Pls ... preventivka HJT ... THX
Napsal: 05 črc 2015 16:50
Takže Mbam našel a rovnou sem to smazal ...
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 5.7.2015
Čas skenování: 16:01:16
Protokol: mbam5_7_15.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.07.05.03
Databáze rootkitů: v2015.07.05.03
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: uzivatel
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 311720
Uplynulý čas: 17 min, 4 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 1
PUP.Optional.Ask.A, HKU\S-1-5-21-2908763965-3982321827-1301483486-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}, , [b86f0cd2f9914beb482efaa019ec6d93],
Hodnoty registru: 1
PUP.Optional.Ask.A, HKU\S-1-5-21-2908763965-3982321827-1301483486-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}|URL, http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=W3&apn_dtid=YYYYYYYYCZ&apn_uid=42CA8AA7-C309-4B32-BE0D-D629A920A45E&apn_sauid=CE5BF137-C279-472A-8D74-7BF515F0F1D1, , [b86f0cd2f9914beb482efaa019ec6d93]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
PUP.Optional.AskAPN.Gen, C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\cpg0x7ib.default\searchplugins\askcom.xml, , [ab7c6777385259ddaaf3692c24e2eb15],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
-------------------------------------------------------------------------
stahnul a použil jsem CCleaner, ATF cleaner, TFC Cleaner, ADW Cleaner
------------------------------------------------------------------------------
# AdwCleaner v4.207 - Log vytvořen 05/07/2015 v 16:38:54
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-07-05.2 [Server]
# Operační system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Uživatelské jméno : uzivatel - UZIVATEL-PC
# Spuštěno z : C:\Users\uzivatel\Desktop\AdwCleaner.exe
# Nastavení : Sken
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
Data Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - :0
Hodnota Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Hodnota Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
Klíč Nalezeno : HKCU\Software\Avg Secure Update
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
Klíč Nalezeno : HKU\.DEFAULT\Software\Avg Secure Update
***** [ Prohlížeče ] *****
-\\ Internet Explorer v9.0.8112.16659
-\\ Mozilla Firefox v39.0 (x86 cs)
[cpg0x7ib.default] - Řádek Nalezeno : user_pref("browser.search.defaultengine", "Ask.com");
[cpg0x7ib.default] - Řádek Nalezeno : user_pref("browser.search.order.1", "Ask.com");
[cpg0x7ib.default] - Řádek Nalezeno : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[cpg0x7ib.default] - Řádek Nalezeno : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[cpg0x7ib.default] - Řádek Nalezeno : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
*************************
AdwCleaner[R0].txt - [2215 bytů] - [05/07/2015 16:38:54]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2273 bytů] ##########
------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:57, on 5.7.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16659)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 4104 bytes
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 5.7.2015
Čas skenování: 16:01:16
Protokol: mbam5_7_15.txt
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.07.05.03
Databáze rootkitů: v2015.07.05.03
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: uzivatel
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 311720
Uplynulý čas: 17 min, 4 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 1
PUP.Optional.Ask.A, HKU\S-1-5-21-2908763965-3982321827-1301483486-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}, , [b86f0cd2f9914beb482efaa019ec6d93],
Hodnoty registru: 1
PUP.Optional.Ask.A, HKU\S-1-5-21-2908763965-3982321827-1301483486-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}|URL, http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=W3&apn_dtid=YYYYYYYYCZ&apn_uid=42CA8AA7-C309-4B32-BE0D-D629A920A45E&apn_sauid=CE5BF137-C279-472A-8D74-7BF515F0F1D1, , [b86f0cd2f9914beb482efaa019ec6d93]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
PUP.Optional.AskAPN.Gen, C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\cpg0x7ib.default\searchplugins\askcom.xml, , [ab7c6777385259ddaaf3692c24e2eb15],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
-------------------------------------------------------------------------
stahnul a použil jsem CCleaner, ATF cleaner, TFC Cleaner, ADW Cleaner
------------------------------------------------------------------------------
# AdwCleaner v4.207 - Log vytvořen 05/07/2015 v 16:38:54
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-07-05.2 [Server]
# Operační system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Uživatelské jméno : uzivatel - UZIVATEL-PC
# Spuštěno z : C:\Users\uzivatel\Desktop\AdwCleaner.exe
# Nastavení : Sken
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
***** [ Naplánované úlohy ] *****
***** [ Zástupci ] *****
***** [ Registry ] *****
Data Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - :0
Hodnota Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Hodnota Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
Klíč Nalezeno : HKCU\Software\Avg Secure Update
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
Klíč Nalezeno : HKU\.DEFAULT\Software\Avg Secure Update
***** [ Prohlížeče ] *****
-\\ Internet Explorer v9.0.8112.16659
-\\ Mozilla Firefox v39.0 (x86 cs)
[cpg0x7ib.default] - Řádek Nalezeno : user_pref("browser.search.defaultengine", "Ask.com");
[cpg0x7ib.default] - Řádek Nalezeno : user_pref("browser.search.order.1", "Ask.com");
[cpg0x7ib.default] - Řádek Nalezeno : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[cpg0x7ib.default] - Řádek Nalezeno : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[cpg0x7ib.default] - Řádek Nalezeno : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
*************************
AdwCleaner[R0].txt - [2215 bytů] - [05/07/2015 16:38:54]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2273 bytů] ##########
------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:57, on 5.7.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16659)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 4104 bytes