VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Trojský kůň JS/Kryptik.I

https://forum.viry.cz:443/viewtopic.php?t=143764

Stránka 1 z 1

Trojský kůň JS/Kryptik.I

Napsal: 01 dub 2015 13:38
od untchek
Trápí mě výše uvedený Trojan. Počítač je tragicky pomalý a v prohlížeči vyskakují okna...

FRST_log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Work (administrator) on WORK-HK on 01-04-2015 13:05:41
Running from C:\Documents and Settings\Work\Plocha
Loaded Profiles: Work (Available profiles: Work)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(HP) C:\WINDOWS\system32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
() C:\WINDOWS\system32\atwtusb.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(FinePrint Software, LLC) C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
() C:\WINDOWS\system32\WTMKM.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\WINDOWS\system32\atwtusb.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-07-09] (Analog Devices, Inc.)
HKLM\...\Run: [pdfFactory Pro Dispatcher v2] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe [499712 2006-04-06] (FinePrint Software, LLC)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2004-09-07] (ATI Technologies, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [132496 2007-09-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [286720 2007-10-19] (Apple Inc.)
HKLM\...\Run: [MacrokeyManager] => C:\WINDOWS\system32\WTMKM.exe [7144448 2011-06-01] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-09-22] (ESET)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstall ... QA3ADQAMQA (the data entry has 213 more characters).
HKU\S-1-5-21-1390067357-1078145449-839522115-1006\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-05] (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1390067357-1078145449-839522115-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/sear ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-1078145449-839522115-1006 -> {15004BC5-A2C8-4751-8FEB-9BED03A18FAC} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\S-1-5-21-1390067357-1078145449-839522115-1006 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12] (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25] (Sun Microsystems, Inc.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12] ()
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12] ()
Toolbar: HKU\S-1-5-21-1390067357-1078145449-839522115-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-18] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-11-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-11-23] (Apple Inc.)
FF Extension: Zoom It - C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\Extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7} [2015-04-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-19]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2004-09-07] () [File not signed]
S3 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [82584 2008-12-01] (Autodesk) [File not signed]
S3 Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [1322648 2008-06-06] (Autodesk, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1350112 2014-09-16] (ESET)
R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2009-11-12] ()
R2 WTService; C:\WINDOWS\system32\atwtusb.exe [871936 2011-04-27] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [127872 2005-07-09] (Andrea Electronics Corporation)
R3 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [191928 2014-09-22] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [135296 2014-09-22] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [119792 2014-09-22] (ESET)
S3 GVCplDrv; C:\WINDOWS\system32\Drivers\GVCplDrv.sys [23040 2004-05-02] () [File not signed]
S3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2004-10-27] (Windows (R) Server 2003 DDK provider)
R3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [6144 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-14] ()
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [393088 2005-07-09] (Sensaura)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
R3 vhidmini; C:\WINDOWS\System32\DRIVERS\walvhid.sys [6144 2009-08-20] (Windows (R) Win 7 DDK provider)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey.sys [72704 2006-11-22] (WIBU-SYSTEMS AG) [File not signed]
U3 Ap10isdefc; No ImagePath
S3 catchme; \??\C:\DOCUME~1\Work\LOCALS~1\Temp\catchme.sys [X]
U1 eamon; system32\DRIVERS\eamon.sys [X]
S4 IntelIde; No ImagePath
U5 NVStrap; C:\Windows\System32\Drivers\NVStrap.sys [3712 2006-05-21] () [File not signed]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 13:05 - 2015-04-01 13:05 - 00000000 ____D () C:\Documents and Settings\Work\Plocha\FRST-OlderVersion
2015-03-31 11:05 - 2015-03-31 11:15 - 01051904 _____ () C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
2015-03-31 11:05 - 2015-03-31 11:12 - 01057520 _____ () C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
2015-03-31 10:50 - 2015-04-01 12:33 - 00003366 _____ () C:\WINDOWS\setupapi.log
2015-03-30 09:40 - 2015-03-30 09:40 - 00054156 ____H () C:\WINDOWS\QTFont.qfn
2015-03-30 09:40 - 2015-03-30 09:40 - 00001409 _____ () C:\WINDOWS\QTFont.for
2015-03-25 13:38 - 2014-11-24 17:33 - 08049935 _____ () C:\Documents and Settings\Work\Plocha\vyjádření_mlýn Hořenice.zip
2015-03-25 13:38 - 2014-11-24 17:33 - 03443087 _____ () C:\Documents and Settings\Work\Plocha\výkresy_mlýn Hořenice.zip
2015-03-19 17:02 - 2015-03-19 17:01 - 02800538 _____ () C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
2015-03-19 09:59 - 2015-03-19 10:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-04 22:17 - 2015-03-04 22:17 - 00407006 _____ () C:\Documents and Settings\Work\Plocha\untitled(1).bmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 13:06 - 2015-02-10 14:12 - 00012735 _____ () C:\Documents and Settings\Work\Plocha\FRST.txt
2015-04-01 13:06 - 2015-02-03 11:05 - 00000000 ____D () C:\Documents and Settings\Work\Local Settings\temp
2015-04-01 13:05 - 2015-02-10 14:11 - 00000000 ____D () C:\FRST
2015-04-01 13:05 - 2014-09-11 11:57 - 01135104 _____ (Farbar) C:\Documents and Settings\Work\Plocha\FRST.exe
2015-04-01 13:05 - 2010-04-19 09:12 - 00000000 ____D () C:\Documents and Settings\Work\Plocha
2015-04-01 12:55 - 2012-02-01 12:27 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 12:37 - 2012-05-04 09:32 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-01 12:32 - 2014-03-17 14:13 - 00000220 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-04-01 12:32 - 2012-02-01 12:27 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 12:32 - 2006-05-19 00:36 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-01 12:32 - 2006-05-18 22:41 - 01892375 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-01 12:32 - 2004-08-18 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-01 12:32 - 2004-08-18 14:00 - 00000585 _____ () C:\WINDOWS\win.ini
2015-04-01 12:31 - 2006-05-19 00:36 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2015-04-01 12:31 - 2006-05-18 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-01 08:09 - 2010-05-03 10:21 - 00000000 ____D () C:\Documents and Settings\Work\Dokumenty\Stažené soubory
2015-03-31 13:37 - 2006-05-18 22:45 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-31 11:16 - 2012-01-31 14:18 - 00000000 ____D () C:\Documents and Settings\Work\Graphisoft
2015-03-30 12:32 - 2010-05-13 17:08 - 00000000 ____D () C:\Documents and Settings\Work\Data aplikací\AdobeUM
2015-03-30 09:28 - 2006-05-19 00:34 - 01057130 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-27 15:31 - 2013-11-13 19:08 - 00631504 _____ () C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
2015-03-27 15:31 - 2010-04-19 09:12 - 00000178 ___SH () C:\Documents and Settings\Work\ntuser.ini
2015-03-27 15:31 - 2010-04-19 09:12 - 00000000 ____D () C:\Documents and Settings\Work
2015-03-27 15:31 - 2006-05-18 22:45 - 00000000 ___HD () C:\Documents and Settings\LocalService\Local Settings\Data aplikací
2015-03-26 13:39 - 2012-01-31 14:06 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-03-23 10:04 - 2012-04-25 19:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-20 16:46 - 2012-01-19 15:46 - 00000000 ____D () C:\Documents and Settings\Work\Data aplikací\BitComet
2015-03-18 10:54 - 2013-07-22 23:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-18 10:49 - 2006-05-19 01:34 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-08 16:00 - 2014-03-17 14:13 - 00000214 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-03-05 17:08 - 2010-04-19 09:12 - 00000000 ___HD () C:\Documents and Settings\Work\Okolní síť
2015-03-05 15:01 - 2012-08-03 14:56 - 00000000 ____D () C:\Documents and Settings\Work\Data aplikací\vlc

==================== Files in the root of some directories =======

2010-06-11 14:40 - 2014-05-16 12:33 - 0039424 _____ () C:\Documents and Settings\Work\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Re: Trojský kůň JS/Kryptik.I

Napsal: 01 dub 2015 14:08
od untchek
Hned po spuštění prohlížeče se objeví okno viz příloha. Pak se začnou vyskakovat reklamy na gamesky, eshopy apod.

Re: Trojský kůň JS/Kryptik.I

Napsal: 02 dub 2015 12:25
od untchek
1.AdwCleaner

# AdwCleaner v4.200 - Log vytvooen 02/04/2015 v 10:20:36
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Microsoft Windows XP Service Pack 3 (x86)
# Uživatelské jméno : Work - WORK-HK
# Spuštino z : C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
# Nastavení : Eištiní

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeee ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v36.0.1 (x86 cs)


*************************

AdwCleaner[R0].txt - [3529 bytu] - [10/02/2015 14:24:09]
AdwCleaner[R1].txt - [890 bytu] - [02/04/2015 10:18:22]
AdwCleaner[S0].txt - [3803 bytu] - [10/02/2015 14:37:22]
AdwCleaner[S1].txt - [816 bytu] - [02/04/2015 10:20:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [873 bytu] ##########

2. PChunter-viz příloha

Re: Trojský kůň JS/Kryptik.I

Napsal: 02 dub 2015 12:29
od untchek
3.OTL-oba jsou moc velký-viz příloha
4.Proces neproběhne, po třech hodinách uploudování jsem to násilím ukončil...

Re: Trojský kůň JS/Kryptik.I

Napsal: 02 dub 2015 12:33
od untchek
Tady je ten druhý log z OTL.

Re: Trojský kůň JS/Kryptik.I

Napsal: 03 dub 2015 09:47
od untchek
Nemusel jsem to ani spouštět, po restartu se to spustilo samo.

All processes killed
========== PROCESSES ==========
No active process named firefox.exe was found!
Process explorer.exe killed successfully!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390067357-1078145449-839522115-1006\Software\Microsoft\Internet Explorer\SearchScopes\{15004BC5-A2C8-4751-8FEB-9BED03A18FAC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15004BC5-A2C8-4751-8FEB-9BED03A18FAC}\ not found.
Prefs.js: %7Bbd505536-ca59-2fd8-867d-1d98ad80afc7%7D:1.0 removed from extensions.enabledAddons
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\modules\tools folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\modules folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\chrome\skin folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\chrome\content folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7}\chrome folder moved successfully.
C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{bd505536-ca59-2fd8-867d-1d98ad80afc7} folder moved successfully.
========== FILES ==========
C:\Documents and Settings\Work\Data aplikací\29254 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 27844573 bytes
->Flash cache emptied: 642 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 799312 bytes

User: SIA 11
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1158170 bytes
->FireFox cache emptied: 40401140 bytes
->Flash cache emptied: 1916616 bytes

User: Work
->Temp folder emptied: 16868647 bytes
->Temporary Internet Files folder emptied: 2692971 bytes
->FireFox cache emptied: 86762537 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 42487906 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103181 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 211,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: SIA 11
->Flash cache emptied: 0 bytes

User: Work
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: SIA 11
->Java cache emptied: 0 bytes

User: Work

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04032015_103306

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



ESET už nic nehlásí, a net běhá pěkně svižně, okna nevyskakují...

Re: Trojský kůň JS/Kryptik.I

Napsal: 03 dub 2015 15:59
od untchek
Tak ta hláška od AV už je zase tady:(
Samovolně vyskakující okna se zatím neobjevují.



OTL logfile created on: 3.4.2015 16:47:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Work\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 71,54% Memory free
1,85 Gb Paging File | 1,55 Gb Available in Paging File | 83,63% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 22,35 Gb Free Space | 29,99% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 11,63 Gb Free Space | 15,60% Space Free | Partition Type: NTFS

Computer Name: WORK-HK | User Name: Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
PRC - [2014.09.22 15:10:26 | 005,088,456 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
PRC - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.25 02:11:35 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
PRC - [2007.09.25 02:11:35 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2006.04.06 10:40:40 | 000,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2003.07.17 21:50:42 | 000,217,180 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
MOD - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [2010.03.04 17:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010.03.04 17:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2003.07.19 13:14:14 | 000,028,672 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\AcroTray.CZE


========== Services (SafeList) ==========

SRV - [2015.03.19 10:00:19 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015.02.05 13:37:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.12.01 12:56:19 | 000,082,584 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.06 00:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Work\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Ap10isdefc)
DRV - [2014.09.22 08:20:06 | 000,191,928 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eamonm.sys -- (eamonm)
DRV - [2014.09.22 08:20:06 | 000,135,296 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2014.09.22 08:20:06 | 000,119,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.20 20:38:24 | 000,006,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009.03.08 21:15:14 | 000,006,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006.11.22 07:20:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2005.08.19 02:40:10 | 000,074,752 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005.07.09 01:10:06 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.09.08 03:29:12 | 000,769,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.14 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.05.02 10:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7Be4ec0a9a-31e2-5363-6c0e-4351415b6506%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2015.03.19 09:59:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015.03.19 09:59:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2015.02.25 13:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010.04.30 06:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Extensions
[2015.04.03 11:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions
[2015.04.02 14:20:59 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\{e4ec0a9a-31e2-5363-6c0e-4351415b6506}
[2015.04.03 11:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\f3r283vj.default-1352817939000\extensions\staged
[2015.03.19 09:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.03.19 10:00:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\WORK\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\F3R283VJ.DEFAULT-1352817939000\EXTENSIONS\{E4EC0A9A-31E2-5363-6C0E-4351415B6506}

O1 HOSTS File: ([2015.02.03 11:03:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3C23EF-CBB1-417A-BB2B-1B4104E91040}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.18 22:42:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015.04.03 10:33:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2015.04.02 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\OTL
[2015.04.02 10:58:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\PCHunter_free
[2015.04.02 10:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\AdwCleaner
[2015.04.01 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\FRST-OlderVersion
[2015.03.27 15:30:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Work\Recent
[2015.03.19 09:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2015.04.03 16:37:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2015.04.03 15:55:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.03 13:55:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.03 10:37:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015.04.03 10:37:23 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2015.04.03 10:37:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.04.02 12:39:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2015.04.02 11:05:40 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:08 | 006,739,485 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:18 | 002,208,768 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.04.01 13:05:09 | 001,135,104 | ---- | M] (Farbar) -- C:\Documents and Settings\Work\Plocha\FRST.exe
[2015.03.31 11:15:52 | 001,051,904 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.31 11:12:00 | 001,057,520 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.30 09:28:22 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015.03.30 09:28:22 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2015.03.30 09:28:21 | 000,441,240 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2015.03.30 09:28:21 | 000,083,990 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2015.03.19 17:01:20 | 002,800,538 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
[2015.03.08 16:00:00 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2015.03.04 22:17:06 | 000,407,006 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\untitled(1).bmp

========== Files Created - No Company Name ==========

[2015.04.02 11:05:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.04.02 10:37:32 | 006,739,485 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:08 | 002,208,768 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.03.31 11:05:18 | 001,057,520 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.31 11:05:18 | 001,051,904 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.25 13:38:19 | 008,049,935 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\vyjádření_mlýn Hořenice.zip
[2015.03.25 13:38:12 | 003,443,087 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\výkresy_mlýn Hořenice.zip
[2015.03.19 17:02:35 | 002,800,538 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
[2015.03.04 22:17:06 | 000,407,006 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\untitled(1).bmp
[2015.02.03 10:50:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2015.02.03 10:50:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2015.02.03 10:50:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2015.02.03 10:50:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2015.02.03 10:50:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.11.13 19:08:47 | 000,631,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.05.16 15:59:59 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2012.11.23 02:39:45 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2012.05.15 10:19:25 | 000,024,772 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100DEF.css
[2012.05.15 10:19:25 | 000,004,188 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100OS.HTM
[2012.05.15 10:19:25 | 000,002,944 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100SIG.GIF
[2010.06.11 14:40:57 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Work\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.15 15:58:56 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat

========== ZeroAccess Check ==========

[2006.05.19 11:54:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Re: Trojský kůň JS/Kryptik.I

Napsal: 03 dub 2015 17:26
od untchek
OK, necháme to na úterý.
Zatím díky a veselé Velikonoce:)

Re: Trojský kůň JS/Kryptik.I

Napsal: 07 dub 2015 09:28
od untchek
Zdravím,
odistalováno, vyzobáno a zpět nainstalováno. Zatím je klid.

Mám udělat ještě nějaký Log?

Re: Trojský kůň JS/Kryptik.I

Napsal: 08 dub 2015 09:28
od untchek
Tady to je:

OTL logfile created on: 8.4.2015 10:15:30 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Work\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 69,54% Memory free
1,85 Gb Paging File | 1,53 Gb Available in Paging File | 82,67% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 22,31 Gb Free Space | 29,94% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 11,63 Gb Free Space | 15,60% Space Free | Partition Type: NTFS

Computer Name: WORK-HK | User Name: Work | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
PRC - [2014.09.22 15:10:26 | 005,088,456 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
PRC - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.04.06 10:40:40 | 000,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
PRC - [2003.07.17 21:50:42 | 000,217,180 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2011.06.01 11:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
MOD - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [2010.03.04 17:55:34 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010.03.04 17:55:14 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2003.07.19 13:14:14 | 000,028,672 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\AcroTray.CZE


========== Services (SafeList) ==========

SRV - [2015.04.03 07:37:50 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.09.16 11:08:52 | 001,350,112 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011.04.27 17:23:10 | 000,871,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2010.04.07 14:57:42 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.12.01 12:56:19 | 000,082,584 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008.06.06 00:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Work\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Ap10isdefc)
DRV - [2014.09.22 08:20:06 | 000,191,928 | ---- | M] (ESET) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eamonm.sys -- (eamonm)
DRV - [2014.09.22 08:20:06 | 000,135,296 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2014.09.22 08:20:06 | 000,119,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.20 20:38:24 | 000,006,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009.03.08 21:15:14 | 000,006,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006.11.22 07:20:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2005.08.19 02:40:10 | 000,074,752 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005.07.09 01:10:06 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.09.08 03:29:12 | 000,769,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.14 20:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.05.02 10:47:08 | 000,023,040 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\GVCplDrv.sys -- (GVCplDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.hiddenOneOffs: "DuckDuckGo,Heuréka,Slunečnice,Wikipedie (cs)"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2015.04.03 12:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2015.04.07 10:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Extensions
[2015.04.07 13:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Work\Data aplikací\Mozilla\Firefox\Profiles\wrac459j.default\extensions
[2015.04.07 10:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015.04.07 10:17:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2015.02.03 11:03:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [MacrokeyManager] C:\WINDOWS\System32\WTMKM.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [seznam-listicka-distribuce] C:\Program Files\Seznam.cz\distribution\szninstall.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3C23EF-CBB1-417A-BB2B-1B4104E91040}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.05.18 22:42:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2015.04.07 12:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Data aplikací\Macromedia
[2015.04.07 10:24:35 | 000,778,928 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015.04.07 10:24:35 | 000,142,512 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015.04.07 10:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Local Settings\Data aplikací\Mozilla
[2015.04.07 10:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Data aplikací\Mozilla
[2015.04.07 10:17:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Mozilla
[2015.04.07 10:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015.04.07 10:14:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Work\Recent
[2015.04.03 12:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2015.04.03 10:33:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2015.04.02 11:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\OTL
[2015.04.02 10:58:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\PCHunter_free
[2015.04.02 10:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\AdwCleaner
[2015.04.01 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Work\Plocha\FRST-OlderVersion

========== Files - Modified Within 30 Days ==========

[2015.04.08 09:55:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015.04.07 13:55:00 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015.04.07 10:24:35 | 000,778,928 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2015.04.07 10:24:35 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2015.04.07 10:17:48 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2015.04.07 09:15:04 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
[2015.04.07 09:15:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015.04.07 09:11:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015.04.02 12:39:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2015.04.02 11:05:40 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.04.02 10:58:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Work\Plocha\OTL.exe
[2015.04.02 10:38:08 | 006,739,485 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:18 | 002,208,768 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.04.01 13:05:09 | 001,135,104 | ---- | M] (Farbar) -- C:\Documents and Settings\Work\Plocha\FRST.exe
[2015.03.31 11:15:52 | 001,051,904 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.31 11:12:00 | 001,057,520 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.30 09:28:22 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015.03.30 09:28:22 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2015.03.30 09:28:21 | 000,441,240 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2015.03.30 09:28:21 | 000,083,990 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2015.03.19 17:01:20 | 002,800,538 | ---- | M] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg

========== Files Created - No Company Name ==========

[2015.04.07 10:17:48 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Mozilla Firefox.lnk
[2015.04.07 10:17:48 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2015.04.02 11:05:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.04.02 10:37:32 | 006,739,485 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\PCHunter_free.zip
[2015.04.02 10:15:08 | 002,208,768 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
[2015.03.31 11:05:18 | 001,057,520 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.bpn
[2015.03.31 11:05:18 | 001,051,904 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\VDA-KOOSITU-R00.pln
[2015.03.25 13:38:19 | 008,049,935 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\vyjádření_mlýn Hořenice.zip
[2015.03.25 13:38:12 | 003,443,087 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\výkresy_mlýn Hořenice.zip
[2015.03.19 17:02:35 | 002,800,538 | ---- | C] () -- C:\Documents and Settings\Work\Plocha\pasport Hořenický mlýn 2015_03_18 (export dwg 2010).dwg
[2015.02.03 10:50:36 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2015.02.03 10:50:36 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2015.02.03 10:50:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2015.02.03 10:50:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2015.02.03 10:50:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.11.13 19:08:47 | 000,631,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.05.16 15:59:59 | 000,057,552 | ---- | C] () -- C:\WINDOWS\System32\WkDos.exe
[2012.11.23 02:39:45 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2012.05.15 10:19:25 | 000,024,772 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100DEF.css
[2012.05.15 10:19:25 | 000,004,188 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100OS.HTM
[2012.05.15 10:19:25 | 000,002,944 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\P1100SIG.GIF
[2010.06.11 14:40:57 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Work\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.15 15:58:56 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat

========== ZeroAccess Check ==========

[2006.05.19 11:54:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Re: Trojský kůň JS/Kryptik.I

Napsal: 08 dub 2015 13:49
od untchek
Pls, ten odkaz nefachčí:

502 Bad Gateway

Re: Trojský kůň JS/Kryptik.I

Napsal: 10 dub 2015 09:19
od untchek
Hotovo.

# DelFix v10.9 - Logfile created 10/04/2015 at 10:18:14
# Updated 27/02/2015 by Xplode
# Username : Work - WORK-HK
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\Work\Plocha\FRST-OlderVersion
Deleted : C:\Documents and Settings\Work\Plocha\Addition.txt
Deleted : C:\Documents and Settings\Work\Plocha\adwcleaner_4.200.exe
Deleted : C:\Documents and Settings\Work\Plocha\FRST.exe
Deleted : C:\Documents and Settings\Work\Plocha\FRST.txt
Deleted : C:\Documents and Settings\Work\Plocha\OTL.Txt
Deleted : C:\Documents and Settings\Work\Plocha\OTL.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

########## - EOF - ##########

Re: Trojský kůň JS/Kryptik.I

Napsal: 20 dub 2015 10:25
od untchek
Zdravím,
problémy ustaly. Minulý týden jsem byl mimo, takže dodatečně velké díky.
Zaslouží si to odměnu, posílám dar...
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz