Prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

pitrsnoaco
Level 1
Level 1
Příspěvky: 78
Registrován: leden 08
Pohlaví: Nespecifikováno
Stav:
Offline

Prosím o kontrolu logu  Vyřešeno

Příspěvekod pitrsnoaco » 20 bře 2017 23:16

Ahoj, prosím o kontrolu logu. Jedná se spíše o preventivní kontrolu, nicméně mám pocit, že notebook je poslední dobou trochu liný ale na druhou stranu je přes 5 let starý.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:11:35, on 20.3.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18618)

FIREFOX: 15.0.1 (cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Petr\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10296 bytes

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 21 bře 2017 09:21

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Skenovat nyní
- po proběhnutí programu se ti objeví hláška vpravo dole, tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

pitrsnoaco
Level 1
Level 1
Příspěvky: 78
Registrován: leden 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod pitrsnoaco » 22 bře 2017 22:08

# AdwCleaner v6.044 - Log vytvořen 22/03/2017 v 21:41:26
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-20.1 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Petr - PETR-PC
# Spuštěno z : C:\Users\Petr\Desktop\AdwCleaner.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Složky ] *****

Složka nalezena: C:\Users\Petr\AppData\LocalLow\Browse2Save
Složka nalezena: C:\extensions
Složka nalezena: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fdloijijlkoblmigdofommgnheckmaki


***** [ Soubory ] *****

Soubor nalezen: C:\END


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupci ] *****

Žádný infikovaný zástupce nenalezen.


***** [ Naplánované úlohy ] *****

Žádná nebezpečná úloha nenalezena.


***** [ Registry ] *****

Klíč nalezen: HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Classes\pokki
Klíč nalezen: HKCU\Software\Classes\pokki
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.Protector
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Klíč nalezen: [x64] HKCU\Software\Classes\pokki
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Klíč nalezen: HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\ParetoLogic
Klíč nalezen: HKCU\Software\ParetoLogic
Klíč nalezen: HKLM\SOFTWARE\ParetoLogic
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Klíč nalezen: [x64] HKCU\Software\ParetoLogic
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Chromium nastavení nalezeno: [C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.conduit.com
Chromium nastavení nalezeno: [C:\Users\Petr\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3323 Bajty] - [22/03/2017 21:28:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [3222 Bajty] - [22/03/2017 21:41:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3295 Bajty] ##########



Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 22.3.2017
Čas skenování: 21:42
Protokol: MAM.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2017.03.22.09
Databáze rootkitů: v2017.03.11.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Petr

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 484934
Uplynulý čas: 21 min, 12 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 22 bře 2017 23:08

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Scan“, po prohledání klikni na „ Clean

Program provede opravu, po automatickém restartu klikni na „Log Manager“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY

64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

pitrsnoaco
Level 1
Level 1
Příspěvky: 78
Registrován: leden 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod pitrsnoaco » 24 bře 2017 22:30

# AdwCleaner v6.044 - Log vytvořen 23/03/2017 v 21:48:06
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-23.2 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : Petr - PETR-PC
# Spuštěno z : C:\Users\Petr\Desktop\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\Petr\AppData\LocalLow\Browse2Save
[-] Složka smazána: C:\extensions
[-] Složka smazána: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fdloijijlkoblmigdofommgnheckmaki


***** [ Soubory ] *****

[-] Soubor smazán: C:\END


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Classes\pokki
[#] Klíč smazán po restartu: HKCU\Software\Classes\pokki
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\pokki
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Klíč smazán: HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\ParetoLogic
[#] Klíč smazán po restartu: HKCU\Software\ParetoLogic
[-] Klíč smazán: HKLM\SOFTWARE\ParetoLogic
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[#] Klíč smazán po restartu: [x64] HKCU\Software\ParetoLogic
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj


***** [ Prohlížeče ] *****

[-] [C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: search.conduit.com
[-] [C:\Users\Petr\AppData\Local\Comodo\Dragon\User Data\Default\Web data] [Search Provider] Smazáno: ask.com


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3150 Bajty] - [23/03/2017 21:48:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [3323 Bajty] - [22/03/2017 21:28:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [3398 Bajty] - [22/03/2017 21:41:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [3469 Bajty] - [23/03/2017 21:47:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3442 Bajty] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64
Ran by Petr (Administrator) on źt 23.03.2017 at 21:54:05,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 13

Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Petr) (Task)
Successfully deleted: C:\Windows\system32\Tasks\SmartDefrag_Startup (Task)
Successfully deleted: C:\Users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43P3821B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5695YSSP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S9LB500 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RVG2OUMZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Petr\desktop\Continue installation - SevenZip Installation.lnk (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43P3821B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5695YSSP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9S9LB500 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RVG2OUMZ (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 23.03.2017 at 22:08:03,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



2017-03-23 21:16:28.258 Sophos Virus Removal Tool version 2.5.6
2017-03-23 21:16:28.258 Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2017-03-23 21:16:28.259 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-03-23 21:16:28.259 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2017-03-23 21:16:28.262 Checking for updates...
2017-03-23 21:16:41.033 Update progress: proxy server not available
2017-03-23 21:16:47.007 Option all = no
2017-03-23 21:16:47.007 Option recurse = yes
2017-03-23 21:16:47.007 Option archive = no
2017-03-23 21:16:47.007 Option service = yes
2017-03-23 21:16:47.007 Option confirm = yes
2017-03-23 21:16:47.007 Option sxl = yes
2017-03-23 21:16:47.009 Option max-data-age = 35
2017-03-23 21:16:47.009 Option vdl-logging = yes
2017-03-23 21:16:47.017 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-03-23 21:16:47.017 Machine ID: b4f0c70280174e0c82b3869e49e09c7a
2017-03-23 21:16:47.019 Component SVRTcli.exe version 2.5.6
2017-03-23 21:16:47.020 Component control.dll version 2.5.6
2017-03-23 21:16:47.020 Component SVRTservice.exe version 2.5.6
2017-03-23 21:16:47.021 Component engine\osdp.dll version 1.44.1.2280
2017-03-23 21:16:47.021 Component engine\veex.dll version 3.68.0.2280
2017-03-23 21:16:47.021 Component engine\savi.dll version 9.0.7.2280
2017-03-23 21:16:47.022 Component rkdisk.dll version 1.5.31.1
2017-03-23 21:16:47.022 Version info: Product version 2.5.6
2017-03-23 21:16:47.023 Version info: Detection engine 3.68.0
2017-03-23 21:16:47.023 Version info: Detection data 5.36
2017-03-23 21:16:47.023 Version info: Build date 7.2.2017
2017-03-23 21:16:47.023 Version info: Data files added 343
2017-03-23 21:16:47.023 Version info: Last successful update (not yet updated)
2017-03-23 21:16:54.462 Downloading updates...
2017-03-23 21:16:54.463 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-03-23 21:16:54.464 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-23 21:16:54.464 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-23 21:16:54.464 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-03-23 21:16:54.464 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-03-23 21:16:54.464 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-03-23 21:16:54.464 Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-03-23 21:16:54.464 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path=
2017-03-23 21:16:54.464 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path=
2017-03-23 21:16:54.464 Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=]
2017-03-23 21:16:54.464 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path=
2017-03-23 21:16:54.464 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path=
2017-03-23 21:16:54.464 Update progress: [I49502] sdds.data0910.xml: found supplement IDE539 LATEST path= baseVersion= [included from product IDE538 LATEST path=]
2017-03-23 21:16:54.464 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE539 LATEST path=
2017-03-23 21:16:54.465 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE539 LATEST path=
2017-03-23 21:16:54.465 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-03-23 21:16:54.624 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-03-23 21:16:54.624 Update progress: [I19463] Product download size 158884372 bytes
2017-03-23 21:17:03.698 Update progress: [I19463] Syncing product IDE537 LATEST path=
2017-03-23 21:17:03.698 Update progress: [I19463] Product download size 2537599 bytes
2017-03-23 21:17:08.069 Update progress: [I19463] Syncing product IDE538 LATEST path=
2017-03-23 21:17:08.070 Update progress: [I19463] Product download size 2280148 bytes
2017-03-23 21:17:15.895 Update progress: [I19463] Syncing product IDE539 LATEST path=
2017-03-23 21:17:15.896 Update progress: [I19463] Product download size 1646861 bytes
2017-03-23 21:17:20.724 Installing updates...
2017-03-23 21:17:21.731 Error level 1
2017-03-23 21:17:38.624 Update successful
2017-03-23 21:18:03.312 Option all = no
2017-03-23 21:18:03.313 Option recurse = yes
2017-03-23 21:18:03.313 Option archive = no
2017-03-23 21:18:03.313 Option service = yes
2017-03-23 21:18:03.313 Option confirm = yes
2017-03-23 21:18:03.313 Option sxl = yes
2017-03-23 21:18:03.315 Option max-data-age = 35
2017-03-23 21:18:03.315 Option vdl-logging = yes
2017-03-23 21:18:03.321 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-03-23 21:18:03.321 Machine ID: b4f0c70280174e0c82b3869e49e09c7a
2017-03-23 21:18:03.323 Component SVRTcli.exe version 2.5.6
2017-03-23 21:18:03.323 Component control.dll version 2.5.6
2017-03-23 21:18:03.323 Component SVRTservice.exe version 2.5.6
2017-03-23 21:18:03.324 Component engine\osdp.dll version 1.44.1.2280
2017-03-23 21:18:03.324 Component engine\veex.dll version 3.68.0.2280
2017-03-23 21:18:03.324 Component engine\savi.dll version 9.0.7.2280
2017-03-23 21:18:03.325 Component rkdisk.dll version 1.5.31.1
2017-03-23 21:18:03.325 Version info: Product version 2.5.6
2017-03-23 21:18:03.326 Version info: Detection engine 3.68.0
2017-03-23 21:18:03.326 Version info: Detection data 5.36
2017-03-23 21:18:03.326 Version info: Build date 7.2.2017
2017-03-23 21:18:03.326 Version info: Data files added 343
2017-03-23 21:18:03.326 Version info: Last successful update 23.3.2017 22:17:38

2017-03-23 21:57:48.186 Warning: rootkit scan failed to open volume "\\?\Volume{faf13447-abe3-11e0-a148-c80aa9ce00b1}" (5)
2017-03-23 21:57:57.192 Could not open C:\hiberfil.sys
2017-03-23 21:59:57.346 Could not open C:\pagefile.sys
2017-03-23 22:31:15.428 Could not check C:\ProgramData\Rosetta Stone\Content\data\19\4\1940dc2945055723c1f83b394086d03395d989b8 (corrupt)
2017-03-23 22:39:01.806 Could not check C:\ProgramData\Rosetta Stone\Content\data\48\e\48ea6ac488213e4d8c1914a71bac944121fb5c7f (corrupt)
2017-03-23 22:43:49.923 Could not check C:\ProgramData\Rosetta Stone\Content\data\67\4\6743c9ab17f6136a790a3205993111450815b133 (corrupt)
2017-03-23 22:49:47.257 Could not check C:\ProgramData\Rosetta Stone\Content\data\8a\f\8af9503c71a66fac895aca85824c2e657415a7f8 (corrupt)
2017-03-23 22:53:16.110 Could not check C:\ProgramData\Rosetta Stone\Content\data\a0\a\a0a9ead921aed5f695027822f8a5834725122a5a (corrupt)
2017-03-23 23:06:40.463 Could not check C:\ProgramData\Rosetta Stone\Content\data\ee\a\eea95b89c22098749e1beadc61d651bc064cc55e (out of memory)
2017-03-23 23:10:00.721 Could not open C:\System Volume Information\{36052e8a-100a-11e7-95cd-c80aa9ce00b1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-23 23:10:00.721 Could not open C:\System Volume Information\{36052ea6-100a-11e7-95cd-c80aa9ce00b1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-23 23:10:00.721 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-23 23:10:00.721 Could not open C:\System Volume Information\{87d499fc-db31-11e6-aebb-c80aa9ce00b1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-23 23:10:00.721 Could not open C:\System Volume Information\{88d18b3b-f6da-11e6-965b-c80aa9ce00b1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-23 23:10:00.721 Could not open C:\System Volume Information\{985ebb78-08ea-11e7-a1ee-c80aa9ce00b1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-23 23:10:00.721 Could not open C:\System Volume Information\{fc59977d-0a73-11e7-bd7f-c80aa9ce00b1}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-03-23 23:20:58.652 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-03-23 23:20:58.652 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-03-23 23:21:13.176 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-03-23 23:21:13.191 Could not open C:\Windows\System32\config\RegBack\SAM
2017-03-23 23:21:13.191 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-03-23 23:21:13.191 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-03-23 23:21:13.191 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-03-24 00:01:51.054 Could not open LOGICAL:0003:00000000
2017-03-24 00:01:51.086 Could not open D:\
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file G:\Dokumenty\zelena oaza\Zaloha 6.11.2014\www\wp-admin\d12d82.php
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2017-03-24 00:03:11.036 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file G:\Dokumenty\zelena oaza\Zaloha 6.11.2014\www\wp-content\plugins\wp_add\mod_system.php
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKU\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnIntranet
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2017-03-24 00:03:19.772 >>> Virus 'Troj/PHPShl-AH' found in file HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
2017-03-24 00:06:41.433 Could not check G:\Zaloha Peta\PETR\CZU\OS2\TEORIE - OS.doc (corrupt)
2017-03-24 00:07:10.106 Could not open LOGICAL:0007:00000000
2017-03-24 00:07:10.106 Could not open H:\
2017-03-24 00:07:10.106 Could not open LOGICAL:0010:00000000
2017-03-24 00:07:10.106 Could not open Q:\
2017-03-24 00:07:10.309 The following items will be cleaned up:
2017-03-24 00:07:10.309 Troj/PHPShl-AH

pitrsnoaco
Level 1
Level 1
Příspěvky: 78
Registrován: leden 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod pitrsnoaco » 24 bře 2017 22:33

RogueKiller V12.10.1.0 (x64) [Mar 20 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Petr [Administrator]
Started from : C:\Users\Petr\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 03/24/2017 20:25:20 (Duration : 01:53:58)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 7 ¤¤¤
[Tr.Gen0][File] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Found
[Tr.Gen0][File] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][Firefox:Config] 0f48g9z5.default : user_pref("network.proxy.http", "217.195.169.113"); -> Found
[PUM.Proxy][Firefox:Config] 0f48g9z5.default : user_pref("network.proxy.http_port", 8080); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] a19f55afb745f3be060679a42e66b31b
[BSP] dae651990d8bda2e7c8783837f6e2aef : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27265024 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27469824 | Size: 235028 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 508807168 | Size: 228498 MB
User = LL1 ... OK
User = LL2 ... OK

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod Orcus » 25 bře 2017 06:20

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;


Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Na konci klepni na tlačítko Nastavení (ozubené kolo v rohu)> Advanced> ""
- "Přečetl jsem si upozornění a chci pokračovat stejně .....
Zaškrtnutí Auto Launch
Nezaškrtnutí Auto upload
Zaškrtnutí All Browser Extensions (Všechna rozšíření prohlížeče)
Inteligentní nastavení skenování jako náhrada za hloubkové prověření
Zavři všechny otevřené soubory, složky a prohlížeče
Klepni na tlačítko Scan now (Skenovat) a začne sken hrozeb.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.

pitrsnoaco
Level 1
Level 1
Příspěvky: 78
Registrován: leden 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod pitrsnoaco » 25 bře 2017 22:23

RogueKiller V12.10.1.0 (x64) [Mar 20 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Petr [Práva správce]
Started from : C:\Users\Petr\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 03/25/2017 16:44:19 (Duration : 01:53:25)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 7 ¤¤¤
[Tr.Gen0][Soubor] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Smazáno
[Tr.Gen0][Soubor] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Smazáno
[Tr.Gen0][Soubor] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Smazáno
[Tr.Gen0][Soubor] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Smazáno
[Tr.Gen0][Soubor] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Smazáno
[Tr.Gen0][Soubor] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Smazáno
[Tr.Gen0][Soubor] C:\Users\Petr\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Smazáno

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.Proxy][Firefox:Config] 0f48g9z5.default : user_pref("network.proxy.http", "217.195.169.113"); -> Smazáno
[PUM.Proxy][Firefox:Config] 0f48g9z5.default : user_pref("network.proxy.http_port", 8080); -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] a19f55afb745f3be060679a42e66b31b
[BSP] dae651990d8bda2e7c8783837f6e2aef : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 27265024 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27469824 | Size: 235028 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 508807168 | Size: 228498 MB
User = LL1 ... OK
User = LL2 ... OK



Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Petr on so 25.03.2017 at 19:26:51,34.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Petr\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.3.2017 19:28:02 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AutoHotkey deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\TomTom DesktopSuite deleted successfully
C:\Program Files\Android deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Petr\AppData\Roaming\SynthMaker deleted successfully
C:\Users\Petr\AppData\Roaming\TP deleted successfully
C:\Users\Petr\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Petr\AppData\Local\Android deleted successfully
C:\Users\Petr\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Petr\AppData\Local\EmieSiteList deleted successfully
C:\Users\Petr\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_USERS\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_USERS\S-1-5-21-2229535671-2874666191-3641557215-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\ff-bmboc@bytemobile.com deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\prefs.js:
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine,S", "");
user_pref("browser.search.order.1,S", "");

Added to C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Petr\AppData\Roaming\TomTom\HOME\Profiles\271fei07.default\prefs.js:

Added to C:\Users\Petr\AppData\Roaming\TomTom\HOME\Profiles\271fei07.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AutoHotkey not found
C:\PROGRA~2\TomTom DesktopSuite not found
C:\PROGRA~2\vLite deleted
C:\Users\Petr\.android deleted
C:\PROGRA~2\Prismatic Software deleted
C:\Users\Petr\AppData\Roaming\Thinstall deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\PROGRA~3\{BE48917A-8173-4C25-A322-B40C9D2FDD69} deleted
C:\Users\Petr\AppData\Local\{01A9A77D-6AAA-4910-89DD-AA1CF94D5618} deleted
C:\Users\Petr\AppData\Local\Thinstall deleted
C:\Users\Petr\Downloads\kv2009_en_softonic.exe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Petr\AppData\Roaming\TomTom\HOME\Profiles\271fei07.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [15.01.2017 15:51]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [15.01.2017 15:51]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- iMacros for Firefox - %ProfilePath%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
- Web Developer - %ProfilePath%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

ProfilePath: C:\Users\Petr\AppData\Roaming\TomTom\HOME\Profiles\271fei07.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Petr\AppData\Roaming\Mozilla\Firefox\Profiles\0f48g9z5.default
EC55112EDB2CE5BC2BFCACDB9C2150F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll - Shockwave Flash
1B197A0ED28DB310AB67591567C3787A - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.150.3
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Petr\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[18.11.2013 22:11]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Comodo Drag&Drop Service - Petr\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Petr\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - Petr\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
Avast SafePrice - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Avast Online Security - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Chrome Media Router - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gomekmidlodglbbmalcneegieacbdmki_0.localstorage deleted successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gomekmidlodglbbmalcneegieacbdmki_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{71BBDC7D-DCA0-7371-D5E2-2A38C524CBCC} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_csCZ440"

==== Reset Google Chrome ======================

C:\Users\Petr\AppData\Local\Comodo\Dragon\User Data\Default\Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Petr\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09D72D3B-14F9-0629-05A4-F1F14D70221C} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Petr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Petr\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1192 folders=178 880507905 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\mixcraft 4\AppData\Local\temp emptied successfully
C:\Users\Mixcraft 5\AppData\Local\temp emptied successfully
C:\Users\Mixcraft2\AppData\Local\temp emptied successfully
C:\Users\mixcraft6\AppData\Local\temp emptied successfully
C:\Users\mixcraft7\AppData\Local\temp emptied successfully
C:\Users\Mixcraft8\AppData\Local\temp emptied successfully
C:\Users\Petr\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Petr\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 25.03.2017 at 20:04:28,39 ======================




Zemana AntiMalware 2.72.2.324 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2017.3.25
Operating System : Windows 7 64-bit
Processor : 2X Celeron(R) Dual-Core CPU T3500 @ 2.10GHz
BIOS Mode : Legacy
CUID : 129795A90B848CAF592055
Scan Type : Skenování systému
Duration : 21m 59s
Scanned Objects : 166062
Detected Objects : 4
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Vypnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

ROOT CA KB
Status : Skenováno
Object : HKCU\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5B7C2BF3215036B095CB186609480BDCBA8DFF29\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelý kořenný certifikát
Cleaning Action : Vymazat
Related Objects :
Záznam registru - HKCU\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5B7C2BF3215036B095CB186609480BDCBA8DFF29\Blob = 0400000001000000100000006F7240FC02003F854B7F34B31E104E3B140000000100000014000000307FEBAB9D7B35C8206DA81C221AD9BD9337CE460B000000010000001600000052004F004F00540020004300410020004B00420000000300000001000000140000005B7C2BF3215036B095CB186609480BDCBA8DFF290F0000000100000014000000C6394645A95269E7ED8F69FBA4B81950F9BDFA1A1900000001000000100000008223B7B961525F20DAEDD35E936B3E66200000000100000002040000308203FE308202E6A003020102020101300D06092A864886F70D0101050500305C310B300906035504061302435A31173015060355040A130E4B6F6D6572636E692062616E6B61311F301D060355040B1316446972656374204368616E6E656C2053797374656D73311330110603550403130A524F4F54204341204B42301E170D3033303432383038343732365A170D3233303432383038343534375A305C310B300906035504061302435A31173015060355040A130E4B6F6D6572636E692062616E6B61311F301D060355040B1316446972656374204368616E6E656C2053797374656D73311330110603550403130A524F4F54204341204B4230820122300D06092A864886F70D01010105000382010F003082010A0282010100C09BEB69BAF9A274991E6A5E9898E06096809FFE591806B95EB722A47C511E9AE9B33A17635F67C221384C7288AA14E4AF9A465A73CBC07A2DA61E8329AE7E7757D2E93423DE655F0F9BE40D0D13F6179A1492946E005013305D3CDF68E24A8E8FC844CEE73FDC62EEC0719BFBE172D8C5786457FBE3C75054246D8918E662FEFE89BBD7B158324CAED904735200C108E0EECD7EB035200E0403858EFE7A1C47379C54DEF83A43EA0207ABE435C4888E7B1ACC444E2FC417239FC411786B4EE7E03433806F3DD4A102E6FF9F8AC114E044FADC50CBB567A1013A65C9F389F6DE72B3350A7FC17BFBD15FFC24918977C8A75F042511F52C51CF011DDF649F244F0203010001A381CA3081C730120603551D130101FF040830060101FF0201033081810603551D20047A30783076060C2B811A95CDF73E1F012C03003066303F06082B0601050507020230331A31436572746966696361746520506F6C696379202D20526F6F742043657274696669636174696F6E20417574686F72697479302306082B060105050702011617687474703A2F2F7777772E6D6F6A6562616E6B612E637A300E0603551D0F0101FF0404030201C6301D0603551D0E04160414307FEBAB9D7B35C8206DA81C221AD9BD9337CE46300D06092A864886F70D01010505000382010100B79C72E4AD0B7568CE3CC7922FDC0D4BE2F652F8DDED2971D1D1C173C7BD30D362FEDDFB6F58BA121D57880CE5CA5C30063942B94B6AC01D64572BE3D4652F9073D776E3ED46820896DD3397DFD01E8863B69CE7B53D429244EB3933BE4885AA53354F5B415BC50916BEC144741594BE7BD0000E25D24E398B836CBD023D228911A84F5BA981F827335E610C6F3BF2B0850444852CFB2428C67A9DD916AFC5DEE466593E3C8D623FC2CC4FCA6A748F27ACE3C065373BA2220A6FD7E5A7E8859E9AA8D307AE16DF515554A1797E7EAB3929CDD5566A3BDAFCE05BED46888B749EFAC2F77DDAE48C9A70797BC3D06913A3792FB7471259F65526AFD20C88A6B672

ClockworkMod
Status : Skenováno
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8E9FBA4F0A0974EF5DA6939F17D49F682C78E76E\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelý kořenný certifikát
Cleaning Action : Vymazat
Related Objects :
Záznam registru - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8E9FBA4F0A0974EF5DA6939F17D49F682C78E76E\Blob = 1900000001000000100000004321E029B1DFB58332B4E12D3684B1BA0F00000001000000140000004197EEB33C029DA9C95DF96F3E79C000823926060300000001000000140000008E9FBA4F0A0974EF5DA6939F17D49F682C78E76E14000000010000001400000043A30E1537E622AF0B33246E665F1ABA53273694200000000100000000030000308202FC308201E8A003020102021045FFC961E0ED6DBC4F552B7D1451104A300906052B0E03021D05003017311530130603550403130C436C6F636B776F726B4D6F64301E170D3133303430373233313334345A170D3339313233313233353935395A3017311530130603550403130C436C6F636B776F726B4D6F6430820122300D06092A864886F70D01010105000382010F003082010A0282010100DA79369D868709997C40830E263A887C28CD8E64E569B7BA0FEF133AB825E80633BFF9B8A8439518ABAC49C394061A0A82E3A314FAABDEDB0ACF45DA482B18A1F303BB2434A0886B1F44F50B3CE96E4AFB7E90B0A6F2EB2241D4004AAB7B89BA94240E190753B5509E0EEF626B5BDF75BAEC8B2ED66B5D66144057CEBD98C1635D186B9B9A4E216813D90C7561CEB1B21C9863515587B7A1D0494294C96C8F096CB92772D26CE1F44E86953E47CE641FF67C0C83B818030583F7AC560D8E6FBDDCD98CC8B03F535D0515F157551E09C1AEDD794AD8E9D45649437BE48A88F7B3225C92A95E9C0D54BA57F3C6D7F9EAC1AECF624718912FA6B8DC7CCAD13415270203010001A34C304A30480603551D010441303F8010A7571CAADAC4F456624305DC75A92FEEA1193017311530130603550403130C436C6F636B776F726B4D6F64821045FFC961E0ED6DBC4F552B7D1451104A300906052B0E03021D05000382010100003CDC97A66A3D5B012A163EF57499E469595BBAA1CA37A7B27EFFE614889E76F586DAB0DD60E2D3C1C6B2E1583C4614747D696E75C82B7051FFE3DE80486A59E643329B9C751E429B27CAD025FC1BE66F1ED5910AAA79C70293196B9E13FE8D2239A3672737400DCC67B8D9510D594C9041FCC27A41BE8F08A1F49B922FCD4E3E2049B7D5C378DB362498F0E9B2A370E384D764259DB230F09F7F8A77D0A71EF07CEF836F7EB69A69ECA2DFE1ACD8AA4D50D31FDAE05FC8C7A8684BE4790B98F2A12DD26A06F2A4929031EEA3FD9E6A13363B8C7DCF36797034B20EECB7F4F8795CA6081C29BD6632F1D964D5FF48FA54FAC117CF16F0785ABE5DB375880538

Firefox Search
Status : Skenováno
Object : Jyxo.cz - http://jyxo.cz
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Firefox Search

FormatFactory.exe
Status : Skenováno
Object : %programfiles%\formatfactory\formatfactory.exe
MD5 : 3440B75B8BE1D48DE8B9E422301A229A
Publisher : chen jun hao
Size : 6225736
Version : 3.8.0.0
Detection : PUA:Win32/FormatFactory!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %programfiles%\formatfactory\formatfactory.exe
Odkaz - C:\Users\Petr\Desktop\Format Factory.lnk


Cleaning Result
-------------------------------------------------------
Cleaned : 4
Reported as safe : 0
Failed : 0

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 26 bře 2017 10:03

Vlož nový log z HJT + informuj o problémech
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

pitrsnoaco
Level 1
Level 1
Příspěvky: 78
Registrován: leden 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod pitrsnoaco » 27 bře 2017 22:41

Zatím bych řekl, že se počítač zrychlil, resp. nezpozoroval jsem sekance, které jsem pozoroval dříve. Díky moc!
Nový log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:39:40, on 27.3.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18618)

FIREFOX: 15.0.1 (cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\Launch Manager\LManager.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Petr\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 10376 bytes

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 28 bře 2017 09:43

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')


Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

pitrsnoaco
Level 1
Level 1
Příspěvky: 78
Registrován: leden 08
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Prosím o kontrolu logu

Příspěvekod pitrsnoaco » 28 bře 2017 22:46

Ještě jednou díky moc!

# DelFix v1.013 - Logfile created 28/03/2017 at 22:42:39
# Updated 17/04/2016 by Xplode
# Username : Petr - PETR-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Petr\Desktop\AdwCleaner.exe
Deleted : C:\Users\Petr\Desktop\JRT.exe
Deleted : C:\Users\Petr\Desktop\JRT.txt
Deleted : C:\Users\Petr\Desktop\RogueKiller.txt
Deleted : C:\Users\Petr\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Petr\Desktop\RogueKiller_c.txt
Deleted : C:\Users\Petr\Desktop\zoek-results.txt
Deleted : C:\Users\Petr\Desktop\zoek.exe
Deleted : C:\Users\Petr\Downloads\HijackThis.exe
Deleted : C:\Users\Petr\Downloads\hijackthis.log
Deleted : C:\Users\Petr\Downloads\hijackthis_2
Deleted : C:\Users\Petr\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #316 [Windows Update | 02/26/2017 18:14:50]
Deleted : RP #317 [Driver Booster : Kořenový port 1 sběrnice PCI Express čipové sady řady Intel(R) ICH9 – 2940 | 03/14/2017 19:33:39]
Deleted : RP #318 [Windows Update | 03/20/2017 19:42:11]
Deleted : RP #319 [JRT Pre-Junkware Removal | 03/23/2017 20:54:18]
Deleted : RP #320 [Installed Sophos Virus Removal Tool. | 03/23/2017 21:14:25]
Deleted : RP #321 [zoek.exe restore point | 03/25/2017 18:27:39]

New restore point created !

########## - EOF - ##########


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Majestic-12 [Bot] a 9 hostů