Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Trojan, vyskakovací okna

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Pítrs
Návštěvník
Návštěvník
Příspěvky: 165
Registrován: 11 úno 2006 20:37

Trojan, vyskakovací okna

#1 Příspěvek od Pítrs »

Zdravím,

při prohlížení webu se mne dostal trojan do PC, resp. zachytil ho Avast a přesunul do truhly. V truhle jsem ho smazal a PC projel CCleanerem. Bohužel nyní je prohlížení webu přes Firefox docela divoké. Domovská stránka se změnila na mystartsearch a když změním domovskou stránku, tak po dalším spuštění prohlížeče je domovská stránka opět mystartsearch. Při prohlížení webu začaly ve velkém vyskakovat okna s různou nesmyslnou reklamou. Děkuji za rady!

Zasílám Log.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Pítrs at 2015-02-21 10:47:50
Microsoft Windows 7 Home Premium
System drive C: has 32 GB (14%) free of 233 GB
Total RAM: 3956 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:47:54, on 21.2.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\XTab\cmdshell.exe
C:\Program Files (x86)\XTab\HPNotify.exe
C:\Program Files (x86)\SourceApp\bin\SourceApp.expext.exe
C:\Program Files (x86)\SourceApp\bin\SourceApp.BrowserAdapter.exe
C:\Program Files\trend micro\Pítrs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... 417HK5M0EX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... 417HK5M0EX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... 417HK5M0EX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... 417HK5M0EX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mystartsearch.com/web/?type= ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mystartsearch.com/web/?type= ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SourceApp 1.0.0.7 - {9f7ab9c4-4da3-440e-ba84-95903165f129} - C:\Program Files (x86)\SourceApp\SourceAppbho.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IHProtect Service - XTab system - C:\Program Files (x86)\XTab\ProtectService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update SourceApp - Unknown owner - C:\Program Files (x86)\SourceApp\updateSourceApp.exe
O23 - Service: Util SourceApp - Unknown owner - C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11916 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 32213120
\??\C:\Windows\system32\conhost.exe "492442581923113799653588132187334003215489687371437073859-1002419834-1534027867
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Windows\PLFSetI.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe"
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"

"C:\Program Files (x86)\Windows Sidebar\sidebar.exe"
"C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe"
"C:\Program Files (x86)\XTab\ProtectService.exe"
"C:\Program Files (x86)\XTab\cmdshell.exe"
HPNotify.exe -run
"C:\Program Files (x86)\SourceApp\bin\SourceApp.PurBrowse64.exe" /l false /s false /c "SourceApp" /t "C:\Program Files (x86)\SourceApp\bin\TEMP" /i "http://apisourceappinfo-a.akamaihd.net/ ... 0000000000" /d {0fd1a45b-4ab9-492d-a4ec-94b4363a6dde}Gw64 /p b832345b-67c5-4cb7-b1c8-5190f32df4a1:firefox /p a49d9a95-5b61-4bc1-a70b-74af898608f5:chrome /p 92bb7ebe-22fe-4bbe-81a9-08fba86f607e:iexplore /p eb5c12ec-4bd9-4adb-8981-8fae6eaeea98:opera /h cdn.sharedaddomain.com,cdn.sharedaddomain2.com 0 10 "C:\Program Files (x86)\SourceApp\bin\bau" true
\??\C:\Windows\system32\conhost.exe "147515441217333842501470027076-2010180835-9626790685703739286567898181402098616
/ieg 92bb7ebe-22fe-4bbe-81a9-08fba86f607e /is smp1cz
/ch a49d9a95-5b61-4bc1-a70b-74af898608f5 /ie 92bb7ebe-22fe-4bbe-81a9-08fba86f607e /fi b832345b-67c5-4cb7-b1c8-5190f32df4a1 /z "n=SourceApp&is=smp1cz&dpt=20"
/ch a49d9a95-5b61-4bc1-a70b-74af898608f5 /ie 92bb7ebe-22fe-4bbe-81a9-08fba86f607e /fi b832345b-67c5-4cb7-b1c8-5190f32df4a1 /z "n=SourceApp&is=smp1cz&dpt=20"
"C:\Program Files (x86)\SourceApp\updateSourceApp.exe"
taskeng.exe {FC39ABDA-FBBB-4C6D-88C5-0C759763C79D}
"G:\Programy_download_Windows7\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Pítrs\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default

prefs.js - "browser.startup.homepage" - "http://www.novinky.cz/"
prefs.js - "keyword.URL" - "https://www.google.com/search/?trackid=sp-006"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Pítrs\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default\searchplugins\
google-avast.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-04 705448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
IETabPage Class - C:\Program Files (x86)\XTab\SupTab.dll [2015-01-16 210096]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-04 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9f7ab9c4-4da3-440e-ba84-95903165f129}]
SourceApp 1.0.0.7 - C:\Program Files (x86)\SourceApp\SourceAppbho.dll [2015-02-21 269040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2010-03-04 520760]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2010-02-05 324608]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-11 2107176]
"PLFSetI"=C:\Windows\PLFSetI.exe [2010-08-10 206208]
"Acer ePower Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2010-03-17 860704]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-04 284696]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2010-03-03 1300560]
"BackupManagerTray"=C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [2010-03-09 260608]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-03-03 98304]
"Adobe Photo Downloader"=C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-01-27 5227112]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"daemontoolslite"= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=3
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - "C:\Windows\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2015-02-21 10:47:50 ----D---- C:\rsit
2015-02-21 10:40:47 ----A---- C:\Windows\system32\drivers\{0fd1a45b-4ab9-492d-a4ec-94b4363a6dde}Gw64.sys
2015-02-21 10:39:22 ----D---- C:\ProgramData\IHProtectUpDate
2015-02-21 10:39:19 ----D---- C:\Program Files (x86)\XTab
2015-02-21 10:39:09 ----D---- C:\Program Files (x86)\SourceApp
2015-02-21 10:38:36 ----D---- C:\Users\Pítrs\AppData\Roaming\mystartsearch
2015-02-17 22:59:53 ----D---- C:\ProgramData\YTD Video Downloader
2015-02-17 22:59:30 ----D---- C:\Program Files (x86)\GreenTree Applications
2015-02-04 21:36:14 ----D---- C:\Program Files (x86)\ACD Systems
2015-01-26 14:13:55 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 month======

2015-02-21 10:47:54 ----D---- C:\Windows\Prefetch
2015-02-21 10:47:53 ----D---- C:\Windows\Temp
2015-02-21 10:47:53 ----D---- C:\Program Files\trend micro
2015-02-21 10:47:13 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-02-21 10:46:27 ----D---- C:\Users\Pítrs\AppData\Roaming\XnView
2015-02-21 10:45:56 ----D---- C:\Windows\inf
2015-02-21 10:45:55 ----D---- C:\Windows
2015-02-21 10:42:26 ----D---- C:\Program Files (x86)
2015-02-21 10:42:24 ----D---- C:\Windows\system32\drivers
2015-02-21 10:42:23 ----D---- C:\Windows\system32\DriverStore
2015-02-21 10:42:23 ----D---- C:\Windows\system32\catroot
2015-02-21 10:40:48 ----A---- C:\Windows\win.ini
2015-02-21 10:39:35 ----D---- C:\Windows\System32
2015-02-21 10:39:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-02-21 10:39:22 ----D---- C:\ProgramData
2015-02-21 10:37:41 ----SHD---- C:\System Volume Information
2015-02-21 09:34:53 ----D---- C:\Windows\system32\config
2015-02-21 09:33:33 ----D---- C:\Users\Pítrs\AppData\Roaming\Skype
2015-02-21 09:24:23 ----A---- C:\Windows\SYSWOW64\log.txt
2015-02-19 21:41:41 ----D---- C:\Users\Pítrs\AppData\Roaming\vlc
2015-02-19 15:35:08 ----D---- C:\YTD_download_video
2015-02-19 15:06:27 ----D---- C:\Windows\system32\catroot2
2015-02-17 22:56:11 ----D---- C:\Users\Pítrs\AppData\Roaming\YouTube Downloader
2015-02-16 17:17:00 ----D---- C:\Users
2015-02-05 18:45:19 ----D---- C:\Windows\SysWOW64
2015-02-05 18:45:16 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-02-04 21:40:28 ----D---- C:\Windows\winsxs
2015-02-04 21:36:38 ----SHD---- C:\Windows\Installer
2015-02-04 20:24:56 ----D---- C:\Windows\Tasks
2015-01-26 14:15:09 ----D---- C:\Users\Pítrs\AppData\Roaming\DAEMON Tools Lite
2015-01-26 14:15:09 ----D---- C:\Program Files (x86)\PDFCreator
2015-01-26 14:14:56 ----D---- C:\Windows\Panther
2015-01-26 14:14:56 ----D---- C:\Windows\Logs
2015-01-26 14:14:00 ----D---- C:\Windows\system32\Tasks
2015-01-26 14:13:55 ----D---- C:\Program Files
2015-01-26 13:47:49 ----D---- C:\Users\Pítrs\AppData\Roaming\Winamp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-04 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-04 267632]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 540696]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2014-01-18 52856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 {0fd1a45b-4ab9-492d-a4ec-94b4363a6dde}Gw64;{0fd1a45b-4ab9-492d-a4ec-94b4363a6dde}Gw64; C:\Windows\system32\drivers\{0fd1a45b-4ab9-492d-a4ec-94b4363a6dde}Gw64.sys [2015-02-20 48784]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-04 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-04 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-04 436624]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-04 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-04 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-04 116728]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atipmdag.sys [2010-03-02 6402560]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-03-02 188928]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2013-09-24 94208]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-04-01 3060800]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2010-03-31 724536]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-01-19 75304]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2009-05-05 18432]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-11 316464]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2009-05-05 16896]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-03-05 335400]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-02-14 102440]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-01-13 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-13 21544]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-03-02 202752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-04 50344]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-03-26 920352]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-03-17 866336]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 IHProtect Service;IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [2015-01-16 158896]
R2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 262144]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-09 250368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R2 Update SourceApp;Update SourceApp; C:\Program Files (x86)\SourceApp\updateSourceApp.exe [2015-02-21 392944]
R2 Util SourceApp;Util SourceApp; C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe [2015-02-21 392944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2013-03-23 77944]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2014-01-18 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23 107912]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-23 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S4 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-15 182768]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 Updater Service;Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan, vyskakovací okna

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Pítrs
Návštěvník
Návštěvník
Příspěvky: 165
Registrován: 11 úno 2006 20:37

Re: Trojan, vyskakovací okna

#3 Příspěvek od Pítrs »

Zasílám logy.

# AdwCleaner v4.111 - Logfile created 21/02/2015 at 11:07:05
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium (x64)
# Username : Pítrs - ACER
# Running from : C:\Users\Pítrs\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : IHProtect Service
[#] Service Deleted : Update SourceApp
[#] Service Deleted : Util SourceApp
Service Deleted : {0fd1a45b-4ab9-492d-a4ec-94b4363a6dde}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\XTab
[!] Folder Deleted : C:\Program Files (x86)\SourceApp
[!] Folder Deleted : C:\Program Files (x86)\SourceApp
Folder Deleted : C:\Users\Pítrs\AppData\Roaming\mystartsearch
File Deleted : C:\Users\Pítrs\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default\Extensions\{0fd1a45b-4ab9-492d-a4ec-94b4363a6dde}.xpi
File Deleted : C:\Windows\System32\drivers\{0fd1a45b-4ab9-492d-a4ec-94b4363a6dde}Gw64.sys
File Deleted : C:\Users\Pítrs\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Opera.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Pítrs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Shortcut Disinfected : C:\Users\Pítrs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Pítrs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Pítrs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Pítrs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Pítrs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Pítrs\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera11.51 1087.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update SourceApp
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util SourceApp
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1B74BE8-E593-4EB8-BF9E-AC2BBE4B1BEB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7e25cc08-8611-435a-bed7-60dd82b4fde5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F7AB9C4-4DA3-440E-BA84-95903165F129}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95289393-33EA-4F8D-B952-483415B9C955}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95289393-33EA-4F8D-B952-483415B9C955}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1B74BE8-E593-4EB8-BF9E-AC2BBE4B1BEB}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{66B92449-8273-43CB-B9D9-ECAFEC7E3C24}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\SourceApp
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\SourceApp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SourceApp

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v33.1 (x86 cs)

[geejzd2p.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.mystartsearch.com/newtab/?type=nt&t ... 417HK5M0EX");

-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R5].txt - [10989 bytes] - [21/02/2015 11:04:14]
AdwCleaner[S4].txt - [8950 bytes] - [21/02/2015 11:07:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [9009 bytes] ##########







Zoek.exe v5.0.0.0 Updated 21-February-2015
Tool run by Pˇtrs on so 21.02.2015 at 11:10:41,08.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PTRS~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21.2.2015 11:13:32 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Xenocode deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\ReviSoft2 deleted successfully
C:\Users\PTRS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Boxoft Toolbox deleted successfully
C:\PROGRA~3\PDF Architect deleted successfully
C:\Users\PTRS~1\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\PTRS~1\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.novinky.cz/");
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006");

Added to C:\Users\PTRS~1\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\PTRS~1\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default

user.js not found
---- Lines mybrowserbar removed from prefs.js ----
user_pref("extensions.pdfforge@mybrowserbar.com.install-event-fired", true);
user_pref("extensions.wtxpcom@mybrowserbar.com.install-event-fired", true);
---- Lines extensions.50d433ac676a2 removed from prefs.js ----
user_pref("extensions.50d433ac676a2.epoch", "1364668551");
user_pref("extensions.50d433ac676a2.url", "http://extsync.info/sync/?ext=savebc&pi ... 155de6e2ed
---- Lines extensions.5106e1f19ca25 removed from prefs.js ----
user_pref("extensions.5106e1f19ca25.epoch", "1364668550");
user_pref("extensions.5106e1f19ca25.scode", "(function(){try{if(-1==window.self.location.hostname.indexOf('mail.'))for(i=0;5>i;i++)window.setTimeout(f
user_pref("extensions.5106e1f19ca25.url", "http://jpiservice.info/sync/?ext=ctos&p ... 4028524966&
---- Lines extensions.5106e2468ab08 removed from prefs.js ----
user_pref("extensions.5106e2468ab08.epoch", "1364668550");
user_pref("extensions.5106e2468ab08.scode", "(function(){try{if(-1==window.self.location.hostname.indexOf('mail.'))for(i=0;5>i;i++)window.setTimeout(f
user_pref("extensions.5106e2468ab08.url", "http://jpi-syncer.info/sync/?ext=ctos&p ... 4028524966&
---- Lines extensions.51097d0c4ac5c removed from prefs.js ----
user_pref("extensions.51097d0c4ac5c.epoch", "1364668550");
user_pref("extensions.51097d0c4ac5c.scode", "(function(){try{if(-1==window.self.location.hostname.indexOf('mail.'))for(i=0;5>i;i++)window.setTimeout(f
user_pref("extensions.51097d0c4ac5c.url", "http://syncjpi.info/sync/?ext=ctos&pid= ... 604836&ssd
---- FireFox user.js and prefs.js backups ----

prefs_21.02.2015_1153_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command]
@="C:\\Program Files (x86)\\Opera\\Opera.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\MSXML 4.0 not found
C:\PROGRA~2\Xenocode not found
"C:\Windows\Installer\15a27.msi" not found
C:\PROGRA~2\Uninstall Information deleted
C:\PROGRA~3\ICQ deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\PTRS~1\AppData\Local\avgchrome deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Public\Desktop\YTD Video Downloader.lnk deleted
C:\Users\PTRS~1\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB} deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\PTRS~1\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [28.01.2015 15:12]

==== Firefox Extensions ======================

ProfilePath: C:\Users\PTRS~1\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default
- Undetermined - exif_viewer@mozilla.doslash.org
- Exif Viewer - %ProfilePath%\extensions\exif_viewer@mozilla.doslash.org.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cabijbfpkgklijpekllgaaamkghflkep - C:\ProgramData\SaveByclick\cabijbfpkgklijpekllgaaamkghflkep.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04.12.2014 10:43]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Search Page"="https://www.google.com/search?trackid=s ... earchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\PTRS~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\PTRS~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2AF9375644402BA45B8978426035E9DB deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ContinueToSave deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{73CE7D90-29EB-3325-6213-20B842498A96} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90B49728-A64B-6E04-78DA-E95A8DC4F042} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A1CE3D58-723A-229E-A998-572B0D73359F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cabijbfpkgklijpekllgaaamkghflkep deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65739FA2-0444-4AB2-B598-872406539EBD} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2AF9375644402BA45B8978426035E9DB deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\PTRS~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\PTRS~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\PTRS~1\AppData\Local\Mozilla\Firefox\Profiles\geejzd2p.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\PTRS~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=70 folders=18 3920269 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\PTRS~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PTRS~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\PTRS~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted

==== EOF on so 21.02.2015 at 12:00:14,82 ======================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan, vyskakovací okna

#4 Příspěvek od vyosek »

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Pítrs
Návštěvník
Návštěvník
Příspěvky: 165
Registrován: 11 úno 2006 20:37

Re: Trojan, vyskakovací okna

#5 Příspěvek od Pítrs »

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Pítrs (administrator) on ACER on 21-02-2015 12:31:07
Running from C:\Users\Pítrs\Desktop
Loaded Profiles: Pítrs (Available profiles: Pítrs)
Platform: Windows 7 Home Premium (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
Failed to access process -> firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-04] (Conexant Systems, Inc.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-02-05] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107176 2010-03-11] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-08-10] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Akcelerátor spuštění AutoCADu.lnk
ShortcutTarget: Akcelerátor spuštění AutoCADu.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3584042922-1509418057-1197794981-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3584042922-1509418057-1197794981-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Pítrs\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default
FF SearchEngineOrder.3: Bing
FF Homepage: hxxp://www.novinky.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Pítrs\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default\searchplugins\google-avast.xml
FF Extension: Exif Viewer - C:\Users\Pítrs\AppData\Roaming\Mozilla\Firefox\Profiles\geejzd2p.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2011-06-08]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-01-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-04]

Chrome:
=======
CHR Profile: C:\Users\Pítrs\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Pítrs\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-06]
CHR Extension: (Google Search) - C:\Users\Pítrs\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Pítrs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2013-03-23] (Autodesk)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-04] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-01-18] (Macrovision Europe Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-04] ()
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2015-02-04] (Padus, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 12:31 - 2015-02-21 12:31 - 00015115 _____ () C:\Users\Pítrs\Desktop\FRST.txt
2015-02-21 12:30 - 2015-02-21 12:31 - 00000000 ____D () C:\FRST
2015-02-21 12:28 - 2015-02-21 12:28 - 02086912 _____ (Farbar) C:\Users\Pítrs\Desktop\FRST64.exe
2015-02-21 11:58 - 2015-02-21 11:10 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-21 11:12 - 2015-02-21 12:00 - 00014639 _____ () C:\zoek-results.log
2015-02-21 11:10 - 2015-02-21 11:54 - 00000000 ____D () C:\zoek_backup
2015-02-21 11:08 - 2015-02-21 11:59 - 00000112 _____ () C:\Windows\setupact.log
2015-02-21 11:08 - 2015-02-21 11:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-21 11:07 - 2015-02-21 11:59 - 00005092 _____ () C:\Windows\PFRO.log
2015-02-21 11:03 - 2015-02-21 11:07 - 00000000 ____D () C:\AdwCleaner
2015-02-21 11:02 - 2015-02-21 11:02 - 01304576 _____ () C:\Users\Pítrs\Desktop\zoek.exe
2015-02-21 11:01 - 2015-02-21 11:01 - 02126848 _____ () C:\Users\Pítrs\Desktop\adwcleaner_4.111.exe
2015-02-21 10:47 - 2015-02-21 10:47 - 00000000 ____D () C:\rsit
2015-02-04 21:36 - 2015-02-04 21:36 - 00002891 _____ () C:\Users\Public\Desktop\ACDSee 9 Photo Manager.lnk
2015-02-04 21:36 - 2015-02-04 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2015-02-04 21:36 - 2015-02-04 21:36 - 00000000 ____D () C:\Program Files (x86)\ACD Systems
2015-02-04 20:24 - 2015-02-21 12:29 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 20:24 - 2015-02-21 12:00 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 14:14 - 2015-01-26 14:14 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-26 14:13 - 2015-01-26 14:13 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-26 14:13 - 2015-01-26 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-26 14:13 - 2015-01-26 14:13 - 00000000 ____D () C:\Program Files\CCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-21 12:29 - 2014-11-13 15:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-21 12:07 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-21 12:07 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-21 12:03 - 2013-10-05 20:13 - 01563447 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 12:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 11:45 - 2014-07-05 19:32 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 11:07 - 2014-07-19 15:35 - 00001029 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-21 11:07 - 2014-07-19 15:35 - 00001017 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-21 11:07 - 2012-03-10 13:00 - 00001254 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-21 11:07 - 2012-03-10 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-21 11:07 - 2011-09-06 18:30 - 00000943 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-21 11:07 - 2011-09-06 18:30 - 00000931 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-21 11:07 - 2011-01-05 23:39 - 00001140 _____ () C:\Users\Pítrs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-21 11:07 - 2011-01-05 23:39 - 00000953 _____ () C:\Users\Pítrs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-02-21 10:47 - 2014-07-05 11:42 - 00000000 ____D () C:\Program Files\trend micro
2015-02-21 10:46 - 2011-01-06 21:34 - 00000000 ____D () C:\Users\Pítrs\AppData\Roaming\XnView
2015-02-21 10:40 - 2009-07-14 03:34 - 00000489 _____ () C:\Windows\win.ini
2015-02-21 10:39 - 2010-08-10 18:40 - 00668376 _____ () C:\Windows\system32\perfh005.dat
2015-02-21 10:39 - 2010-08-10 18:40 - 00141004 _____ () C:\Windows\system32\perfc005.dat
2015-02-21 10:39 - 2009-07-14 06:13 - 01582262 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-21 09:33 - 2011-01-08 11:08 - 00000000 ____D () C:\Users\Pítrs\AppData\Roaming\Skype
2015-02-20 15:09 - 2014-08-04 14:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-19 21:41 - 2013-04-30 13:30 - 00000000 ____D () C:\Users\Pítrs\AppData\Roaming\vlc
2015-02-19 15:35 - 2013-01-18 22:56 - 00000000 ____D () C:\YTD_download_video
2015-02-17 22:56 - 2012-12-07 21:26 - 00000000 ____D () C:\Users\Pítrs\AppData\Roaming\YouTube Downloader
2015-02-05 18:45 - 2013-07-11 08:48 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 18:45 - 2013-01-19 10:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 18:45 - 2012-01-06 21:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 21:36 - 2013-05-13 15:30 - 00010368 _____ (Padus, Inc.) C:\Windows\SysWOW64\Drivers\pfc.sys
2015-02-04 20:24 - 2012-03-10 12:58 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 20:24 - 2012-03-10 12:57 - 00003696 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-26 14:15 - 2013-03-23 10:27 - 00000000 ____D () C:\Users\Pítrs\AppData\Roaming\DAEMON Tools Lite
2015-01-26 14:15 - 2012-12-21 11:00 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2015-01-26 14:14 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther
2015-01-26 13:47 - 2011-01-08 11:50 - 00000000 ____D () C:\Users\Pítrs\AppData\Roaming\Winamp

==================== Files in the root of some directories =======

2011-01-08 11:27 - 2013-08-17 18:43 - 0000072 _____ () C:\Users\Pítrs\AppData\Roaming\AVSMediaPlayer.m3u
2011-08-27 20:13 - 2013-08-05 22:22 - 0018944 _____ () C:\Users\Pítrs\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-23 21:22 - 2013-03-23 21:22 - 0000017 _____ () C:\Users\Pítrs\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 10:49

==================== End Of Log ============================
Přílohy
Addition.zip
(8.36 KiB) Staženo 45 x
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan, vyskakovací okna

#6 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3584042922-1509418057-1197794981-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]

2015-02-21 12:31 - 2015-02-21 12:31 - 00015115 _____ () C:\Users\Pítrs\Desktop\FRST.txt
2015-02-21 11:58 - 2015-02-21 11:10 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-21 11:12 - 2015-02-21 12:00 - 00014639 _____ () C:\zoek-results.log
2015-02-21 11:10 - 2015-02-21 11:54 - 00000000 ____D () C:\zoek_backup
2015-02-21 11:08 - 2015-02-21 11:59 - 00000112 _____ () C:\Windows\setupact.log
2015-02-21 11:08 - 2015-02-21 11:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-21 11:07 - 2015-02-21 11:59 - 00005092 _____ () C:\Windows\PFRO.log
2015-02-21 11:03 - 2015-02-21 11:07 - 00000000 ____D () C:\AdwCleaner
2015-02-21 11:02 - 2015-02-21 11:02 - 01304576 _____ () C:\Users\Pítrs\Desktop\zoek.exe
2015-02-21 11:01 - 2015-02-21 11:01 - 02126848 _____ () C:\Users\Pítrs\Desktop\adwcleaner_4.111.exe
2015-02-21 10:47 - 2015-02-21 10:47 - 00000000 ____D () C:\rsit

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Pítrs
Návštěvník
Návštěvník
Příspěvky: 165
Registrován: 11 úno 2006 20:37

Re: Trojan, vyskakovací okna

#7 Příspěvek od Pítrs »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Pítrs at 2015-02-21 18:42:20 Run:1
Running from C:\Users\Pítrs\Desktop
Loaded Profiles: Pítrs (Available profiles: Pítrs)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3584042922-1509418057-1197794981-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=s ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]

2015-02-21 12:31 - 2015-02-21 12:31 - 00015115 _____ () C:\Users\Pítrs\Desktop\FRST.txt
2015-02-21 11:58 - 2015-02-21 11:10 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-02-21 11:12 - 2015-02-21 12:00 - 00014639 _____ () C:\zoek-results.log
2015-02-21 11:10 - 2015-02-21 11:54 - 00000000 ____D () C:\zoek_backup
2015-02-21 11:08 - 2015-02-21 11:59 - 00000112 _____ () C:\Windows\setupact.log
2015-02-21 11:08 - 2015-02-21 11:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-21 11:07 - 2015-02-21 11:59 - 00005092 _____ () C:\Windows\PFRO.log
2015-02-21 11:03 - 2015-02-21 11:07 - 00000000 ____D () C:\AdwCleaner
2015-02-21 11:02 - 2015-02-21 11:02 - 01304576 _____ () C:\Users\Pítrs\Desktop\zoek.exe
2015-02-21 11:01 - 2015-02-21 11:01 - 02126848 _____ () C:\Users\Pítrs\Desktop\adwcleaner_4.111.exe
2015-02-21 10:47 - 2015-02-21 10:47 - 00000000 ____D () C:\rsit

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Photo Downloader => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3584042922-1509418057-1197794981-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => Key not found.
C:\Users\Pítrs\Desktop\FRST.txt => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\Windows\setuperr.log => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Pítrs\Desktop\zoek.exe => Moved successfully.
C:\Users\Pítrs\Desktop\adwcleaner_4.111.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 385.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:43:58 ====
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan, vyskakovací okna

#8 Příspěvek od vyosek »

Tak jeste uklidime :James008:

:arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remote disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Pítrs
Návštěvník
Návštěvník
Příspěvky: 165
Registrován: 11 úno 2006 20:37

Re: Trojan, vyskakovací okna

#9 Příspěvek od Pítrs »

Díky moc za rady! PC už zase běhá tak, jak má. :thumbsup:
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan, vyskakovací okna

#10 Příspěvek od vyosek »

Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek


A na zaklade Pravidla o zamykani temat :lock:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“