2014-07-23 23:23 - 2014-01-30 21:32 - 00000000 ____D () C:\Program Files\Glary Utilities 4
2014-07-23 23:18 - 2014-03-22 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-07-23 23:18 - 2014-03-22 14:10 - 00000000 ____D () C:\Program Files\GameforgeLive
2014-07-23 23:17 - 2014-05-08 21:28 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\.minecraft
2014-07-23 23:15 - 2014-01-30 22:05 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-23 23:04 - 2011-04-20 20:58 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 22:53 - 2008-01-21 03:38 - 01258859 _____ () C:\Windows\WindowsUpdate.log
2014-07-23 22:42 - 2012-08-26 20:44 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-23 22:41 - 2013-06-28 09:08 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-07-23 22:41 - 2011-04-20 20:58 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 22:40 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 12:55 - 2006-11-02 14:58 - 00032602 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-23 12:54 - 2012-08-23 18:46 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-07-23 12:37 - 2013-02-25 19:22 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3179671684-1371925784-1666508273-1000UA.job
2014-07-22 09:22 - 2014-02-25 19:01 - 00000000 ____D () C:\Users\uzivatel\Desktop\Nová složka (2)
2014-07-20 23:13 - 2008-01-21 08:14 - 01532794 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-20 18:27 - 2013-02-25 19:22 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3179671684-1371925784-1666508273-1000Core.job
2014-07-17 20:48 - 2011-04-20 20:58 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Skype
2014-07-14 21:23 - 2013-01-13 20:23 - 00009763 _____ () C:\Users\uzivatel\Desktop\Nový textový dokument (2).txt
2014-07-10 03:23 - 2006-11-02 14:44 - 00262032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:02 - 2013-08-12 10:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:00 - 2006-11-02 12:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-06 17:03 - 2014-05-09 10:23 - 00000000 ____D () C:\Users\uzivatel\Documents\FIFA 14
2014-07-06 14:23 - 2014-07-06 13:47 - 347848939 _____ () C:\Users\uzivatel\Downloads\FIFA-14-CZ-dabing.rar
2014-07-06 11:05 - 2013-07-23 19:32 - 00000000 ____D () C:\ProgramData\Origin
2014-07-06 11:05 - 2013-07-23 19:31 - 00000000 ____D () C:\Program Files\Origin
2014-07-04 09:50 - 2011-04-16 00:42 - 00102400 _____ () C:\Users\uzivatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-04 08:20 - 2014-07-04 08:20 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-07-04 08:20 - 2014-07-04 08:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-07-04 08:20 - 2014-07-04 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-07-04 08:19 - 2014-07-04 08:18 - 02420880 _____ () C:\Users\uzivatel\Downloads\Fraps-full-version-3.3.2.---100%.rar
2014-07-04 08:17 - 2014-07-04 08:17 - 00000000 ____D () C:\Program Files\FreeTime
2014-07-04 08:16 - 2014-07-04 08:15 - 55003752 _____ (Free Time) C:\Users\uzivatel\Downloads\FFSetup3.3.4.0.exe
2014-07-03 15:19 - 2013-10-27 10:29 - 00000000 ____D () C:\Users\uzivatel\Documents\GTA San Andreas User Files
2014-07-03 13:03 - 2014-07-03 13:03 - 00063780 _____ () C:\Users\uzivatel\Downloads\Modifed_100%_Complete.zip
2014-07-02 15:04 - 2011-04-14 14:03 - 00000680 _____ () C:\Users\uzivatel\AppData\Local\d3d9caps.dat
2014-07-02 09:39 - 2014-07-02 09:29 - 171801293 _____ () C:\Users\uzivatel\Downloads\AirConflictsSecretWars-CZ+Dabing.rar
2014-06-30 23:25 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-06-30 23:11 - 2011-04-14 14:04 - 00058256 _____ () C:\Users\uzivatel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-30 23:09 - 2011-04-14 17:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-30 21:43 - 2014-03-23 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperOneClick v2.3.3
2014-06-30 21:43 - 2014-03-23 16:59 - 00000000 ____D () C:\Program Files\SuperOneClick v2.3.3
2014-06-30 19:54 - 2011-04-14 14:14 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-30 19:54 - 2011-04-14 14:03 - 00000000 ____D () C:\Users\uzivatel
2014-06-30 19:22 - 2014-06-30 19:21 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-06-30 19:22 - 2014-06-30 19:20 - 00000000 ____D () C:\Program Files\Windows Live
2014-06-30 19:21 - 2014-06-30 19:21 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-30 19:21 - 2006-11-02 13:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-30 19:09 - 2014-06-30 19:09 - 00000000 ____D () C:\Users\uzivatel\AppData\Local\Windows Live
2014-06-30 19:09 - 2014-06-30 19:09 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-06-29 13:41 - 2011-04-29 18:31 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-29 13:39 - 2014-06-29 13:39 - 00011904 _____ () C:\Users\uzivatel\Downloads\[kickass.to]fifa14.crack.v5.final.skidrow.torrent
2014-06-28 23:55 - 2014-06-28 23:55 - 00020422 _____ () C:\Users\uzivatel\Downloads\[SkT]Bytost_-_The_Entity_(1981)(CZ)_=_68%.torrent
2014-06-28 23:53 - 2014-06-28 23:53 - 00000823 _____ () C:\Users\uzivatel\Desktop\BitTorrent.lnk
2014-06-28 23:53 - 2014-06-28 23:53 - 00000803 _____ () C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-06-28 23:51 - 2014-06-28 23:51 - 00016685 _____ () C:\Users\uzivatel\Downloads\[CzT]Bytost_Entity_The_1981_.torrent
2014-06-28 22:53 - 2014-06-28 14:34 - 00000000 ____D () C:\Users\uzivatel\Desktop\Modern Talking a Blue System
2014-06-28 19:55 - 2013-07-23 19:34 - 00000000 ____D () C:\Users\uzivatel\AppData\Roaming\Origin

Some content of TEMP:
====================
C:\Users\uzivatel\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-23 22:46

==================== End Of Log ============================
Přílohy
Addition.rar
(9.44 KiB) Staženo 67 x
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Windows Script Host

#4 Příspěvek od vyosek »

:arrow: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Ulozte nejlepe na Plochu a rozbalte
  • Spustte kliknutim na mbar
  • Nyni postupne kliknete na Next a Update
  • Po dokonceni update (aktualizace) databaze kliknete opet na Next
  • Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
  • Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
  • Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
  • Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
  • PC bude restartovan
  • Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Attistar
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 19 črc 2014 18:09

Re: Windows Script Host

#5 Příspěvek od Attistar »

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.07.24.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
uzivatel :: UZIVATEL-PC [administrator]

24.7.2014 11:56:39
mbar-log-2014-07-24 (11-56-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 260645
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKLM\SOFTWARE\CLASSES\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Delete on reboot. [f1b04b55f08b50e6368e3043b949de22]
HKLM\SOFTWARE\CLASSES\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\INPROCSERVER32 (Trojan.Downloader) -> Delete on reboot. [f1b04b55f08b50e6368e3043b949de22]
HKLM\SOFTWARE\CLASSES\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Delete on reboot. [f1b04b55f08b50e6368e3043b949de22]
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Delete on reboot. [f1b04b55f08b50e6368e3043b949de22]
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Delete on reboot. [f1b04b55f08b50e6368e3043b949de22]
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Delete on reboot. [f1b04b55f08b50e6368e3043b949de22]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Delete on reboot. [7d242d73304bab8bf38177fa758d07f9]
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Delete on reboot. [5849435d7dfe15218c54502912f013ed]
HKU\S-1-5-21-3179671684-1371925784-1666508273-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Delete on reboot. [9908643cfc7f93a317cd1e5bd52d817f]
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Delete on reboot. [0e93732d3a4196a0f32bd5a5fc06e51b]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SVKP (Trojan.Agent) -> Delete on reboot. [326f4e52e19ab0863ff2229047bc40c0]

Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSStp (Trojan.Agent.VBS) -> Data: C:\Windows\system32\msstp.vbe -> Delete on reboot. [3e633a667a01d5613038bc2c32d00bf5]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Windows\inf\mncptdjtb (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\bitstreams (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]

Files Detected: 17
C:\Users\uzivatel\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Delete on reboot. [f1b04b55f08b50e6368e3043b949de22]
C:\Windows\System32\msstp.vbe (Trojan.Agent.VBS) -> Delete on reboot. [3e633a667a01d5613038bc2c32d00bf5]
C:\Windows\System32\SVKP.sys (Trojan.Agent) -> Delete on reboot. [326f4e52e19ab0863ff2229047bc40c0]
C:\Windows\inf\mncptdjtb\diablo130302.cl (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\diakgcn121016.cl (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\libcurl-4.dll (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\libeay32.dll (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\libidn-11.dll (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\librtmp.dll (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\libssh2.dll (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\mncptdjtb.exe (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\phatk121016.cl (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\poclbm130302.cl (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\scrypt130511.cl (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\ssleay32.dll (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\zlib1.dll (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]
C:\Windows\inf\mncptdjtb\bitstreams\fpgaminer_top_fixed7_197MHz.ncd (Trojan.Agent.BCM) -> Delete on reboot. [158ccbd5b7c40c2a12d48127d2300af6]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Windows Script Host

#6 Příspěvek od vyosek »

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Attistar
Návštěvník
Návštěvník
Příspěvky: 35
Registrován: 19 črc 2014 18:09

Re: Windows Script Host

#7 Příspěvek od Attistar »

# AdwCleaner v3.216 - Report created 27/07/2014 at 17:38:02
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : uzivatel - UZIVATEL-PC
# Running from : C:\Users\uzivatel\Desktop\adwcleaner_3.216.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\ADDICT-THING
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\uzivatel\AppData\Local\apn
Folder Deleted : C:\Users\uzivatel\AppData\Local\blekkotb_031
Folder Deleted : C:\Users\uzivatel\AppData\Local\Conduit
Folder Deleted : C:\Users\uzivatel\AppData\Local\VNT
Folder Deleted : C:\Users\uzivatel\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\uzivatel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\uzivatel\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\uzivatel\AppData\LocalLow\ADDICT-THING
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\Babylon
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\PriceGong
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gg7cf7o4.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gg7cf7o4.default\Extensions\4fa261a8b94ba@4fa261a8b94bb.info
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gg7cf7o4.default\Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
File Deleted : C:\Windows\system32\conduitEngine.tmp
File Deleted : C:\Users\uzivatel\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4fa261a8b94ba@4fa261a8b94bb.info]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{421CDED3-F1AE-4A42-B1AC-E9D8A2299EBB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2
Key Deleted : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Finder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{756C097C-6BDB-45DE-A8F1-83E01AB86BA4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01AD9322-02FF-4F4F-AC52-92FDA5AE65F0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v

[ File : C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\gg7cf7o4.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://eu.ask.com/?l=dis&o=14200");
Line Deleted : user_pref("CT2790392.autoDisableScopes", -1);

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://www.search.ask.com/?tpid=SGT-V7&o=APN11 ... 02-25&psv=
Deleted [Extension] : dednnpigldgdbpgcdpfppmlcnnbjciel
Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc
Deleted [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp

*************************

AdwCleaner[R0].txt - [13212 octets] - [27/07/2014 17:36:06]
AdwCleaner[S0].txt - [13406 octets] - [27/07/2014 17:38:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13467 octets] ##########
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Windows Script Host

#8 Příspěvek od vyosek »

:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“