Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

E-mail od DHL - virus

http://www.hoax.cz

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
Chess
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 10 říj 2013 11:31

E-mail od DHL - virus

#1 Příspěvek od Chess »

Pěkný den Vám přeji!

Jsem blb, teď se biju do hlavy, ale už nic nezmůžu. Vyhrál jsem v jedné soutěži a jak "na zavolanou" přišel e-mail o zásilce z DHL (sice v němčině, ale nepřišlo mi to divné :( Říkal jsem si, že to bude určitě má výhra, tak mě ani ve snu nenapadlo, že to je vir. Bohužel jsem si stáhl do mého PC zazipovanou přílohu a samozřejmě jsem si až poté přečetl na internetu, že se jedná o virus! Pomoc! Mám obyčejný antivir - AVAST v základní verzi a samozřejmě po stažení a rozbalení onoho souboru mi začaly vyjíždět různé okénka z Avastu, jakýsi certifikát - že mám povolit výjimku atd. Myslím, že jsem dával pořád Storno. Najednou z ničehonic nic vyskočilo oznámení z Avastu, že zasílá jakousi Odchozí zprávu a předmět byl **VIRUS** či tak nějak :cry: Bojím se, co všechno se mohlo stát...ještě teď mi vyskakují okna z Avastu, že zablokoval nebezpečné... atd. Prosím, jak mám teď postupovat? Internetové bankovnictví sice nepoužívám, ale platím kartou online :(( A myslíte, že teď může mít někdo doma obsah mého PC? Např. videa, fotky, dokumenty?? Děkuji mockrát za pomoc :roll: :roll: :roll:

Upraveno v 18:17: Ještě jsem chtěl dodat, že mám v PC program STATWIN, takže veškerá má činnost na PC je zaznamenávána - jsou tam procesy celkově, webové stránky, myší kam klikám atd...mohu z toho něco zjistit?

Ještě zasílám sken okna z Avastu, které mi od té chvíle sem tam vyskakuje. Děkuji!
Přílohy
avast okno.JPG
avast okno.JPG (64.04 KiB) Zobrazeno 14235 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: E-mail od DHL - virus

#2 Příspěvek od Rudy »

Zdravím!
Především nejprve gvše, co máte pod heslem, přeheslujte. Pak se podíváme, co všechno vám v PC běží. Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=24&t=132509 . Nemslím si, že by měl někdo doma obsah vašeho PC. Videa, fotky apod. nejsou zrovna data, o která by kyberzločinci stáli. Pokud ovšem tam nemáte něco, co se dá zpeněžit.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Chess
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 10 říj 2013 11:31

Re: E-mail od DHL - virus

#3 Příspěvek od Chess »

Díky moc, ale ten FRSTLauncher mi nejde stáhnout :( Píše to:

Spojení přerušeno

Spojení se serverem bylo v průběhu načítání stránky ukončeno.

Server je dočasně nedostupný. Zkuste to prosím znovu za chvíli.
Pokud se vám nezobrazují ani ostatní stránky, zkontrolujte síťové připojení svého počítače.
Pokud je váš počítač chráněn firewallem nebo proxy serverem, zkontrolujte, zda má Firefox přístup na Internet.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: E-mail od DHL - virus

#4 Příspěvek od Rudy »

Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Chess
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 10 říj 2013 11:31

Re: E-mail od DHL - virus

#5 Příspěvek od Chess »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01
Ran by Angi (administrator) on ANGI-MZVCHXRX6F on 27-05-2015 23:00:44
Running from C:\Documents and Settings\Angi\Plocha
Loaded Profiles: Angi (Available Profiles: Angi & Admin)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(SXR Software) C:\Program Files\SXR Software\StatWin\ExecStat.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(SXR Software) C:\Program Files\SXR Software\StatWin\ExecStat.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-11] (Avast Software s.r.o.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-11-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AutoKMS] => C:\WINDOWS\AutoKMS.exe [615936 2015-02-14] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [ES] => C:\Program Files\SXR Software\StatWin\ExecStat.exe [325960 2012-02-06] (SXR Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKU\S-1-5-21-1004336348-362288127-839522115-1003\...\Run: [a27e3f97bad4b63ab7875261d568f4b] => C:\Documents and Settings\Angi\Local Settings\Data aplikací\a27e3f97bad4b63ab7875261d568f4b.exe [153299 2015-05-27] (Flash )
HKU\S-1-5-21-1004336348-362288127-839522115-1003\...\MountPoints2: {1dca1316-bdf8-11dc-b804-0016e6489920} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssflwbox.scr [393216 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... 2025720257
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTer ... DF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... 2025720257
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... 2025720257
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Prev Search Bar = http://google.icq.com/search/search_frame.php
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://www.icq.com/search/results.php?q ... &ch_id=osd
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... earchTerms}
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... 2025720257
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
URLSearchHook: HKU\S-1-5-21-1004336348-362288127-839522115-1003 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b& ... earchTerms}
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\XTab\SupTab.dll [2015-05-20] (Thinknice Co. Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: No Name -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/sho ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler: WSIEChrome - No CLSID Value -
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&t ... 2025720257

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Angi\Data aplikací\Mozilla\Firefox\Profiles\c535dcqe.default-1426437749531
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts= ... 2025720257
FF SelectedSearchEngine: delta-homes
FF Homepage: https://seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1004336348-362288127-839522115-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Angi\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1004336348-362288127-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Angi\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll [2007-12-19] ()
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml [2015-05-20]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-03-05]
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2015-05-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-03-04]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapodhaoggdemfffbmjpgfgekfjjpe [2015-04-22]
CHR Extension: (Docs) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-22]
CHR Extension: (Google Search) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-22]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-22]
CHR Extension: (No Name) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR HKLM\...\Chrome\Extension: [aaaapodhaoggdemfffbmjpgfgekfjjpe] - C:\Documents and Settings\Angi\Local Settings\Data aplikací\APN\GoogleCRXs\aaaapodhaoggdemfffbmjpgfgekfjjpe_7.13.1.0.crx [2011-10-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Mozilla Firefox\Opera.exe http://www.mystartsearch.com/?type=sc&t ... 2025720257

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [157824 2015-05-20] (XTab system)
R2 JavaQuickStarterService; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161664 2012-04-04] (Oracle Corporation)
R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [77824 2004-02-29] (NVIDIA Corporation) [File not signed]
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 SW Administration Service; C:\Program Files\SXR Software\StatWin\ExecStat.exe [325960 2012-02-06] (SXR Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [42496 2005-03-09] (Advanced Micro Devices)
S3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 gdrv; C:\WINDOWS\gdrv.sys [4096 2006-05-27] () [File not signed]
R2 hwpsgt; C:\WINDOWS\System32\DRIVERS\hwpsgt.sys [137344 2006-12-26] () [File not signed]
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R2 ithsgt; C:\WINDOWS\System32\DRIVERS\ithsgt.sys [162432 2007-10-13] () [File not signed]
R2 lemsgt; C:\WINDOWS\System32\DRIVERS\lemsgt.sys [9472 2006-12-26] () [File not signed]
R2 lilsgt; C:\WINDOWS\System32\DRIVERS\lilsgt.sys [12032 2007-10-13] () [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1893728 2004-02-29] (NVIDIA Corporation) [File not signed]
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [93568 2005-08-18] (NVIDIA Corporation) [File not signed]
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-10-25] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-25] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [71168 2004-10-15] (Realtek Semiconductor Corporation )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 s1018obex; C:\WINDOWS\System32\DRIVERS\s1018obex.sys [104616 2008-11-04] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [642560 2006-07-05] () [File not signed]
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S3 W700bus; C:\WINDOWS\System32\DRIVERS\W700bus.sys [61536 2006-02-19] (MCCI)
S3 W700mdfl; C:\WINDOWS\System32\DRIVERS\W700mdfl.sys [9264 2006-02-19] (MCCI)
S3 W700mdm; C:\WINDOWS\System32\DRIVERS\W700mdm.sys [97056 2006-02-19] (MCCI)
S3 W700obex; C:\WINDOWS\System32\DRIVERS\W700obex.sys [86368 2006-02-19] (MCCI)
S3 DKbFltr; System32\Drivers\DKbFltr.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 23:00 - 2015-05-27 23:00 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha\posledni
2015-05-27 22:56 - 2015-05-27 22:57 - 00026507 _____ () C:\Documents and Settings\Angi\Plocha\Addition.txt
2015-05-27 22:55 - 2015-05-27 23:00 - 00022532 _____ () C:\Documents and Settings\Angi\Plocha\FRST.txt
2015-05-27 22:53 - 2015-05-27 23:00 - 00000000 ____D () C:\FRST
2015-05-27 21:52 - 2015-05-27 21:52 - 01147392 _____ (Farbar) C:\Documents and Settings\Angi\Plocha\FRST.exe
2015-05-27 16:13 - 2015-05-27 22:24 - 00153299 _____ (Flash ) C:\Documents and Settings\Angi\Local Settings\Data aplikací\a27e3f97bad4b63ab7875261d568f4b.exe
2015-05-20 17:40 - 2015-05-20 17:40 - 00000000 ____D () C:\Program Files\XTab
2015-05-20 17:40 - 2015-05-20 17:40 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\IHProtectUpDate
2015-05-16 11:47 - 2015-05-16 11:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-12 20:46 - 2015-05-14 20:44 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha\Recepty

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-27 23:00 - 2006-05-27 23:04 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha
2015-05-27 23:00 - 2006-05-27 23:04 - 00000000 ____D () C:\Documents and Settings\Angi\Local Settings\Temp
2015-05-27 22:59 - 2012-05-17 17:15 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-27 22:14 - 2015-04-22 18:58 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-27 21:59 - 2012-08-18 10:22 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-05-27 21:52 - 2014-02-13 11:30 - 00000000 ____D () C:\Documents and Settings\Angi\Dokumenty\Stažené soubory
2015-05-27 20:25 - 2013-10-03 11:20 - 00000988 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-362288127-839522115-1003UA.job
2015-05-27 19:27 - 2015-04-22 18:58 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 19:27 - 2015-02-11 18:35 - 00086485 _____ () C:\WINDOWS\setupapi.log
2015-05-27 19:27 - 2006-05-28 00:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-27 19:27 - 2006-05-28 00:56 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-27 19:26 - 2006-05-27 23:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-27 19:16 - 2014-11-10 20:39 - 00176226 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-27 19:16 - 2006-05-27 23:04 - 00032362 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-27 17:06 - 2011-10-07 14:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-27 17:06 - 2006-05-28 00:55 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-05-27 17:06 - 2006-05-28 00:54 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-05-27 17:05 - 2006-05-30 16:19 - 00153600 _____ () C:\Documents and Settings\Angi\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-27 17:05 - 2006-05-29 22:46 - 00000049 _____ () C:\WINDOWS\NeroDigital.ini
2015-05-27 16:17 - 2006-05-27 23:04 - 00000000 __RHD () C:\Documents and Settings\Angi\Data aplikací
2015-05-27 16:13 - 2006-05-27 23:04 - 00000000 ___HD () C:\Documents and Settings\Angi\Local Settings\Data aplikací
2015-05-27 11:25 - 2013-10-03 11:20 - 00000966 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-362288127-839522115-1003Core.job
2015-05-27 00:18 - 2006-05-27 23:04 - 00000272 ___SH () C:\Documents and Settings\Angi\ntuser.ini
2015-05-26 21:11 - 2009-10-17 17:18 - 00000000 ___RD () C:\Documents and Settings\Angi\Dokumenty\Filmy
2015-05-23 17:59 - 2015-03-05 11:49 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\WindowsMangerProtect
2015-05-20 17:38 - 2009-07-14 22:15 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ICQ
2015-05-18 00:41 - 2015-02-14 09:55 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-05-16 16:25 - 2006-05-27 23:05 - 00000000 ___RD () C:\Documents and Settings\Angi\Dokumenty\Obrázky
2015-05-16 15:21 - 2012-05-03 19:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-15 12:12 - 2015-02-14 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-05-13 14:14 - 2011-03-04 23:58 - 00000000 ___RD () C:\Documents and Settings\Angi\Dokumenty\Hudba
2015-05-11 19:44 - 2001-10-25 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-30 23:19 - 2012-10-24 15:03 - 00000000 ____D () C:\Stazene
2015-04-30 21:23 - 2015-04-12 21:00 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha\nove

==================== Files in the root of some directories =======

2015-05-27 16:13 - 2015-05-27 22:24 - 0153299 _____ (Flash ) C:\Documents and Settings\Angi\Local Settings\Data aplikací\a27e3f97bad4b63ab7875261d568f4b.exe
2006-05-30 16:19 - 2015-05-27 17:05 - 0153600 _____ () C:\Documents and Settings\Angi\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-05-27 23:23 - 2006-05-27 23:23 - 0000124 _____ () C:\Documents and Settings\Angi\Local Settings\Data aplikací\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Angi\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\Angi\Local Settings\Temp\ecgcabfbdfbhh.exe
C:\Documents and Settings\Angi\Local Settings\Temp\FreemakeVideoConverterFull.exe
C:\Documents and Settings\Angi\Local Settings\Temp\hellow.exe
C:\Documents and Settings\Angi\Local Settings\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Documents and Settings\Angi\Local Settings\Temp\MovieStudio.exe
C:\Documents and Settings\Angi\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\Angi\Local Settings\Temp\Statwin total pe 8 2 1 1__10924_i1504972756_il1440815.exe
C:\Documents and Settings\Angi\Local Settings\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

altrok
Moderátor
Moderátor
Příspěvky: 7257
Registrován: 15 lis 2012 22:26
Bydliště: Znojmo

Re: E-mail od DHL - virus

#6 Příspěvek od altrok »

Zdravim a omlouvam se za jednorazovy vstup.
Mohl byste prosim prilohu tohoto mailu uploadnout napr. na ulozto/letackaposta.cz a odkaz na jeho stazeni mi zaslat do mailu, ktery mam uvedeny v podpisu (mail se samotnou prilohou by blokovany)? Dekuji.
Pokud je cokoliv nejasného, ihned se ptej.
V případě spokojenosti prosím podpořte forum.
Pro dotazy, které se nehodí na forum, je možné využít altrokzavináčforum.viry.cz
Máš-li chuť pomáhat návštěvníkům tohoto fora, přihlas se do naší školičky.

Chess
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 10 říj 2013 11:31

Re: E-mail od DHL - virus

#7 Příspěvek od Chess »

Pěkný den, to bych rád, ale co si pamatuju, myslím, že už jsem ty soubory vymazal z PC - ten zazipovaný i extrahovaný. Taky jsem raději smazal ten e-mail. Našel jsem zip soubor akorát v Historii stahování. Nevím, jestli to pomůže, ale přesný název je:

DHL_Report_8400190897.zip
80,9 kB - produktlokalny.pl - včera

Upraveno v 11:34:

Ještě zasílám upozornění z Avastu, nevím, jestli mám dát Odstranit špatná rozšíření? Děkuji!!
Přílohy
upozorneni.JPG
upozorneni.JPG (53 KiB) Zobrazeno 14118 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: E-mail od DHL - virus

#8 Příspěvek od Rudy »

Klidně dejte odstranit. AskToolbar je AdWare, stejně bychom ho vyhodili. Dále spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Chess
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 10 říj 2013 11:31

Re: E-mail od DHL - virus

#9 Příspěvek od Chess »

# AdwCleaner v4.205 - Logfile created 29/05/2015 at 12:47:17
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Angi - ANGI-MZVCHXRX6F
# Running from : C:\Documents and Settings\Angi\Plocha\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\WindowsMangerProtect
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\IHProtectUpDate
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\Angi\Local Settings\Data aplikací\AlterGeo
Folder Deleted : C:\Documents and Settings\Angi\Local Settings\Data aplikací\apn
Folder Deleted : C:\Documents and Settings\Angi\Local Settings\Data aplikací\AskToolbar
Folder Deleted : C:\Documents and Settings\Angi\Data aplikací\mystartsearch
File Deleted : C:\WINDOWS\pack.epk
File Deleted : C:\DOCUME~1\Angi\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\delta-homes.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\mystartsearch.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\Angi\Nabídka Start\Programy\Internet Explorer.lnk
Shortcut Disinfected : C:\Documents and Settings\Angi\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Documents and Settings\Angi\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Spustit prohlížeč Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\XTTB00001
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.XTTBPos00
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.XTTBPos00.1
Key Deleted : HKLM\SOFTWARE\Classes\XTTB00001.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\XTTB00001.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\XTTB00001.XTTB00001
Key Deleted : HKLM\SOFTWARE\Classes\XTTB00001.XTTB00001.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Grand Virtual
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\ImInstaller
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mystartsearch uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Web browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Prev Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Mozilla Firefox v38.0.1 (x86 cs)

[c535dcqe.default-1426437749531\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "mystartsearch");

-\\ Google Chrome v43.0.2357.81


*************************

AdwCleaner[R0].txt - [10575 bytes] - [29/05/2015 12:44:38]
AdwCleaner[S0].txt - [10110 bytes] - [29/05/2015 12:47:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10170 bytes] ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: E-mail od DHL - virus

#10 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Chess
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 10 říj 2013 11:31

Re: E-mail od DHL - virus

#11 Příspěvek od Chess »

Díky...jen ještě, pokaždé, když zapnu PC, píše mi to Nalezen nový hardware, přitom jsem nic nepřidával, tak vždy dávám Storno...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01
Ran by Angi (administrator) on ANGI-MZVCHXRX6F on 29-05-2015 21:30:24
Running from C:\Documents and Settings\Angi\Plocha
Loaded Profiles: Angi (Available Profiles: Angi & Admin)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(SXR Software) C:\Program Files\SXR Software\StatWin\ExecStat.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(SXR Software) C:\Program Files\SXR Software\StatWin\ExecStat.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-11] (Avast Software s.r.o.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [577536 2006-11-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [ES] => C:\Program Files\SXR Software\StatWin\ExecStat.exe [325960 2012-02-06] (SXR Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKU\S-1-5-21-1004336348-362288127-839522115-1003\...\MountPoints2: {1dca1316-bdf8-11dc-b804-0016e6489920} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssflwbox.scr [393216 2008-04-14] (Microsoft Corporation)
Lsa: [Authentication Packages] msv1_0 nwprovau
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
URLSearchHook: HKU\S-1-5-21-1004336348-362288127-839522115-1003 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: No Name -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll [2008-04-14] (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab
DPF: {50E43D86-A74D-11D0-98CE-004005249458} https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/sho ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler: WSIEChrome - No CLSID Value -
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Angi\Data aplikací\Mozilla\Firefox\Profiles\c535dcqe.default-1426437749531
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts= ... 2025720257
FF SelectedSearchEngine: delta-homes
FF Homepage: https://seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-04-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1004336348-362288127-839522115-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Angi\Local Settings\Data aplikací\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1004336348-362288127-839522115-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Angi\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll [2007-12-19] ()
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2015-05-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-16]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-03-04]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapodhaoggdemfffbmjpgfgekfjjpe [2015-04-22]
CHR Extension: (Docs) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-22]
CHR Extension: (Google Drive) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-22]
CHR Extension: (Google Search) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-22]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-22]
CHR Extension: (No Name) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-22]
CHR Extension: (Gmail) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-07-12]

Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Mozilla Firefox\Opera.exe http://www.mystartsearch.com/?type=sc&t ... 2025720257

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161664 2012-04-04] (Oracle Corporation)
R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [77824 2004-02-29] (NVIDIA Corporation) [File not signed]
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 SW Administration Service; C:\Program Files\SXR Software\StatWin\ExecStat.exe [325960 2012-02-06] (SXR Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [42496 2005-03-09] (Advanced Micro Devices)
S3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 gdrv; C:\WINDOWS\gdrv.sys [4096 2006-05-27] () [File not signed]
R2 hwpsgt; C:\WINDOWS\System32\DRIVERS\hwpsgt.sys [137344 2006-12-26] () [File not signed]
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R2 ithsgt; C:\WINDOWS\System32\DRIVERS\ithsgt.sys [162432 2007-10-13] () [File not signed]
R2 lemsgt; C:\WINDOWS\System32\DRIVERS\lemsgt.sys [9472 2006-12-26] () [File not signed]
R2 lilsgt; C:\WINDOWS\System32\DRIVERS\lilsgt.sys [12032 2007-10-13] () [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1893728 2004-02-29] (NVIDIA Corporation) [File not signed]
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [93568 2005-08-18] (NVIDIA Corporation) [File not signed]
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2001-10-25] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2001-10-25] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [71168 2004-10-15] (Realtek Semiconductor Corporation )
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 s1018obex; C:\WINDOWS\System32\DRIVERS\s1018obex.sys [104616 2008-11-04] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [642560 2006-07-05] () [File not signed]
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9216 2006-10-17] (VIA Technologies, Inc.)
S3 W700bus; C:\WINDOWS\System32\DRIVERS\W700bus.sys [61536 2006-02-19] (MCCI)
S3 W700mdfl; C:\WINDOWS\System32\DRIVERS\W700mdfl.sys [9264 2006-02-19] (MCCI)
S3 W700mdm; C:\WINDOWS\System32\DRIVERS\W700mdm.sys [97056 2006-02-19] (MCCI)
S3 W700obex; C:\WINDOWS\System32\DRIVERS\W700obex.sys [86368 2006-02-19] (MCCI)
S3 DKbFltr; System32\Drivers\DKbFltr.sys [X]
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 12:44 - 2015-05-29 12:47 - 00000000 ____D () C:\AdwCleaner
2015-05-29 12:40 - 2015-05-29 12:40 - 02223104 _____ () C:\Documents and Settings\Angi\Plocha\adwcleaner_4.205.exe
2015-05-27 23:00 - 2015-05-27 23:00 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha\posledni
2015-05-27 22:56 - 2015-05-27 23:01 - 00026690 _____ () C:\Documents and Settings\Angi\Plocha\Addition.txt
2015-05-27 22:55 - 2015-05-29 21:30 - 00018034 _____ () C:\Documents and Settings\Angi\Plocha\FRST.txt
2015-05-27 22:53 - 2015-05-29 21:30 - 00000000 ____D () C:\FRST
2015-05-27 21:52 - 2015-05-27 21:52 - 01147392 _____ (Farbar) C:\Documents and Settings\Angi\Plocha\FRST.exe
2015-05-16 11:47 - 2015-05-16 11:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-12 20:46 - 2015-05-14 20:44 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha\Recepty

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 21:30 - 2006-05-27 23:04 - 00000000 ____D () C:\Documents and Settings\Angi\Local Settings\Temp
2015-05-29 21:25 - 2006-05-27 23:04 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha
2015-05-29 21:14 - 2015-04-22 18:58 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-29 20:59 - 2012-05-17 17:15 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-29 20:25 - 2013-10-03 11:20 - 00000988 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-362288127-839522115-1003UA.job
2015-05-29 18:32 - 2015-02-11 18:35 - 00099712 _____ () C:\WINDOWS\setupapi.log
2015-05-29 18:31 - 2015-04-22 18:58 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-29 18:31 - 2012-08-18 10:22 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-05-29 18:31 - 2006-05-28 00:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-29 18:31 - 2006-05-28 00:56 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-29 18:31 - 2006-05-27 23:01 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-29 15:16 - 2014-11-10 20:39 - 00181202 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-29 15:16 - 2006-05-27 23:04 - 00032600 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-29 15:16 - 2006-05-27 23:04 - 00000272 ___SH () C:\Documents and Settings\Angi\ntuser.ini
2015-05-29 14:46 - 2015-02-06 23:48 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-05-29 12:47 - 2013-10-11 17:19 - 00000724 _____ () C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
2015-05-29 12:47 - 2011-10-07 17:51 - 00000730 _____ () C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
2015-05-29 12:47 - 2007-02-01 14:48 - 00000867 _____ () C:\Documents and Settings\Angi\Nabídka Start\Programy\Internet Explorer.lnk
2015-05-29 12:47 - 2006-05-28 00:55 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-05-29 12:47 - 2006-05-28 00:55 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-05-29 12:47 - 2006-05-28 00:54 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-05-29 12:47 - 2006-05-27 23:04 - 00000000 __RHD () C:\Documents and Settings\Angi\Data aplikací
2015-05-29 12:47 - 2006-05-27 23:04 - 00000000 ___RD () C:\Documents and Settings\Angi\Nabídka Start\Programy
2015-05-29 12:47 - 2006-05-27 23:04 - 00000000 ___HD () C:\Documents and Settings\Angi\Local Settings\Data aplikací
2015-05-29 11:25 - 2013-10-03 11:20 - 00000966 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-362288127-839522115-1003Core.job
2015-05-28 16:13 - 2014-02-13 11:30 - 00000000 ____D () C:\Documents and Settings\Angi\Dokumenty\Stažené soubory
2015-05-28 14:21 - 2012-05-30 16:24 - 00000000 ____D () C:\Program Files\ESET
2015-05-28 12:44 - 2011-03-04 22:33 - 00000000 ___RD () C:\HUDBA a VIDEA
2015-05-27 17:06 - 2011-10-07 14:46 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-27 17:05 - 2006-05-30 16:19 - 00153600 _____ () C:\Documents and Settings\Angi\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-27 17:05 - 2006-05-29 22:46 - 00000049 _____ () C:\WINDOWS\NeroDigital.ini
2015-05-26 21:11 - 2009-10-17 17:18 - 00000000 ___RD () C:\Documents and Settings\Angi\Dokumenty\Filmy
2015-05-20 17:38 - 2009-07-14 22:15 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\ICQ
2015-05-18 00:41 - 2015-02-14 09:55 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2015-05-16 16:25 - 2006-05-27 23:05 - 00000000 ___RD () C:\Documents and Settings\Angi\Dokumenty\Obrázky
2015-05-16 15:21 - 2012-05-03 19:25 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-15 12:12 - 2015-02-14 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-05-13 14:14 - 2011-03-04 23:58 - 00000000 ___RD () C:\Documents and Settings\Angi\Dokumenty\Hudba
2015-05-11 19:44 - 2001-10-25 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-30 23:19 - 2012-10-24 15:03 - 00000000 ____D () C:\Stazene
2015-04-30 21:23 - 2015-04-12 21:00 - 00000000 ____D () C:\Documents and Settings\Angi\Plocha\nove

==================== Files in the root of some directories =======

2006-05-30 16:19 - 2015-05-27 17:05 - 0153600 _____ () C:\Documents and Settings\Angi\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-05-27 23:23 - 2006-05-27 23:23 - 0000124 _____ () C:\Documents and Settings\Angi\Local Settings\Data aplikací\fusioncache.dat

Some files in TEMP:
====================
C:\Documents and Settings\Angi\Local Settings\Temp\DseShExt-x86.dll
C:\Documents and Settings\Angi\Local Settings\Temp\KMPAddedCode_KMP_adpageopen_Step1.exe
C:\Documents and Settings\Angi\Local Settings\Temp\MovieStudio.exe
C:\Documents and Settings\Angi\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Angi\Local Settings\Temp\SDShelEx-win32.dll
C:\Documents and Settings\Angi\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: E-mail od DHL - virus

#12 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssflwbox.scr [393216 2008-04-14] (Microsoft Corporation)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: No Name -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler: WSIEChrome - No CLSID Value -
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2015-05-16]
CHR Extension: (Ask Toolbar) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapodhaoggdemfffbmjpgfgekfjjpe [2015-04-22]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-22]
CHR Extension: (No Name) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-22]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Mozilla Firefox\Opera.exe http://www.mystartsearch.com/?type=sc&t ... 2025720257
S4 IntelIde; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-362288127-839522115-1003Core.job
C:\Documents and Settings\Angi\Local Settings\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Chess
Návštěvník
Návštěvník
Příspěvky: 44
Registrován: 10 říj 2013 11:31

Re: E-mail od DHL - virus

#13 Příspěvek od Chess »

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by Angi at 2015-05-30 00:02:03 Run:1
Running from C:\Documents and Settings\Angi\Plocha
Loaded Profiles: Angi (Available Profiles: Angi & Admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssflwbox.scr [393216 2008-04-14] (Microsoft Corporation)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> No File
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: No Name -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1004336348-362288127-839522115-1003 -> No Name - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler: WSIEChrome - No CLSID Value -
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2015-05-16]
CHR Extension: (Ask Toolbar) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapodhaoggdemfffbmjpgfgekfjjpe [2015-04-22]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-04-22]
CHR Extension: (No Name) - C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-22]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Mozilla Firefox\Opera.exe http://www.mystartsearch.com/?type=sc&t ... 2025720257
S4 IntelIde; No ImagePath
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-362288127-839522115-1003Core.job
C:\Documents and Settings\Angi\Local Settings\Temp
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully.
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => key Removed successfully.
HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key Removed successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key Removed successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}" => key Removed successfully.
HKCR\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} => key not found.
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value Removed successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1004336348-362288127-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => value Removed successfully.
HKCR\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} => key not found.
"HKCR\PROTOCOLS\Handler\skype-ie-addon-data" => key Removed successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key not found.
"HKCR\PROTOCOLS\Handler\WSIEChrome" => key Removed successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} => Moved successfully.
C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaapodhaoggdemfffbmjpgfgekfjjpe => Moved successfully.
C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Moved successfully.
C:\Documents and Settings\Angi\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command\\Default => value restored successfully
IntelIde => Service Removed successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1004336348-362288127-839522115-1003Core.job => Moved successfully.
C:\Documents and Settings\Angi\Local Settings\Temp => Moved successfully.

==== End of Fixlog 00:02:13 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: E-mail od DHL - virus

#14 Příspěvek od Rudy »

Vše smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět