Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

mrTva, z0atena mas5na

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: mrTva, z0atena mas5na

#16 Příspěvek od Márty84 »

:!: Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )!
:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Reboot::
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

:!: Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
:!: Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Peky
Návštěvník
Návštěvník
Příspěvky: 243
Registrován: 02 říj 2007 05:12

Re: mrTva, z0atena mas5na

#17 Příspěvek od Peky »

ComboFix 15-12-16.01 - Ostatní 22.12.2015 14:31:31.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.697 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-11-22 do 2015-12-22 )))))))))))))))))))))))))))))))
.
.
2015-12-22 13:43 . 2015-12-22 13:57 -------- d-----w- c:\users\Ostatní\AppData\Local\temp
2015-12-22 13:43 . 2015-12-22 13:43 -------- d-----w- c:\users\Víťa\AppData\Local\temp
2015-12-22 13:43 . 2015-12-22 13:43 -------- d-----w- c:\users\OstatnÝ\AppData\Local\temp
2015-12-22 09:48 . 2015-10-29 09:46 8991856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0924F26B-E27B-4804-9F20-977E29A15CA1}\mpengine.dll
2015-12-20 14:25 . 2015-12-22 08:17 -------- d-----w- c:\users\Ostatní\AppData\Local\Temp(14)
2015-12-20 14:25 . 2015-12-21 14:56 -------- d-----w- c:\users\Víťa\AppData\Local\Temp(25)
2015-12-20 14:25 . 2015-12-20 14:25 -------- d-----w- c:\users\Honza\AppData\Local\Temp(5)
2015-12-19 21:18 . 2015-12-19 21:18 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-12-19 21:18 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-12-19 21:18 . 2015-12-22 08:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2015-12-19 21:11 . 2015-12-19 21:11 -------- d-----w- c:\users\Ostatní\AppData\Roaming\Malwarebytes
2015-12-19 21:11 . 2015-12-19 21:11 -------- d-----w- c:\programdata\Malwarebytes
2015-12-19 18:31 . 2015-12-19 18:57 -------- dc----w- C:\AdwCleaner
2015-12-19 18:22 . 2015-12-19 18:23 -------- dc----w- C:\d
2015-12-18 17:14 . 2015-12-18 17:15 -------- d-----w- c:\program files\trend micro
2015-12-18 17:14 . 2015-12-18 17:15 -------- dc----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-10 14:07 . 2012-09-20 10:24 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-12-10 14:07 . 2011-07-09 10:42 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-10-31 18:38 . 2015-11-11 18:26 367616 ----a-w- c:\windows\system32\html.iec
2015-10-31 18:37 . 2015-11-11 18:25 1830912 ----a-w- c:\windows\system32\jscript9.dll
2015-10-31 18:36 . 2015-11-11 18:26 1436160 ----a-w- c:\windows\system32\inetcpl.cpl
2015-10-31 18:36 . 2015-11-11 18:26 1088512 ----a-w- c:\windows\system32\wininet.dll
2015-10-31 18:36 . 2015-11-11 18:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-10-31 18:36 . 2015-11-11 18:26 412672 ----a-w- c:\windows\system32\vbscript.dll
2015-10-31 18:36 . 2015-11-11 18:26 11776 ----a-w- c:\windows\system32\mshta.exe
2015-10-31 18:36 . 2015-11-11 18:26 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-10-17 16:01 . 2015-11-12 13:20 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-10-17 14:24 . 2015-11-12 13:45 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-10-14 20:22 . 2015-11-12 13:19 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-10-14 16:01 . 2015-11-12 13:19 3606464 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-10-14 16:01 . 2015-11-12 13:19 3554752 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-13 14:31 . 2015-11-12 13:20 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2015-10-13 14:31 . 2015-11-12 13:20 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-10-13 00:29 . 2015-10-13 00:29 875720 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-10 16:02 . 2015-11-12 13:13 526272 ----a-w- c:\windows\system32\drivers\ndis.sys
2015-09-26 16:05 . 2015-11-12 13:08 281600 ----a-w- c:\windows\system32\schannel.dll
2015-09-26 16:04 . 2015-11-12 13:08 206336 ----a-w- c:\windows\system32\ncrypt.dll
2015-09-26 13:21 . 2015-11-12 13:08 274432 ----a-w- c:\windows\system32\bcrypt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 09:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 14:45 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-05-04 11:05 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-04 13:09 1000264 ----a-w- c:\program files\Google\Chrome\Application\47.0.2526.73\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 14:07]
.
2015-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-25 12:53]
.
2015-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-25 12:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 192.168.33.5 192.168.33.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-12-22 14:58
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe
c:\program files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2015-12-22 15:01:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-12-22 14:01
ComboFix2.txt 2015-12-20 14:25
.
Před spuštěním: Volných bajtů: 10 244 993 024
Po spuštění: Volných bajtů: 10 158 014 464
.
- - End Of File - - E736756F0A0060BB942ACDF6608FF822
5C616939100B85E558DA92B899A0FC36
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: mrTva, z0atena mas5na

#18 Příspěvek od Márty84 »

:arrow: Dejte novy log z RSIT

a k tomu

:arrow: Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach :)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Peky
Návštěvník
Návštěvník
Příspěvky: 243
Registrován: 02 říj 2007 05:12

Re: mrTva, z0atena mas5na

#19 Příspěvek od Peky »

Logfile of random's system information tool 1.10 (written by random/random)
Run by Ostatní at 2015-12-22 21:38:59
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 9 GB (16%) free of 57 GB
Total RAM: 2038 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:39:13, on 22.12.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16717)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\LuckyBrowse\app\luckybrowse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ostatní\Downloads\RSIT (1).exe
C:\Program Files\trend micro\Ostatní.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://unstopp.me/wpad.dat?adb3d6a283d4 ... bde2975648
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Discover Treasure - {bfa55139-82af-4663-a19b-e135dac8d043} - C:\Program Files\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Realtek87B - Realtek - C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Sysinternals process Explorer - C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe

--
End of file - 4632 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-22 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bfa55139-82af-4663-a19b-e135dac8d043}]
Discover Treasure - C:\Program Files\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-22 59376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-06-15 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-05-04 571024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2015-12-22 17:11:05 ----D---- C:\Users\Ostatní\AppData\Roaming\SimpleFiles
2015-12-22 17:08:50 ----D---- C:\ProgramData\Tmp0x0x
2015-12-22 17:08:02 ----D---- C:\ProgramData\LuckyBrowse
2015-12-22 17:08:02 ----D---- C:\Program Files\LuckyBrowse
2015-12-22 17:08:00 ----D---- C:\Users\Ostatní\AppData\Roaming\yoursearching
2015-12-22 15:01:58 ----D---- C:\Windows\temp
2015-12-22 15:01:12 ----SHDC---- C:\$RECYCLE.BIN
2015-12-22 14:25:54 ----A---- C:\Windows\zip.exe
2015-12-22 14:25:54 ----A---- C:\Windows\SWSC.exe
2015-12-22 14:25:54 ----A---- C:\Windows\SWREG.exe
2015-12-22 14:25:54 ----A---- C:\Windows\sed.exe
2015-12-22 14:25:54 ----A---- C:\Windows\PEV.exe
2015-12-22 14:25:54 ----A---- C:\Windows\NIRCMD.exe
2015-12-22 14:25:54 ----A---- C:\Windows\MBR.exe
2015-12-22 14:25:54 ----A---- C:\Windows\grep.exe
2015-12-22 14:23:24 ----D---- C:\Windows\erdnt
2015-12-20 14:59:00 ----DC---- C:\Qoobox
2015-12-19 22:18:57 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2015-12-19 22:18:50 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-12-19 22:18:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2015-12-19 22:11:28 ----D---- C:\Users\Ostatní\AppData\Roaming\Malwarebytes
2015-12-19 22:11:04 ----D---- C:\ProgramData\Malwarebytes
2015-12-19 19:31:01 ----DC---- C:\AdwCleaner
2015-12-18 18:14:41 ----D---- C:\Program Files\trend micro
2015-12-18 18:14:40 ----DC---- C:\rsit

======List of files/folders modified in the last 1 month======

2015-12-22 17:15:11 ----D---- C:\Windows\system32\Tasks
2015-12-22 17:15:00 ----RD---- C:\Program Files
2015-12-22 17:14:44 ----D---- C:\ProgramData
2015-12-22 17:14:44 ----D---- C:\Program Files\Common Files
2015-12-22 17:11:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-12-22 17:07:53 ----SHD---- C:\Windows\Installer
2015-12-22 15:02:00 ----D---- C:\Windows\system32\drivers
2015-12-22 15:01:58 ----D---- C:\Windows
2015-12-22 14:57:18 ----AC---- C:\Windows\system.ini
2015-12-22 14:57:16 ----D---- C:\Windows\Prefetch
2015-12-22 14:57:11 ----D---- C:\Windows\system32\drivers\etc
2015-12-22 14:42:38 ----D---- C:\Windows\System32
2015-12-22 14:39:48 ----SHD---- C:\System Volume Information
2015-12-22 14:38:42 ----D---- C:\Windows\AppPatch
2015-12-22 09:31:35 ----D---- C:\Windows\system32\config
2015-12-22 09:31:24 ----D---- C:\Windows\Tasks
2015-12-22 09:31:24 ----D---- C:\Windows\system32\spool
2015-12-22 09:31:24 ----D---- C:\Windows\system32\cs-CZ
2015-12-22 09:31:24 ----D---- C:\Windows\system32\CodeIntegrity
2015-12-22 09:31:24 ----D---- C:\Windows\system32\catroot2
2015-12-22 09:31:24 ----D---- C:\Windows\inf
2015-12-22 09:31:19 ----D---- C:\install
2015-12-22 09:31:17 ----D---- C:\Windows\system32\wbem
2015-12-22 09:31:17 ----D---- C:\Windows\registration
2015-12-20 08:16:21 ----D---- C:\Windows\SoftwareDistribution
2015-12-20 08:12:09 ----D---- C:\Windows\Speech
2015-12-19 23:36:59 ----D---- C:\Windows\system32\catroot
2015-12-19 23:36:41 ----D---- C:\Windows\winsxs
2015-12-18 21:04:38 ----A---- C:\Windows\Rtcw.INI
2015-12-18 21:04:06 ----HD---- C:\Program Files\InstallShield Installation Information
2015-12-18 20:59:41 ----D---- C:\Program Files\EACOM
2015-12-11 17:09:27 ----D---- C:\Windows\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-03-21 304920]
R0 sfdrv01;sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 59000]
R0 sfvfs02;sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-12-20 715248]
R0 tos_sps32;TOSHIBA tos_sps32 Service; C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-07-26 285184]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-07-13 50688]
R3 RTL8187B;Síťový adaptér Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-06-22 187440]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS []
S2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
S2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
S2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
S3 a0agq1ui;a0agq1ui; C:\Windows\system32\drivers\a0agq1ui.sys []
S3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2015-12-19 40776]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-09-05 82432]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-18 219392]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-18 211072]
S4 sfhlp02;sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Realtek87B;Realtek87B; C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-07-26 77824]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R2 WindowsMangerProtect;WindowsMangerProtect Service; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [2015-12-22 338432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-22 268976]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2014-04-11 772296]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]

-----------------EOF-----------------
Nahoru
Peky
Návštěvník
Návštěvník
Příspěvky: 243
Registrován: 02 říj 2007 05:12

Re: mrTva, z0atena mas5na

#20 Příspěvek od Peky »

frstlauncher nemohu stahnout hlasi mne to "utocnici na webu . . ." :?:
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: mrTva, z0atena mas5na

#21 Příspěvek od Márty84 »

Tak dejte log aspon ze samotneho FRST.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Peky
Návštěvník
Návštěvník
Příspěvky: 243
Registrován: 02 říj 2007 05:12

Re: mrTva, z0atena mas5na

#22 Příspěvek od Peky »

ok tady je

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-12-2015
Ran by Ostatní (administrator) on HONZA-PC (23-12-2015 09:41:34)
Running from C:\Users\Ostatní\Desktop
Loaded Profiles: Ostatní (Available Profiles: Ostatní & Víťa)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Sysinternals process Explorer) C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Realtek) C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\LuckyBrowse\app\LuckyBrowse.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-19] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.33.5 192.168.33.1
Tcpip\..\Interfaces\{3583EDB0-357F-44CC-8D98-E5A2263774DB}: [DhcpNameServer] 192.168.1.254 192.168.33.5 192.168.33.1
Tcpip\..\Interfaces\{7FFB90EE-7754-437C-8334-58FB9162B98E}: [DhcpNameServer] 192.168.1.254 192.168.33.5 192.168.33.1
Tcpip\..\Interfaces\{C9A22C2B-28F5-47D3-9248-6DD7D5E00980}: [DhcpNameServer] 192.168.1.254 192.168.33.5 192.168.33.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1941701972-1158936334-3354527605-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1941701972-1158936334-3354527605-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1941701972-1158936334-3354527605-1001 -> {0AF36D7C-9BD1-48CB-BAB9-0A781EC27AE2} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=IE_5
SearchScopes: HKU\S-1-5-21-1941701972-1158936334-3354527605-1001 -> {6edb49f6-9ff1-48ab-aefd-8bd004cd0f0c} URL = hxxp://www.firmy.cz/phr/{searchTerms}?sourceid=IE_5
SearchScopes: HKU\S-1-5-21-1941701972-1158936334-3354527605-1001 -> {b543dec2-2ad2-48de-ba17-25fd66da295c} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=IE_5
SearchScopes: HKU\S-1-5-21-1941701972-1158936334-3354527605-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1450799794&a=1024151&uuid=c96a3c6d-52a0-4533-8380-5a68cc7e56ed
SearchScopes: HKU\S-1-5-21-1941701972-1158936334-3354527605-1001 -> {e4d49ec2-c2a5-46d1-b837-33c0aff3946c} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=IE_5
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-22] (Sun Microsystems, Inc.)
BHO: Discover Treasure -> {bfa55139-82af-4663-a19b-e135dac8d043} -> C:\Program Files\Discover Treasure\Extensions\bfa55139-82af-4663-a19b-e135dac8d043.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-22] (Sun Microsystems, Inc.)
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=14508 ... X973QFD53S

FireFox:
========
FF ProfilePath: C:\Users\Ostatní\AppData\Roaming\Mozilla\Firefox\Profiles\qshf91mt.default
FF Homepage: hxxp://houmpage.com/?src=hp&ssid=1450799794&a=1024151&uuid=c96a3c6d-52a0-4533-8380-5a68cc7e56ed
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\system32\npdeployJava1.dll [2012-09-22] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-09-22] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll [2008-08-06] (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Ostatní\AppData\Roaming\Mozilla\Firefox\Profiles\qshf91mt.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-11-25] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-22] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-12] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.cz/
CHR StartupUrls: Default -> "hxxp://www.google.cz/"
CHR DefaultSearchURL: Default -> hxxp://yoursearching.com/web?type=ds&ts=1450800478&z=df7c2b64de0164e41ef7725g1zcw0e4mft3tfbeo9g&from=exp1&uid=TOSHIBAXMK1237GSX_973QFD53SXX973QFD53S&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursearching
CHR Profile: C:\Users\Ostatní\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Ostatní\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Disk Google) - C:\Users\Ostatní\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Ostatní\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-19]
CHR Extension: (Vyhledávání Google) - C:\Users\Ostatní\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ostatní\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ostatní\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-11]
CHR Extension: (Gmail) - C:\Users\Ostatní\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-24]
CHR Extension: (Balance Component) - C:\Users\Ostatní\AppData\Local\Balance Component\Component [2015-12-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [266240 2007-01-15] (Nero AG) [File not signed]
R2 Realtek87B; C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA Corporation) [File not signed]
R2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [338432 2015-12-22] (Sysinternals process Explorer) [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2015-12-19] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtnicxp.sys [50688 2007-07-13] (Realtek Semiconductor Corporation ) [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347648 2009-06-10] (Realtek Semiconductor Corporation )
R0 sfvfs02; C:\Windows\System32\drivers\sfvfs02.sys [83320 2007-02-08] (Protection Technology (StarForce))
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [715248 2012-12-20] () [File not signed]
U3 aahdc176; C:\Windows\system32\Drivers\aahdc176.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S3 athur; system32\DRIVERS\athur.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S0 TVALZ; system32\DRIVERS\TVALZ_O.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-23 09:41 - 2015-12-23 09:42 - 00012874 _____ C:\Users\Ostatní\Desktop\FRST.txt
2015-12-23 09:40 - 2015-12-23 09:41 - 00000000 ___DC C:\FRST
2015-12-22 21:36 - 2015-12-22 21:36 - 01721344 _____ (Farbar) C:\Users\Ostatní\Desktop\FRST.exe
2015-12-22 17:11 - 2015-12-22 17:11 - 00000000 ____D C:\Users\Ostatní\AppData\Roaming\SimpleFiles
2015-12-22 17:08 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Ostatní\AppData\Roaming\yoursearching
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\ProgramData\Tmp0x0x
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\ProgramData\LuckyBrowse
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\Program Files\LuckyBrowse
2015-12-22 17:07 - 2015-12-22 17:07 - 00000000 ____D C:\Users\Ostatní\AppData\Local\Balance Component
2015-12-22 14:25 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-22 14:25 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-22 14:25 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-22 14:25 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-22 14:25 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-22 14:25 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-22 14:25 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-22 14:25 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-22 14:23 - 2015-12-22 15:00 - 00000000 ____D C:\Windows\erdnt
2015-12-20 15:25 - 2015-12-22 09:17 - 00000000 ____D C:\Users\Ostatní\AppData\Local\Temp(14)
2015-12-20 15:25 - 2015-12-21 15:56 - 00000000 ____D C:\Users\Víťa\AppData\Local\Temp(25)
2015-12-20 15:25 - 2015-12-20 15:25 - 00000000 ____D C:\Users\Honza\AppData\Local\Temp(5)
2015-12-20 14:59 - 2015-12-22 15:02 - 00000000 ___DC C:\Qoobox
2015-12-19 22:18 - 2015-12-22 09:31 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2015-12-19 22:18 - 2015-12-19 22:18 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-12-19 22:18 - 2015-12-19 22:18 - 00000911 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-19 22:18 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-12-19 22:11 - 2015-12-19 22:11 - 00000000 ____D C:\Users\Ostatní\AppData\Roaming\Malwarebytes
2015-12-19 22:11 - 2015-12-19 22:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-19 19:31 - 2015-12-19 19:57 - 00000000 ___DC C:\AdwCleaner
2015-12-19 19:30 - 2015-12-19 19:30 - 01740288 _____ C:\Users\Ostatní\Downloads\adwcleaner_5.025.exe
2015-12-19 19:20 - 2015-12-19 19:21 - 01496172 _____ C:\Users\Ostatní\Downloads\CrystalDiskInfo5_0_0.zip
2015-12-18 18:14 - 2015-12-22 21:39 - 00000000 ____D C:\Program Files\trend micro
2015-12-18 18:14 - 2015-12-18 18:15 - 00000000 ___DC C:\rsit
2015-12-18 18:13 - 2015-12-18 18:14 - 01107968 _____ C:\Users\Ostatní\Downloads\RSIT.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-23 09:41 - 2006-11-02 12:18 - 00000000 ____D C:\Windows
2015-12-23 09:39 - 2013-12-25 19:14 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-23 09:38 - 2012-09-20 11:24 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-23 09:38 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-23 09:38 - 2006-11-02 13:47 - 00003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-23 09:38 - 2006-11-02 13:47 - 00003952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-23 09:37 - 2006-11-02 14:01 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-23 09:12 - 2013-12-25 19:14 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-23 09:06 - 2012-09-20 11:24 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-12-23 09:06 - 2011-07-09 11:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-12-22 17:16 - 2013-12-25 19:18 - 00001976 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-22 17:15 - 2008-08-19 07:53 - 00000954 _____ C:\Users\Ostatní\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-22 14:57 - 2006-11-02 11:23 - 00000215 ____C C:\Windows\system.ini
2015-12-22 09:31 - 2013-12-25 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-22 09:31 - 2012-12-20 13:46 - 00000000 ____D C:\install
2015-12-22 09:31 - 2012-11-26 18:32 - 00000000 ____D C:\Users\Víťa
2015-12-22 09:31 - 2008-08-19 07:52 - 00000000 ____D C:\Users\Ostatní
2015-12-22 09:31 - 2008-04-21 14:58 - 00000000 ____D C:\Users\Honza
2015-12-22 09:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2015-12-22 09:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2015-12-22 09:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2015-12-22 09:31 - 2006-11-02 11:22 - 50593792 _____ C:\Windows\system32\config\software_previous
2015-12-22 09:31 - 2006-11-02 11:22 - 24903680 _____ C:\Windows\system32\config\system_previous
2015-12-22 09:26 - 2006-11-02 11:22 - 56098816 _____ C:\Windows\system32\config\components_previous
2015-12-22 09:26 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-12-22 09:17 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-12-22 09:17 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\default_previous
2015-12-18 21:04 - 2012-12-17 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Return to Castle Wolfenstein
2015-12-18 21:04 - 2012-12-17 18:09 - 00000600 _____ C:\Windows\Rtcw.INI
2015-12-18 21:04 - 2007-09-05 07:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-12-18 20:59 - 2012-12-17 17:41 - 00000000 ____D C:\Program Files\EACOM
2015-12-18 20:55 - 2012-12-15 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TopCD

==================== Files in the root of some directories =======

2012-12-22 23:44 - 2012-12-22 23:44 - 0000022 ___SH () C:\Users\Ostatní\AppData\Roaming\Windows1569_SettingsRepository.bin
2012-11-21 09:08 - 2012-11-21 09:12 - 0003584 _____ () C:\Users\Ostatní\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-22 23:44 - 2012-12-22 23:44 - 0000000 _____ () C:\Users\Ostatní\AppData\Local\jv16PT_temp.tmp

Files to move or delete:
====================
C:\Users\Víťa\xobglu16.dll
C:\Users\Víťa\xobglu32.dll


Some files in TEMP:
====================
C:\Users\Ostatní\AppData\Local\temp\avgC33F.exe
C:\Users\Ostatní\AppData\Local\temp\BsqYhygSv2.exe
C:\Users\Ostatní\AppData\Local\temp\CQe2OtyyBw.exe
C:\Users\Ostatní\AppData\Local\temp\ksQcMyjfg9.exe
C:\Users\Ostatní\AppData\Local\temp\OKzsGtRg30.exe
C:\Users\Ostatní\AppData\Local\temp\tAfid2cCKd.exe
C:\Users\Ostatní\AppData\Local\temp\tmpE484.tmp.exe
C:\Users\Ostatní\AppData\Local\temp\vY2DQkKcQb.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-23 09:17

==================== End of FRST.txt ============================
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: mrTva, z0atena mas5na

#23 Příspěvek od Márty84 »

No super, jste si tam vcera natahnul novy bordel :frusty:


:arrow: Napiste mi velikost adresare plochy (C:\Users\Ostatní\Plocha)


:arrow: Zopakujte krok s ADWCleanerem.


:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1941701972-1158936334-3354527605-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1941701972-1158936334-3354527605-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-1941701972-1158936334-3354527605-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1450799794&a=1024151&uuid=c96a3c6d-52a0-4533-8380-5a68cc7e56ed
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&t ... X973QFD53S

FF Homepage: hxxp://houmpage.com/?src=hp&ssid=145079 ... 68cc7e56ed

CHR DefaultSearchURL: Default -> hxxp://yoursearching.com/web?type=ds&ts ... 3QFD53S&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursearching

S3 NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [266240 2007-01-15] (Nero AG) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [338432 2015-12-22] (Sysinternals process Explorer) [File not signed] <==== ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]

C:\Users\Ostatní\AppData\Local\temp\avgC33F.exe
C:\Users\Ostatní\AppData\Local\temp\BsqYhygSv2.exe
C:\Users\Ostatní\AppData\Local\temp\CQe2OtyyBw.exe
C:\Users\Ostatní\AppData\Local\temp\ksQcMyjfg9.exe
C:\Users\Ostatní\AppData\Local\temp\OKzsGtRg30.exe
C:\Users\Ostatní\AppData\Local\temp\tAfid2cCKd.exe
C:\Users\Ostatní\AppData\Local\temp\tmpE484.tmp.exe
C:\Users\Ostatní\AppData\Local\temp\vY2DQkKcQb.exe
C:\Program Files\IObit

2015-12-22 17:08 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Ostatní\AppData\Roaming\yoursearching
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\ProgramData\Tmp0x0x
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\ProgramData\LuckyBrowse
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\Program Files\LuckyBrowse
2015-12-23 09:39 - 2013-12-25 19:14 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-23 09:38 - 2012-09-20 11:24 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-23 09:12 - 2013-12-25 19:14 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Peky
Návštěvník
Návštěvník
Příspěvky: 243
Registrován: 02 říj 2007 05:12

Re: mrTva, z0atena mas5na

#24 Příspěvek od Peky »

91.9MB mame tam nejake ovladace 78+12

y# AdwCleaner v5.026 - Logfile created 23/12/2015 at 12:24:21
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Ostatní - HONZA-PC
# Running from : C:\Users\Ostatní\Downloads\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : WindowsMangerProtect

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\LuckyBrowse
[-] Folder Deleted : C:\ProgramData\LuckyBrowse
[-] Folder Deleted : C:\ProgramData\Tmp0x0x
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
[-] Folder Deleted : C:\Users\Ostatní\AppData\Roaming\SimpleFiles
[-] Folder Deleted : C:\Users\Ostatní\AppData\Roaming\yoursearching
[#] Folder Deleted : C:\Windows\system32\Tasks\LuckyBrowse

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : LuckyBrowse

***** [ Registry ] *****

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395DA725-A162-43FF-B885-27BD92F112E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04FEAF9C-DC32-41C7-95CA-790E93488E7D}
[-] Key Deleted : HKCU\Software\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\SimpleFiles
[-] Key Deleted : HKLM\SOFTWARE\LuckyBrowse
[-] Key Deleted : HKLM\SOFTWARE\yoursearchingSoftware
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []

***** [ Web browsers ] *****

[-] [C:\Users\Ostatní\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://yoursearching.com/wefavicon.ico
[-] [C:\Users\Ostatní\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://yoursearching.com/web?type=ds&ts=1450800478&z=df7c2b64de0164e41ef7725g1zcw0e4mft3tfbeo9g&from=exp1&uid=TOSHIBAXMK1237GSX_973QFD53SXX973QFD53S&q={searchTerms}

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2305 bytes] ##########
Nahoru
Peky
Návštěvník
Návštěvník
Příspěvky: 243
Registrován: 02 říj 2007 05:12

Re: mrTva, z0atena mas5na

#25 Příspěvek od Peky »

Fix result of Farbar Recovery Scan Tool (x86) Version:23-12-2015
Ran by Ostatní (2015-12-23 13:14:02) Run:1
Running from C:\Users\Ostatní\Desktop
Loaded Profiles: Ostatní (Available Profiles: Ostatní & Víťa)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1941701972-1158936334-3354527605-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1941701972-1158936334-3354527605-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-1941701972-1158936334-3354527605-1001 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1450799794&a=1024151&uuid=c96a3c6d-52a0-4533-8380-5a68cc7e56ed
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&t ... X973QFD53S

FF Homepage: hxxp://houmpage.com/?src=hp&ssid=145079 ... 68cc7e56ed

CHR DefaultSearchURL: Default -> hxxp://yoursearching.com/web?type=ds&ts ... 3QFD53S&q={searchTerms}
CHR DefaultSearchKeyword: Default -> yoursearching

S3 NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [266240 2007-01-15] (Nero AG) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [338432 2015-12-22] (Sysinternals process Explorer) [File not signed] <==== ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31 144200]

C:\Users\Ostatní\AppData\Local\temp\avgC33F.exe
C:\Users\Ostatní\AppData\Local\temp\BsqYhygSv2.exe
C:\Users\Ostatní\AppData\Local\temp\CQe2OtyyBw.exe
C:\Users\Ostatní\AppData\Local\temp\ksQcMyjfg9.exe
C:\Users\Ostatní\AppData\Local\temp\OKzsGtRg30.exe
C:\Users\Ostatní\AppData\Local\temp\tAfid2cCKd.exe
C:\Users\Ostatní\AppData\Local\temp\tmpE484.tmp.exe
C:\Users\Ostatní\AppData\Local\temp\vY2DQkKcQb.exe
C:\Program Files\IObit

2015-12-22 17:08 - 2015-12-22 17:15 - 00000000 ____D C:\Users\Ostatní\AppData\Roaming\yoursearching
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\ProgramData\Tmp0x0x
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\ProgramData\LuckyBrowse
2015-12-22 17:08 - 2015-12-22 17:08 - 00000000 ____D C:\Program Files\LuckyBrowse
2015-12-23 09:39 - 2013-12-25 19:14 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-23 09:38 - 2012-09-20 11:24 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-23 09:12 - 2013-12-25 19:14 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-1941701972-1158936334-3354527605-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-21-1941701972-1158936334-3354527605-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
"HKU\S-1-5-21-1941701972-1158936334-3354527605-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf34d395-9ff1-49a0-98a5-8db1636431b1}" => key removed successfully.
HKCR\CLSID\{cf34d395-9ff1-49a0-98a5-8db1636431b1} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
Firefox "homepage" removed successfully.
Chrome DefaultSearchURL => not found.
Chrome DefaultSearchKeyword => not found.
NMIndexingService => service removed successfully.
WindowsMangerProtect => service not found.
catchme => service removed successfully.
AdobeARMservice => service removed successfully.
gupdate => service removed successfully.
gupdatem => service removed successfully.
C:\Users\Ostatní\AppData\Local\temp\avgC33F.exe => moved successfully
C:\Users\Ostatní\AppData\Local\temp\BsqYhygSv2.exe => moved successfully
C:\Users\Ostatní\AppData\Local\temp\CQe2OtyyBw.exe => moved successfully
C:\Users\Ostatní\AppData\Local\temp\ksQcMyjfg9.exe => moved successfully
C:\Users\Ostatní\AppData\Local\temp\OKzsGtRg30.exe => moved successfully
C:\Users\Ostatní\AppData\Local\temp\tAfid2cCKd.exe => moved successfully
C:\Users\Ostatní\AppData\Local\temp\tmpE484.tmp.exe => moved successfully
C:\Users\Ostatní\AppData\Local\temp\vY2DQkKcQb.exe => moved successfully
C:\Program Files\IObit => moved successfully
"C:\Users\Ostatní\AppData\Roaming\yoursearching" => not found.
"C:\ProgramData\Tmp0x0x" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse" => not found.
"C:\ProgramData\LuckyBrowse" => not found.
"C:\Program Files\LuckyBrowse" => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4 => key removed successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched => key removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 462 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 13:31:39 ====
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: mrTva, z0atena mas5na

#26 Příspěvek od Márty84 »

:!: Nainstalujte nejaky antivir.



:!: Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

:arrow: Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

:arrow:
vyosek píše: :arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remove disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

:arrow: Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




:arrow: Pak napiste, jak to s pc vypada.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Peky
Návštěvník
Návštěvník
Příspěvky: 243
Registrován: 02 říj 2007 05:12

Re: mrTva, z0atena mas5na

#27 Příspěvek od Peky »

o dost lepsi perefektni :thumbsup: , pri minulem spusteni jeste padal "chrom! (IE nejede ? nevadi nepouzivam), ale ted je to ok, diky hezky vanoce
Nahoru
Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: mrTva, z0atena mas5na

#28 Příspěvek od Márty84 »

IE by jet mel, zkuste ho kdyztak preinstalovat :-)

Nemate zac! ;-)

I ja vam preji stastne a vesele :all_coholic:

Mejte se a treba zase nekdy :bye:

:closed:
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Nahoru
Zamčeno

Zpět na „Preventivní kontroly logů“