Kontrola logu

Zpráva

Gabo · #1 Příspěvek od **Gabo** » 16 pro 2014 22:12

Zdravim ! Dal som preventivne zoskenovat pc Eset online skenerom a naslo mi a nasledne zmazalo do karanteny Win32/Bundled.Toolbar.Google.D a "variant infiltracie" Win32/Toolbar.Widgi.B

Avast mi predtym nic nenasiel po dlhom kompletnom skene. Prosim o kontrolu logu a dakujem

Logfile of random's system information tool 1.09 (written by random/random)
Run by Gabriel at 2014-12-16 22:11:50
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 71 GB (47%) free of 153 GB
Total RAM: 1021 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:12:24, on 16.12.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera\26.0.1656.32\opera.exe
C:\Program Files\Opera\26.0.1656.32\opera.exe
C:\Program Files\Opera\26.0.1656.32\opera.exe
C:\Program Files\Opera\26.0.1656.32\opera.exe
C:\Program Files\Opera\26.0.1656.32\opera.exe
C:\Program Files\Opera\26.0.1656.32\opera.exe
C:\Program Files\Opera\26.0.1656.32\opera.exe
C:\Program Files\Opera\26.0.1656.32\opera.exe
C:\Program Files\Opera\26.0.1656.32\opera.exe
C:\Program Files\Opera\26.0.1656.32\opera.exe
C:\Documents and Settings\Gabriel\Desktop\BEZPEČNOSŤ\RSIT.exe
C:\Program Files\trend micro\Gabriel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PHL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX125 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "C:\DOCUME~1\Gabriel\LOCALS~1\Temp\E_S1AB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7923229796
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 6625 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\Game_Booster_AutoUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1397242596.job
C:\WINDOWS\tasks\Wise Care 365.job
C:\WINDOWS\tasks\Wise Turbo Checker.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-17 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-07 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-17 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"DT PHL"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2009-10-08 86016]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-15 98304]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-12 5227112]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2014-10-02 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON SX125 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE [2009-09-14 200704]
"Wisdom-soft ScreenHunter 6.0 Free"=0 []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-11-13 6697752]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-11-27 30524520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2009-03-03 694824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2014-11-13 6697752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-08-16 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-07 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"
"C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Gabriel\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Steam\SteamApps\common\Mafia II\pc\mafia2.exe"="C:\Program Files\Steam\SteamApps\common\Mafia II\pc\mafia2.exe:*:Enabled:Mafia II"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Steam\bin\steamwebhelper.exe"="C:\Program Files\Steam\bin\steamwebhelper.exe:*:Enabled:Steam Web Helper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"msacm.ac3filter"=ac3filter.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-12-16 16:02:22 ----D---- C:\Program Files\ESET
2014-12-16 15:08:12 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2014-12-16 15:07:28 ----D---- C:\Program Files\NortonInstaller
2014-12-16 15:07:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
2014-12-14 22:03:58 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-24 23:42:19 ----D---- C:\Documents and Settings\Gabriel\Application Data\Innovative Solutions
2014-11-24 23:42:07 ----D---- C:\Program Files\Innovative Solutions
2014-11-23 12:35:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2014-11-23 00:29:47 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-21 20:36:34 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ProductData
2014-11-21 20:36:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-11-21 20:36:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
2014-11-21 20:35:42 ----D---- C:\Program Files\IObit
2014-11-21 20:35:09 ----D---- C:\Documents and Settings\Gabriel\Application Data\IObit

======List of files/folders modified in the last 1 month======

2014-12-16 22:12:07 ----D---- C:\Program Files\Trend Micro
2014-12-16 22:06:10 ----D---- C:\Documents and Settings\Gabriel\Application Data\Skype
2014-12-16 16:29:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-12-16 16:29:02 ----D---- C:\WINDOWS\Temp
2014-12-16 16:02:22 ----D---- C:\Program Files
2014-12-16 16:01:36 ----D---- C:\WINDOWS\system32\drivers
2014-12-16 16:01:28 ----SD---- C:\WINDOWS\Tasks
2014-12-16 15:49:39 ----D---- C:\WINDOWS\system32\CatRoot2
2014-12-16 15:45:01 ----D---- C:\Program Files\Common Files\Symantec Shared
2014-12-16 11:37:08 ----D---- C:\WINDOWS\system32
2014-12-16 09:42:59 ----D---- C:\Program Files\SUPERAntiSpyware
2014-12-14 22:04:20 ----D---- C:\WINDOWS
2014-12-13 14:39:12 ----D---- C:\FFOutput
2014-12-13 13:54:46 ----A---- C:\WINDOWS\AviSplitter.INI
2014-12-11 21:46:48 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2014-12-11 21:46:42 ----D---- C:\Program Files\SpywareBlaster
2014-12-10 13:40:15 ----D---- C:\WINDOWS\Debug
2014-12-10 13:36:54 ----D---- C:\WINDOWS\system32\MRT
2014-12-10 13:33:40 ----A---- C:\WINDOWS\system32\MRT.exe
2014-12-03 16:29:14 ----D---- C:\Program Files\Opera
2014-12-02 21:57:19 ----SHD---- C:\WINDOWS\Installer
2014-12-02 21:57:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2014-12-02 21:57:15 ----HD---- C:\Config.Msi
2014-12-02 21:56:24 ----RD---- C:\Program Files\Skype
2014-12-02 01:09:11 ----D---- C:\WINDOWS\Minidump
2014-11-30 16:26:30 ----D---- C:\Program Files\CCleaner
2014-11-24 16:44:47 ----D---- C:\Program Files\Steam
2014-11-23 13:45:35 ----D---- C:\Program Files\Common Files\Adobe
2014-11-23 13:45:35 ----D---- C:\Program Files\Adobe
2014-11-23 00:19:14 ----D---- C:\WINDOWS\system32\Adobe
2014-11-23 00:09:45 ----D---- C:\WINDOWS\system32\Macromed
2014-11-22 00:46:06 ----D---- C:\WINDOWS\system32\config
2014-11-21 21:21:34 ----D---- C:\WINDOWS\SoftwareDistribution
2014-11-21 20:36:56 ----D---- C:\Documents and Settings\Gabriel\Application Data\Apple Computer
2014-11-21 12:26:52 ----D---- C:\WINDOWS\system32\CatRoot
2014-11-21 12:26:01 ----HD---- C:\WINDOWS\inf

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-11-07 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-11-07 206248]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-11-07 55240]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-11-22 787800]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-11-20 423784]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-11-07 57928]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2009-03-03 17465]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-11-07 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-11-07 70384]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-08-16 6810624]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP3.sys [2012-02-23 99856]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2009-07-15 17136]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 anvsnddrv;AnvSoft Virtual Sound Device; C:\WINDOWS\system32\drivers\anvsnddrv.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudbus.sys [2013-01-31 83168]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [2013-01-31 181344]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SWDUMon;SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [2013-06-04 13464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys []
S3 WinUSB;SAMSUNG Android USB Driver; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-07-23 142648]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-08-16 643072]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-07 50344]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2009-10-08 69632]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service; C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [2014-10-28 244448]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-07-15 109168]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-05-26 86016]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2014-06-05 93040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-20 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-05 267440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-20 116648]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **cernohous13** » 17 pro 2014 06:43

Zdravím, zkusíme to probrat

Stáhni AdwCleaner
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož nejlépe na plochu -> ukonči všechny programy -> spusť AdwCleaner -> klikni na Scan po dokončení na Clean
bude provedena oprava, restartuje se - (případně restartuj) a vypadne log C:\AdwCleaner\AdwCleaner[S?].txt , jeho obsah vložíš sem

pravděpodobně budeš nucen vypnout na tu chvíli antivir - je to čisté, prověřeno

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Kód: Vybrat vše
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script

PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
Log bude zde C:\zoek-results.log

Gabo · #3 Příspěvek od **Gabo** » 17 pro 2014 18:53

Pc je o dost rychlejsi

# AdwCleaner v4.105 - Report created 17/12/2014 at 15:11:21
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Gabriel - GABRIELN
# Running from : C:\Documents and Settings\Gabriel\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\user.js
File Found : C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\systemk
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\systemk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v

-\\ Opera v26.0.1656.60

[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : elchiiiejkobdbblfejjkbphbddgmljf
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : ffhfoagmjcnkolneahbpagjcjjaeofbg
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : hjghiofiijcepdnocbgefbdlbckjfheg
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : iklgpchfbohgmghgfagediakopecfmbm
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : kfgaibfbmkjgmimhbbaikfnpkkjkpoan
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : lmnbobhffedhdhfpcjkjphcfpeeiocdn
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : kjpifmjicccpbkfjdkehimhgklfkbanh
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : hoidflomjnnnbiemmkjdjkkialmhbago
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : ekpibplnnkfdcafdpoekhoffegcajene
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : ipljmghelflfikejmgkmlmpjmehfjodc
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : ejddjnilmdncjilbfjgameihlklfpohp
[C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\preferences] - Found [Extension] : eagomcfjiefffhpaejnlpjccikpipdoe

*************************

AdwCleaner[R1].txt - [3409 octets] - [17/12/2014 15:11:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3469 octets] ##########

Zoek.exe v5.0.0.0 Updated 17-December-2014
Tool run by Gabriel on st 17.12.2014 at 15:20:22,31.
Systém Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Gabriel\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-06-30-151430.log 17703 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\dumps deleted successfully
C:\Program Files\ICQM deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Webteh deleted successfully
C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free deleted successfully
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\ProductData deleted successfully
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Documents and Settings\admin\Application Data\DAEMON Tools deleted successfully
C:\Documents and Settings\admin\Application Data\Lavasoft deleted successfully
C:\Documents and Settings\admin\Application Data\Media Player Classic deleted successfully
C:\Documents and Settings\Gabriel\Application Data\Publish Providers deleted successfully
C:\Documents and Settings\Gabriel\Local Settings\Application Data\0ad deleted successfully
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Adobe deleted successfully
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Samsung deleted successfully
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Secunia PSI deleted successfully
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Unity deleted successfully
C:\Documents and Settings\Gabriel\Local Settings\Application Data\Wisdom-soft deleted successfully
C:\Documents and Settings\Gabriel\Local Settings\Application Data\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1645522239-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} deleted successfully
HKEY_USERS\S-1-5-21-1645522239-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\h8w1hr62.default-1347058845234\prefs.js:
user_pref("browser.startup.homepage", "http://www.facebook.com/");

Added to C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\h8w1hr62.default-1347058845234\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\admin\Application Data\TomTom\HOME\Profiles\kc6qjwo2.default\prefs.js:

Added to C:\Documents and Settings\admin\Application Data\TomTom\HOME\Profiles\kc6qjwo2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\prefs.js:

Added to C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\Gabriel\Application Data\TomTom\HOME\Profiles\b108xpb9.default\prefs.js:

Added to C:\Documents and Settings\Gabriel\Application Data\TomTom\HOME\Profiles\b108xpb9.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Documents and Settings\Gabriel\Application Data\TomTom\HOME\Profiles\nhsdh1yt.default\prefs.js:

Added to C:\Documents and Settings\Gabriel\Application Data\TomTom\HOME\Profiles\nhsdh1yt.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe deleted
C:\Program Files\ComPlus Applications deleted
C:\install.exe deleted
C:\WINDOWS\system32\GroupPolicy\ADM deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [07.11.2014 20:57]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\admin\Application Data\TomTom\HOME\Profiles\kc6qjwo2.default
- Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.8.080.9662@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.053.520930@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.057.562242@tomtom.com

ProfilePath: C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - wrc@avast.com
- Undetermined - Stratiform@SoapySpew
- Stratiform - %ProfilePath%\extensions\Stratiform@SoapySpew.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Documents and Settings\Gabriel\Application Data\TomTom\HOME\Profiles\b108xpb9.default
- Map status indicator - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.8.080.9662@tomtom.com
- Emulator - %ProfilePath%\extensions\Navcore.9.057.562242@tomtom.com

ProfilePath: C:\Documents and Settings\Gabriel\Application Data\TomTom\HOME\Profiles\nhsdh1yt.default
- Emulator - %ProfilePath%\extensions\Navcore.8.080.9662@tomtom(2).com

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Gabriel\Application Data\Mozilla\Firefox\Profiles\g7je0c2u.default
559E8D42BE485208F1C4BB294D6840A4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6
5D4279248A0E506CF007BD51EBF74CEA - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6
F9DE379CE8A782530A4FA0B731F3A49B - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6
049BD7AD3B94F24FA274ED1F7FC5871B - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6
D937A4645EFF8CB4F123E3C899C052B2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6
E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18
56F5E4EB843F2351FDDB83396543FF78 - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla
893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
626791785FF2A338575E8AF0563D8333 - C:\WINDOWS\npMSDM.dll - Microsoft Download Manager Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
28000D7EEB2FD95A36E1A7539F599C3B - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
5D41BCD19A3D90E4EBB58A6BFB79E4F7 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
8B6884E3E1E5F8ABA5FA0C6A2B13181D - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07.11.2014 20:57]

AdBlock - Gabriel\Application Data\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj

==== Chromium Startpages ======================

C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Preferences
"startup_urls": [ "http://www.sme.sk/" ],

==== Chromium Fix ======================

C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Local Storage\https_static.olark.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Preferences was reset successfully
C:\Documents and Settings\Gabriel\Application Data\Opera Software\Opera Stable\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Gabriel\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Documents and Settings\Gabriel\Local Settings\Application Data\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=4 572477 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\admin\Local Settings\temp emptied successfully
C:\Documents and Settings\Administrator\Local Settings\temp emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully
C:\Documents and Settings\Default User.WINDOWS\Local Settings\Temp emptied successfully
C:\Documents and Settings\Gabriel\Local Settings\Temp will be emptied at reboot
C:\Documents and Settings\LocalService\Local Settings\temp emptied successfully
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\temp emptied successfully
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Gabriel\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Gabriel\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on st 17.12.2014 at 18:49:44,70 ======================

#4 Příspěvek od **cernohous13** » 18 pro 2014 06:23

Ještě pro jistotu kontrola

Stáhni a nainstaluj MBAM zde http://www.bleepingcomputer.com/downloa ... re/dl/241/ verzi 1.75
Při instalaci ti jako první nabídne instalaci nové verze - dáš Storno - bude aktualizována jen databáze
Po instalaci Spustit -> na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení a program nezavírej

Gabo · #5 Příspěvek od **Gabo** » 18 pro 2014 21:03

Malwarebytes Anti-Malware (Skúšobná verzia) 1.75.0.1300
www.malwarebytes.org

Verzia databázy: v2014.12.18.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gabriel :: GABRIELN [administrátor]

Ochrana: Vypnuté

18.12.2014 18:11:57
mbam-log-2014-12-18 (18-11-57).txt

Typ kontroly: Úplná kontrola (C:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 673155
Uplynutý čas: 2 hod, 44 min, 1 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 0
(Škodlivé položky neboli zistené)

(koniec)

#6 Příspěvek od **cernohous13** » 19 pro 2014 06:55

MBAM odinstaluj http://www.malwarebytes.org/mbam-clean.exe

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remote disinfection tools

Kliknete na Run

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.filehippo.com/download_ccleaner
Při instalaci vyhodit fajfku u nabízených toolbarů
Můžeš nastavit potřebný jazyk
zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.
spustit "Nástroje" > "Start" - tady můžeš zkusit deaktivovat procesy, které při spuštění nepotřebuješ (pokud by ti potom něco nechodilo, stejným způsobem je povolíš)

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.

a máme hotovo

Gabo · #7 Příspěvek od **Gabo** » 19 pro 2014 18:31

Ccleaner pouzivam pravidelne uz zopar rokov

DAKUJEM velmi pekne za pomoc !

A prajem prijemne a pokojne sviatky

#8 Příspěvek od **cernohous13** » 20 pro 2014 06:36

Nemá zač, rádo se stalo

A hezké svátky i Tobě a Tvým blízkým

VIRY.CZ

Kontrola logu

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu