Re: Hohosearch a MPCprotectService
Napsal: 06 čer 2016 17:19
Chybka, script musí obsahovat toto
Folders to delete:
C:\Program Files\MPC Cleaner
VIRY.CZ
Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/
Hohosearch a MPCprotectService
Stránka 3 z 4
Re: Hohosearch a MPCprotectService
Napsal: 06 čer 2016 19:58
Děkuji, to pomohlo. Hohosearch pořád zůstává, ale ten už mi nějak nevadí, spíše to pitomé redirectování na jiné (např. sázkovky) stránky - a zajímavostí je, že převážně to dělá na stránce iDnes.cz
Re: Hohosearch a MPCprotectService
Napsal: 06 čer 2016 20:42
V kterém prohlížeči se uplatňuje Hohosearch?
Re: Hohosearch a MPCprotectService
Napsal: 07 čer 2016 09:17
ospravedlnujem sa za vstup:
doporucujem nasledovne 3 kroky
1. nainstaluj MSIE8 - bez ohladu na to, ci ho puzivas
2. vycisti PC s CCleanerom - vcetne registrov
3. zopakuj zoek podla navodu Rudyho vyssie
doporucujem nasledovne 3 kroky
1. nainstaluj MSIE8 - bez ohladu na to, ci ho puzivas
2. vycisti PC s CCleanerom - vcetne registrov
3. zopakuj zoek podla navodu Rudyho vyssie
Re: Hohosearch a MPCprotectService
Napsal: 07 čer 2016 21:30
Mám prohlížeč M.Firefox..
Dotaz - ten IE si musím stáhnout kvůli tomu scanu? Já provedl zatím jen CCleaner či jak se to jmenuje, mně to prý nepodporuje tu verzi MS IE 8, tak zatím není stažen. K Zoeku se dostanu zítra
Dotaz - ten IE si musím stáhnout kvůli tomu scanu? Já provedl zatím jen CCleaner či jak se to jmenuje, mně to prý nepodporuje tu verzi MS IE 8, tak zatím není stažen. K Zoeku se dostanu zítra
Re: Hohosearch a MPCprotectService
Napsal: 08 čer 2016 06:13
mas MSIE7 a ten mal este hodne dier ,,, skus http://www.stahuj.centrum.cz/internet_a ... 5Bup%5D=XP
cize instalaciu MSIE8 ber ako bezpecnostnu zaplatu XP
cize instalaciu MSIE8 ber ako bezpecnostnu zaplatu XP
Re: Hohosearch a MPCprotectService
Napsal: 09 čer 2016 16:51
Dobrý den, tak jsem udělal ten nový zoek scan:
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Mirek on čt 09.06.2016 at 14:32:07,50.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Mirek\Plocha\zoek.exe [Scan all users] [Deep Scan]
==== Older Logs ======================
C:\zoek-results2016-04-29-181214.log 25391 bytes
C:\zoek-results2016-06-04-204057.log 73511 bytes
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
==== Running Processes ======================
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Mirek\Data aplikací\TSv\TSvr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Mirek\Plocha\zoek.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
==== System Specs ======================
Windows: Windows XP Professional Service Pack 3 (Build 2600)
Memory (RAM): 2048 MB
CPU Info: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
CPU Speed: 2108,9 MHz
Sound Card: Realtek HD Audio output |
Display Adapters: NVIDIA GeForce 210 | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Monitor Plug and Play |
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Generic Marvell Yukon Chipset based Ethernet Controller - Packet Scheduler Miniport
CD / DVD Drives: 1x (J: | ) J: HL-DT-STDVD-RW_GSA-H41N
Ports: COM1 | COM2 LPT1
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 113,2GB | D: 6,8GB | I: 112,9GB
Hard Disks - Free: C: 40,4GB | D: 6,7GB | I: 100,3GB
Manufacturer *: Phoenix Technologies, LTD
BIOS Info: AT/AT COMPATIBLE | 02/07/07 | ACRSYS - 42302e31
Time Zone: Střední Evropa (běžný čas)
Motherboard *: Acer EM61SM/EM61PM
Country: Česká republika
Language: CSY
==== System Specs (Software) ======================
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled*
Default Browser: Firefox 46.0.1
Internet Explorer version: 8.0.6001.18702
Opera Browser version: 36.0.2130.65
Adobe Reader version: 11.0.8.4
Sun Java version: 1.7.0_51 (32-bit)
Flash Player version: 21.0.0.242
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2016-06-09 11:10:02 1CE0DEEA9F664D1B7BBC6F03FB46E493 1355 ----a-w- C:\WINDOWS\imsins.BAK
====== C:\DOCUME~1\Mirek\LOCALS~1\Temp ====
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2016-06-03 11:11:29 CFCD208495D565EF66E7DFF9F98764DA 1 ----a-w- C:\WINDOWS\System32\en.html
====== C:\WINDOWS\system32\drivers =====
2016-05-31 15:50:06 2DE70B32993AE2C7C59246415E9E3398 53992 ------w- C:\WINDOWS\System32\drivers\MPCKpt.sys
2016-05-31 15:50:06 06991A49243A9F766837082347177162 29032 ------w- C:\WINDOWS\System32\drivers\MPCBase.sys
====== C:\WINDOWS\Tasks ======
2016-05-31 15:27:43 F2474F044D3E739390A3337B4A154978 666 ----a-w- C:\WINDOWS\Tasks\Ateredomkefisp Cache.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C: =====
2016-06-06 16:06:56 B24630AF7D8690C5BE9711C820F8E1C1 7452 ----a-w- C:\avenger.txt
====== C:\Documents and Settings\Mirek\Data aplikací ======
2016-06-07 12:38:29 -------- d-----w- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\WMTools Downloaded Files
2016-06-07 12:38:24 74ED3ECDA8BEF70A666BF2BB50FB6F4E 4608 ----a-w- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-05 18:18:35 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\The_House_of_Fables
2016-06-03 11:11:35 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\WinZiper
2016-06-03 11:11:06 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\TSv
2016-06-01 20:46:58 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\MCorp
2016-05-31 15:51:05 -------- d-----w- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\GetGo
2016-05-31 15:50:56 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\GetGo Software
2016-05-31 15:50:50 -------- d-----w- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Profiles
2016-05-31 15:26:34 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\Profiles
====== C:\Documents and Settings\Mirek ======
2016-06-09 12:29:46 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache
2016-06-07 11:46:40 -------- d--h--r- C:\Documents and Settings\Mirek\Recent
2016-06-06 16:06:04 30F3680E007D924960FD65524DE36601 731136 ----a-w- C:\Documents and Settings\Mirek\Plocha\avenger.exe
2016-06-01 20:37:24 8F089F7AC9E909C4704AF58EAA179196 3677248 ----a-w- C:\Documents and Settings\Mirek\Plocha\adwcleaner_5.119.exe
2016-05-31 16:07:35 BE36749B55F8EF4F1128919312163A95 304661 ----a-w- C:\Documents and Settings\Mirek\Downloads\FIFA_2001 [1].exe
2016-05-31 15:27:44 044646E70E22BF0E0E5B69390732844D 343240 ----a-w- C:\Documents and Settings\Mirek\Cookies\explibss.dll
====== C: exe-files ==
2016-06-09 10:14:42 6AFA953C7EC7B7417E13E80BDF34376D 17013088 ----a-w- C:\Documents and Settings\Mirek\Dokumenty\plocha stará\XX\IE8-WindowsXP-x86-CSY.exe
2016-06-06 16:06:04 30F3680E007D924960FD65524DE36601 731136 ----a-w- C:\Documents and Settings\Mirek\Plocha\avenger.exe
2016-06-03 11:21:00 D6822FED37A874310C5E87481A6E321C 2957754 ----a-w- C:\Documents and Settings\All Users\Data aplikací\DCHP\Jackson.exe
2016-06-03 11:11:07 07B4B668CB0678647022151BCCA0A6A5 217272 ----a-w- C:\Documents and Settings\All Users\Data aplikací\CwinpC\WFini.exe
=== C: other files ==
2016-06-06 18:49:40 D9D0558B6371B6A97243853D057B4246 16635475 ----a-w- C:\Avenger\backup.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-861567501-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Documents and Settings\Mirek\Data aplikací\uTorrent\uTorrent.exe /MINIMIZED"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Documents and Settings\Mirek\Data aplikací\uTorrent\uTorrent.exe /MINIMIZED"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"="C:\\DOCUME~1\\ALLUSE~1\\DATAAP~1\\AppfocserT\\Touchlex.dll"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJMyPrt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CNSLMAIN"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\SolutionMenu\\CNSLMAIN.exe /logon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cz.seznam.software.autoupdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="szninstall"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Mirek\\Data aplikací\\Seznam.cz\\szninstall.exe\" -c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QTTask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QT Lite\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\seznam-listicka-distribuce]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="szninstall"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Seznam.cz\\distribution\\szninstall.exe\" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Mirek\\Data aplikací\\uTorrent\\uTorrent.exe\" /MINIMIZED"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe []
C:\WINDOWS\tasks\Ateredomkefisp Cache.job --a------ :C:\Program Files\Ateredomkefisp\AteredomkefispC:htask.exe []
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1455891128.job --a------ C:\Program Files\Opera\launcher.exe [11.04.2016 09:19]
==== Firefox Start and Search pages ======================
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default
user_pref("browser.startup.homepage", "https://www.seznam.cz/");
user_pref("browser.newtab.url", "about:newtab");
user_pref("keyword.URL", "undefined://undefined/");
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Profiles\yzzfdyu4.default
user_pref("browser.startup.homepage", "https://www.seznam.cz/");
user_pref("browser.newtab.url", "about:newtab");
user_pref("keyword.URL", "undefined://undefined/");
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\81hyhscl.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [17.04.2010 18:34]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default
- Undetermined - C:\Documents and Settings\Mirek\Data aplikacĂ\Profiles\chqqafpp.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- GsearchFinder - %ProfilePath%\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Profiles\yzzfdyu4.default
- Undetermined - C:\Documents and Settings\Mirek\Data aplikacĂ\Profiles\yzzfdyu4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- GsearchFinder - %ProfilePath%\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\81hyhscl.default
- Undetermined - C:\Documents and Settings\Mirek\Data aplikacĂ\Mozilla\Firefox\Profiles\81hyhscl.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\81hyhscl.default
D33D39A318AEA70691CED7530E2D9DF9 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
CFBC726A1712BD8DC9914EA06DBCE20B - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
7E54D1EC87CE306CB1A26CE59AFE6E37 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\WINDOWS\system32\TVUAx\npTVUAx.dll - TVU Web Player for FireFox
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
0843C70733E8CA876475123A6601630D - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility
9B2C4444F8B9A5302EA03AB97FD090F6 - C:\WINDOWS\npapi.dll - Alawar NPAPI utils
258693279212838A6A879A69A17BE215 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll - Shockwave Flash
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\ielnksrch - http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP-OqRkK_4g5H3zXx0q0ODQbbtxupCcfzV4atOwQs79eeAOdbp-xs-TE0bXnT_vxYQBlKUASlpUkT05sMW37__9LtHZIell9GIN8S30PrHcWpgUYj-cuU97Wzn89UHrpmpl1nsHOAeCZDaP0S10Ma3KZffuZKH2GpshhJ-LzLeLuuYJHGUf-E,&q={searchTerms}
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... rer:source?}
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... {startPage}
HKCU\SearchScopes\{CCBDD7BB-8A0D-41C3-BD8C-53102FC40FF7} - http://www.google.com/search?q={searchT ... 1I7SKPT_cs
==== HijackThis Entries ======================
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Mirek\Data aplikací\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D051471-358E-4E7B-936D-272584C91DC7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{912994FC-195C-4101-A02D-A9B71DB1CF9B}: NameServer = 10.1.0.56,10.1.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D051471-358E-4E7B-936D-272584C91DC7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D051471-358E-4E7B-936D-272584C91DC7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\AppfocserT\Touchlex.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: DCHP - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\\DCHP\\DCHP.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IhPul - tsvr.com - C:\Documents and Settings\Mirek\Data aplikací\TSv\TSvr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - Unknown owner - C:\Program Files\MPC Cleaner\MPCProtectService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WFini WdMan Service (WdMan) - WFini LIMITED - C:\Documents and Settings\All Users\Data aplikací\CwinpC\WFini.exe
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1273 folders=1192 237972851 bytes)
==== EOF on čt 09.06.2016 at 17:42:51,26 ======================
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Mirek on čt 09.06.2016 at 14:32:07,50.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Mirek\Plocha\zoek.exe [Scan all users] [Deep Scan]
==== Older Logs ======================
C:\zoek-results2016-04-29-181214.log 25391 bytes
C:\zoek-results2016-06-04-204057.log 73511 bytes
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
==== Running Processes ======================
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Mirek\Data aplikací\TSv\TSvr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Mirek\Plocha\zoek.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
==== System Specs ======================
Windows: Windows XP Professional Service Pack 3 (Build 2600)
Memory (RAM): 2048 MB
CPU Info: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+
CPU Speed: 2108,9 MHz
Sound Card: Realtek HD Audio output |
Display Adapters: NVIDIA GeForce 210 | NetMeeting driver | RDPDD Chained DD
Monitors: 1x; Monitor Plug and Play |
Screen Resolution: 1280 X 1024 - 32 bit
Network: Network Present
Network Adapters: Generic Marvell Yukon Chipset based Ethernet Controller - Packet Scheduler Miniport
CD / DVD Drives: 1x (J: | ) J: HL-DT-STDVD-RW_GSA-H41N
Ports: COM1 | COM2 LPT1
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C: 113,2GB | D: 6,8GB | I: 112,9GB
Hard Disks - Free: C: 40,4GB | D: 6,7GB | I: 100,3GB
Manufacturer *: Phoenix Technologies, LTD
BIOS Info: AT/AT COMPATIBLE | 02/07/07 | ACRSYS - 42302e31
Time Zone: Střední Evropa (běžný čas)
Motherboard *: Acer EM61SM/EM61PM
Country: Česká republika
Language: CSY
==== System Specs (Software) ======================
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled*
Default Browser: Firefox 46.0.1
Internet Explorer version: 8.0.6001.18702
Opera Browser version: 36.0.2130.65
Adobe Reader version: 11.0.8.4
Sun Java version: 1.7.0_51 (32-bit)
Flash Player version: 21.0.0.242
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2016-06-09 11:10:02 1CE0DEEA9F664D1B7BBC6F03FB46E493 1355 ----a-w- C:\WINDOWS\imsins.BAK
====== C:\DOCUME~1\Mirek\LOCALS~1\Temp ====
====== Java Cache =====
====== C:\WINDOWS\system32 =====
2016-06-03 11:11:29 CFCD208495D565EF66E7DFF9F98764DA 1 ----a-w- C:\WINDOWS\System32\en.html
====== C:\WINDOWS\system32\drivers =====
2016-05-31 15:50:06 2DE70B32993AE2C7C59246415E9E3398 53992 ------w- C:\WINDOWS\System32\drivers\MPCKpt.sys
2016-05-31 15:50:06 06991A49243A9F766837082347177162 29032 ------w- C:\WINDOWS\System32\drivers\MPCBase.sys
====== C:\WINDOWS\Tasks ======
2016-05-31 15:27:43 F2474F044D3E739390A3337B4A154978 666 ----a-w- C:\WINDOWS\Tasks\Ateredomkefisp Cache.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C: =====
2016-06-06 16:06:56 B24630AF7D8690C5BE9711C820F8E1C1 7452 ----a-w- C:\avenger.txt
====== C:\Documents and Settings\Mirek\Data aplikací ======
2016-06-07 12:38:29 -------- d-----w- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\WMTools Downloaded Files
2016-06-07 12:38:24 74ED3ECDA8BEF70A666BF2BB50FB6F4E 4608 ----a-w- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-05 18:18:35 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\The_House_of_Fables
2016-06-03 11:11:35 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\WinZiper
2016-06-03 11:11:06 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\TSv
2016-06-01 20:46:58 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\MCorp
2016-05-31 15:51:05 -------- d-----w- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\GetGo
2016-05-31 15:50:56 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\GetGo Software
2016-05-31 15:50:50 -------- d-----w- C:\Documents and Settings\Mirek\Local Settings\Data aplikací\Profiles
2016-05-31 15:26:34 -------- d-----w- C:\Documents and Settings\Mirek\Data aplikací\Profiles
====== C:\Documents and Settings\Mirek ======
2016-06-09 12:29:46 -------- d-sh--w- C:\Documents and Settings\LocalService\IETldCache
2016-06-07 11:46:40 -------- d--h--r- C:\Documents and Settings\Mirek\Recent
2016-06-06 16:06:04 30F3680E007D924960FD65524DE36601 731136 ----a-w- C:\Documents and Settings\Mirek\Plocha\avenger.exe
2016-06-01 20:37:24 8F089F7AC9E909C4704AF58EAA179196 3677248 ----a-w- C:\Documents and Settings\Mirek\Plocha\adwcleaner_5.119.exe
2016-05-31 16:07:35 BE36749B55F8EF4F1128919312163A95 304661 ----a-w- C:\Documents and Settings\Mirek\Downloads\FIFA_2001 [1].exe
2016-05-31 15:27:44 044646E70E22BF0E0E5B69390732844D 343240 ----a-w- C:\Documents and Settings\Mirek\Cookies\explibss.dll
====== C: exe-files ==
2016-06-09 10:14:42 6AFA953C7EC7B7417E13E80BDF34376D 17013088 ----a-w- C:\Documents and Settings\Mirek\Dokumenty\plocha stará\XX\IE8-WindowsXP-x86-CSY.exe
2016-06-06 16:06:04 30F3680E007D924960FD65524DE36601 731136 ----a-w- C:\Documents and Settings\Mirek\Plocha\avenger.exe
2016-06-03 11:21:00 D6822FED37A874310C5E87481A6E321C 2957754 ----a-w- C:\Documents and Settings\All Users\Data aplikací\DCHP\Jackson.exe
2016-06-03 11:11:07 07B4B668CB0678647022151BCCA0A6A5 217272 ----a-w- C:\Documents and Settings\All Users\Data aplikací\CwinpC\WFini.exe
=== C: other files ==
2016-06-06 18:49:40 D9D0558B6371B6A97243853D057B4246 16635475 ----a-w- C:\Avenger\backup.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-861567501-842925246-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Documents and Settings\Mirek\Data aplikací\uTorrent\uTorrent.exe /MINIMIZED"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Documents and Settings\Mirek\Data aplikací\uTorrent\uTorrent.exe /MINIMIZED"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"="C:\\DOCUME~1\\ALLUSE~1\\DATAAP~1\\AppfocserT\\Touchlex.dll"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BJMyPrt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CNSLMAIN"
"hkey"="HKLM"
"command"="C:\\Program Files\\Canon\\SolutionMenu\\CNSLMAIN.exe /logon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cz.seznam.software.autoupdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="szninstall"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Mirek\\Data aplikací\\Seznam.cz\\szninstall.exe\" -c"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QTTask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QT Lite\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\seznam-listicka-distribuce]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="szninstall"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Seznam.cz\\distribution\\szninstall.exe\" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="uTorrent"
"hkey"="HKCU"
"command"="\"C:\\Documents and Settings\\Mirek\\Data aplikací\\uTorrent\\uTorrent.exe\" /MINIMIZED"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files\AppleC:oftware Update\SoftwareUpdate.exe []
C:\WINDOWS\tasks\Ateredomkefisp Cache.job --a------ :C:\Program Files\Ateredomkefisp\AteredomkefispC:htask.exe []
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1455891128.job --a------ C:\Program Files\Opera\launcher.exe [11.04.2016 09:19]
==== Firefox Start and Search pages ======================
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default
user_pref("browser.startup.homepage", "https://www.seznam.cz/");
user_pref("browser.newtab.url", "about:newtab");
user_pref("keyword.URL", "undefined://undefined/");
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Profiles\yzzfdyu4.default
user_pref("browser.startup.homepage", "https://www.seznam.cz/");
user_pref("browser.newtab.url", "about:newtab");
user_pref("keyword.URL", "undefined://undefined/");
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\81hyhscl.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [17.04.2010 18:34]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Profiles\chqqafpp.default
- Undetermined - C:\Documents and Settings\Mirek\Data aplikacĂ\Profiles\chqqafpp.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- GsearchFinder - %ProfilePath%\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Profiles\yzzfdyu4.default
- Undetermined - C:\Documents and Settings\Mirek\Data aplikacĂ\Profiles\yzzfdyu4.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- GsearchFinder - %ProfilePath%\extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
ProfilePath: C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\81hyhscl.default
- Undetermined - C:\Documents and Settings\Mirek\Data aplikacĂ\Mozilla\Firefox\Profiles\81hyhscl.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Mirek\Data aplikací\Mozilla\Firefox\Profiles\81hyhscl.default
D33D39A318AEA70691CED7530E2D9DF9 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
CFBC726A1712BD8DC9914EA06DBCE20B - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
7E54D1EC87CE306CB1A26CE59AFE6E37 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM
421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
52CE0DBFD9738AE528CF525A0367EBEB - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
8E9A08E2092B3E1ADFF3C46BC1A5124B - C:\WINDOWS\system32\TVUAx\npTVUAx.dll - TVU Web Player for FireFox
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
0843C70733E8CA876475123A6601630D - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility
9B2C4444F8B9A5302EA03AB97FD090F6 - C:\WINDOWS\npapi.dll - Alawar NPAPI utils
258693279212838A6A879A69A17BE215 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll - Shockwave Flash
==== IE Start and Search Settings ======================
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\ielnksrch - http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP-OqRkK_4g5H3zXx0q0ODQbbtxupCcfzV4atOwQs79eeAOdbp-xs-TE0bXnT_vxYQBlKUASlpUkT05sMW37__9LtHZIell9GIN8S30PrHcWpgUYj-cuU97Wzn89UHrpmpl1nsHOAeCZDaP0S10Ma3KZffuZKH2GpshhJ-LzLeLuuYJHGUf-E,&q={searchTerms}
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... rer:source?}
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... urceid=ie7
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchT ... {startPage}
HKCU\SearchScopes\{CCBDD7BB-8A0D-41C3-BD8C-53102FC40FF7} - http://www.google.com/search?q={searchT ... 1I7SKPT_cs
==== HijackThis Entries ======================
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Mirek\Data aplikací\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D051471-358E-4E7B-936D-272584C91DC7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{912994FC-195C-4101-A02D-A9B71DB1CF9B}: NameServer = 10.1.0.56,10.1.0.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{3D051471-358E-4E7B-936D-272584C91DC7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3D051471-358E-4E7B-936D-272584C91DC7}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DATAAP~1\AppfocserT\Touchlex.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: DCHP - Unknown owner - C:\Documents and Settings\All Users\Data aplikací\\DCHP\\DCHP.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IhPul - tsvr.com - C:\Documents and Settings\Mirek\Data aplikací\TSv\TSvr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MPC Core Protect Service (MPCProtectService) - Unknown owner - C:\Program Files\MPC Cleaner\MPCProtectService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WFini WdMan Service (WdMan) - WFini LIMITED - C:\Documents and Settings\All Users\Data aplikací\CwinpC\WFini.exe
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1273 folders=1192 237972851 bytes)
==== EOF on čt 09.06.2016 at 17:42:51,26 ======================
Re: Hohosearch a MPCprotectService
Napsal: 10 čer 2016 06:12
su este nejake provlemy 
Re: Hohosearch a MPCprotectService
Napsal: 10 čer 2016 07:49
+
otestuj subor C:\Documents and Settings\All Users\Data aplikací\\DCHP\\DCHP.exe
na www.virustotal.com
otestuj subor C:\Documents and Settings\All Users\Data aplikací\\DCHP\\DCHP.exe
na www.virustotal.com
Re: Hohosearch a MPCprotectService
Napsal: 10 čer 2016 11:29
Hezký den. Tak hohosearch jako úvodní stránka stále (nikoli domovská), ale na tom idnesu (pouze tam, resp v 98 - 99 %) mě to furt přesměrovává na jiné pochybné stránky. Proč to dělá pouze server idnes?? Ten totalvirus jsem zkoušel, ale v datách aplikací mi to ten DCHP nenajde, takže to tam nemohu vložit (přes start/hledat ale DCHP najdu)
Re: Hohosearch a MPCprotectService
Napsal: 10 čer 2016 11:54
start - spustit - napises services.msc najdes sluzbu DHCP a nastavis typ spustenia na odpojene - restart PC
+
3 bodovy navod na hohó http://pcfixhelp.net/ads/2762-how-to-re ... la-firefox
+
3 bodovy navod na hohó http://pcfixhelp.net/ads/2762-how-to-re ... la-firefox
Re: Hohosearch a MPCprotectService
Napsal: 10 čer 2016 13:12
Děkuji Vám, dle toho návodu to nefunguje, neb mi to píše neplatná složka "C:\Program Files (x86)\Mozilla Firefox\firefox.exe". Ale to hohosearch zas snad není takový problém. Horší je to s tím přesměrováváním z idnesu, a to nejen tehdy když kliknu na nějaký článek, ale i tehdy, když kliknu kamkoli v textu... Jinak se to jinde s vaší pomocí dost zlepšilo
Re: Hohosearch a MPCprotectService
Napsal: 10 čer 2016 13:22
ten navod je z win7 - Ty musis mat cestu C:\Program Files\Mozilla Firefox\firefox.exe
ako sa sprava idnes v inom prehliadaci ? MSIE apod
ako sa sprava idnes v inom prehliadaci ? MSIE apod
Re: Hohosearch a MPCprotectService
Napsal: 10 čer 2016 14:31
Toto tam ale napsáno mám... Jinak na nějakého alibabu a podobný hovadiny mi to z idnesu přeskakuje i z Opery 
Chrome už nemám, strašně zpomaloval...
Chrome už nemám, strašně zpomaloval...Re: Hohosearch a MPCprotectService
Napsal: 10 čer 2016 16:09
Tak prejdi bodu 3 reset nastaveni FF