Prosím o kontrolu logu - řeším delší dobu Vyřešeno

[mipal123]

Zemana píše že už je PC čistý ale stránky pořád naskakují

[Reklama]

[jerabina]

Nálezy v RogueKilleru jsi nesmazal, jak psal kolega zde:

- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Takže to proveď prosím znova a dle postupu.

Zoek nejde stáhnout ani jako .exe verze? Nebo jak nejde stáhnout?

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše. Prosím zkopíruj sem celý jejich obsah.

[mipal123]

ZOEK.exe jsem spustil a napsalo mi, že není pro můj WIN10.

Ještě jsem zkusil odinstalovat chrome a znova nainstalovat.Tak se to neukázalo ale jak se přihlásím pod svůj účet tak to opět naběhe. Stejně tak pokud to na stolním PC už nemám, tak na noťasu to mám stále...

[jerabina]

Ten ZOEK.exe by měl jít normálně spustit na WIN10. Zkusíme ho v nouzovém režimu během dalšího čištění.

Ještě jsem zkusil odinstalovat chrome a znova nainstalovat.Tak se to neukázalo ale jak se přihlásím pod svůj účet tak to opět naběhe. Stejně tak pokud to na stolním PC už nemám, tak na noťasu to mám stále...

Ano, jedná se o synchronizaci mezi zařízeními v rámci Google účtu. Synchronizují se Aplikace, Rozšíření, Nastavení, Autovyplňování, Historie, Motivy, Záložky, Hesla, Otevřené karty... Udělal bych to tedy tak, že tento malware odstraníme na jednom počítači a následně resetujeme synchronizaci. Záleží, kde je to v pořádku a kde je ten malware, tento postup je pro případ, že malware je na notebooku a stolní PC je čistý. Takže nějak takto:

- Na stolním PC se odhlas od Google účtu.
- Na notebooku se přihlas.
-Následující kroky platí pro notebook
- Vymaž nález v RogueKilleru.
- Udělej ZOEK.exe v nouzovém režimu.
- Vlož sem logy z FRST a počkej na fixlist, ten následně provedeš.
- Jakmile bude jistota, že je notebook čistý, otevřeš v Chromu stránku https://www.google.com/settings/chrome/sync
- Dole je tlačítko Resetovat synchronizaci, takže to provedeš.
- Poté se můžeš přihlásit do Google účtu i na stolním PC.

[mipal123]

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Palencar on 20.01.2017 at 23:36:03,23.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Palencar\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20.01.2017 23:37:18 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Belarc deleted successfully
C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\HiSuiteOuc deleted successfully
C:\PROGRA~3\LDTeditor deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Palencar\AppData\Local\ActiveSync deleted successfully
C:\Users\Palencar\AppData\Local\GHISLER deleted successfully
C:\Users\Palencar\AppData\Local\Opera Software deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4156367917-1487001633-1756145386-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7485692F-2F3C-4C5A-9D6B-CD506B2ABC5C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7485692F-2F3C-4C5A-9D6B-CD506B2ABC5C} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Palencar\AppData\Roaming\Mozilla\Firefox\Profiles\2ju8y4fi.default\prefs.js:

Added to C:\Users\Palencar\AppData\Roaming\Mozilla\Firefox\Profiles\2ju8y4fi.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Belarc not found
C:\Users\Palencar\.android deleted
C:\PROGRA~3\{C6FA530F-BB98-4D9F-BA00-45FD0698077C} deleted
C:\PROGRA~3\Package Cache deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
"c:\windows\Installer\20781.msi" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Palencar\AppData\Roaming\Mozilla\Firefox\Profiles\2ju8y4fi.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Palencar\AppData\Roaming\Mozilla\Firefox\Profiles\2ju8y4fi.default
B5CFBB8AC7C0069D80DBEAA72F3CE9E2 - C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll - Shockwave for Director / Shockwave for Director


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Google Drive App Launcher - Palencar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Copy clean Links - Palencar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mccgphdljaoibmimmngmeehgdocpcajn
Chrome Media Router - Palencar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_uhytajrtpo-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppingcart.aliexpress.com_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shoppingcart.aliexpress.com_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-emea.doubleclick.net_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-emea.doubleclick.net_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adexchangeprediction.com_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adexchangeprediction.com_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.donation-tools.org_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage deleted successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRHPR1&src=IE11TR&pc=HRTS</a><br>HKCU\SearchScopes" src="/static/wm-old/css/default/img/empty.gif" "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRHPR1&src=IE11TR&pc=HRTS</a></p><p>====" src="/static/wm-old/css/default/img/empty.gif" Reset Google Chrome ======================

C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F6FC40519318F79468CF6471B476FCF7 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C06CE0-EA53-4E7D-BABB-AE5C5A10B774} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1504CF6F-8139-497F-86FC-46174B67CF7F} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\0EC60C0A35AED7E4ABBBEAC5A5017B47 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F6FC40519318F79468CF6471B476FCF7 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Palencar\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Palencar\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Palencar\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Palencar\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Palencar\AppData\Local\Mozilla\Firefox\Profiles\2ju8y4fi.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Palencar\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=70 folders=46 163028881 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Palencar\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 21.01.2017 at 0:06:04,27 ======================

[mipal123]

Tak po tom ZOEK na noťasu už nic nevyskakuje...ani po přihlášení...teď otázka zda se přihlásit na stolním PC bay to také tady někde nebylo...

[mipal123]

ZOEK mi nejde spustit na stolním PC ani v nouzovém režimu (TATO APLIKACE NEMŮŽE BĚŽET VE VAŠEM POČITAČÍ), i když přitom na noťasu šel spustit normálně.

[Orcus]

Pokud chceš čistit 2 PC, založ pro každé vlastní téma. Jinak v tom bude bordel.

+ Vlož log z FRST.

[mipal123]

Tak jsem se přihlásil na PC i noťasu (myslím v chrome) a vyskakování oken je pryč. řekl bych, že pomohl až ZOEK !

Díky za pomoc !

[jerabina]

Pokud tedy nechceš pokračovat, tak po sobě uklidíme a můžeš to tu uzavřít.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku".

[mipal123]

# DelFix v1.013 - Logfile created 21/01/2017 at 18:27:38
# Updated 17/04/2016 by Xplode
# Username : pc - PC-PC
# Operating System : Windows 10 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : C:\Users\pc\Downloads\adwcleaner_6.042.exe
Deleted : C:\Users\pc\Downloads\FRST64.exe
Deleted : C:\Users\pc\Downloads\JRT (1).exe
Deleted : C:\Users\pc\Downloads\JRT.exe
Deleted : C:\Users\pc\Downloads\HijackThis.exe
Deleted : C:\Users\pc\Downloads\RogueKillerX64.exe
Deleted : C:\Users\pc\Downloads\TFC.exe
Deleted : C:\Users\pc\Downloads\zoek.exe
Deleted : C:\Users\pc\Downloads\zoek.rar
Deleted : C:\Users\pc\Downloads\zoek.zip
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #8 [Naplánovaný kontrolní bod | 01/08/2017 14:28:05]
Deleted : RP #9 [Installed HP Deskjet 1050 J410 series Basic Device Software | 01/09/2017 20:26:55]
Deleted : RP #10 [JRT Pre-Junkware Removal | 01/19/2017 19:46:41]

New restore point created !

########## - EOF - ##########