Otravné přesměrování a reklamy

KaitenTsuki · Příspěvekod **KaitenTsuki** » 15 dub 2015 14:01

Dobrý den. Už nějakou dobu se nemůžu zbavit otravného přesměrovávání a nějaké Surveye, hry apod.

Zde posílám log z HijackThis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:01:45, on 15.4.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\já\Dokumenty\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... AHL1343497
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.default-search.net?sid=503&a ... &src=ds&p=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... AHL1343497
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type= ... 1343497&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type= ... 1343497&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.look-for-it.info/?pid= ... Z&unqvl=82
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.default-search.net?sid=503&a ... &src=ds&p=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mystartsearch.com/web/?type= ... 1343497&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mystartsearch.com/web/?type= ... 1343497&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=162.213.31.27:3128;https=162.213.31.27:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: BlockAndSurf - {77A8C66C-A10D-570A-6979-FA46660095F9} - C:\Program Files\version60BlockAndSurf\191.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [kX Mixer] C:\Program Files\kX Audio Driver\3548\kxmixer.exe --startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [mncuyyutySrv] C:\WINDOWS\system32\mncuyyuty.vbe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GB_UPDATE] "C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe" /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GameTracker] C:\Program Files\GameTracker\GTLite.exe
O4 - HKCU\..\Run: [GSplay.exe] C:\Documents%20and%20Settings\j%c3%a1\Plocha\GSplay.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S32D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series (kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S383.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BlockAndSurf - Unknown owner - C:\Program Files\ver4BlockAndSurf\T5ap182.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\WINDOWS\system32\IProsetMonitor.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 10944 bytes

Reklama

mople71 · Příspěvekod **mople71** » 15 dub 2015 14:39

Ahoj!

Rád Ti pomohu s vzniklým problémem. Čti prosím mé instrukce pozorně a pokud si něčím nebudeš jist, vždy se raději zeptej.

Je možné, že budeš muset na chvíli vypnout svůj antivirus.
V rámci čištění budou vyprázdněny dočasné adresáře včetně Koše!

Stáhni si AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/

Ulož na Plochu, spusť jako správce, klikni na Scan a poté Logfile, vyjede na tebe log, ten sem prosím přilož. AdwCleaner na chvíli zavři.

Po vložení logu sem si znovu otevři AdwCleaner, kde klikni na Scan a poté tentokrát na Clean restartuje se PC, po restartu na tebe vyjede další log, ten sem prosím vlož.

---------------------------------------------------------------------------

Stáhni si Zoek: http://download.bleepingcomputer.com/smeenk/zoek.exe

Ulož na Plochu, otevři jako správce, do otevřeného okna vlož tento kód:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

A klikni na Run script, chvíli to potrvá. Po restartu PC prosím přilož jeho log.

KaitenTsuki · Příspěvekod **KaitenTsuki** » 15 dub 2015 14:47

Log z AdwCleaneru :
# AdwCleaner v4.201 - Logfile created 15/04/2015 at 14:43:57
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : já - J-B6J5LB5X2U9P1
# Running from : C:\Documents and Settings\já\Plocha\adwcleaner_4.201.exe
# Option : Scan

***** [ Services ] *****

Service Found : BlockAndSurf
Service Found : {3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gt
Service Found : ed03782f

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru.xpi
File Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\trovi.xml
File Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yandex.xml
File Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js
File Found : C:\END
Folder Found : C:\Documents and Settings\All Users\Data aplikací\DeleteAd
Folder Found : C:\Documents and Settings\All Users\Data aplikací\f95312f000005432
Folder Found : C:\Documents and Settings\já\Data aplikací\EZDownloader
Folder Found : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru
Folder Found : C:\Documents and Settings\já\Data aplikací\RHEng
Folder Found : C:\Documents and Settings\já\Local Settings\Data aplikací\cool_mirage
Folder Found : C:\Documents and Settings\já\Local Settings\Data aplikací\globalUpdate
Folder Found : C:\Documents and Settings\já\Local Settings\Data aplikací\Linkey
Folder Found : C:\Documents and Settings\já\Local Settings\Data aplikací\Radio Canyon
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\uniaSalues
Folder Found : C:\Program Files\UniDeaolsa
Folder Found : C:\Program Files\uniisaales
Folder Found : C:\Program Files\uunisales
Folder Found : C:\Program Files\version60BlockAndSurf
Folder Found : C:\Program Files\version60BlockAndSurf
Folder Found : C:\Program Files\youtubeadblocker

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=162.213.31.27:3128;hxxps=162.213.31.27:3128
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\BlockAndSurf
Key Found : HKCU\Software\Brothersoft
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91397D20-1446-11D4-8AF4-0040CA1127B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77A8C66C-A10D-570A-6979-FA46660095F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77A8C66C-A10D-570A-6979-FA46660095F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91397D20-1446-11D4-8AF4-0040CA1127B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}
Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\405ac3e9-3a7c-b29d-7bed-f0538f4fc633
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{77A8C66C-A10D-570A-6979-FA46660095F9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{77A8C66C-A10D-570A-6979-FA46660095F9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Found : HKLM\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\Driver-Soft
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aminlpmkfcdibgpgfajlgnamicjckkjf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jdkihdhlegcdggknokfekoemkjjnjhgi
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DBD49FBF-387B-E1EC-FC92-58EA59AF1BA8
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DBD49FBF-387B-E1EC-FC92-58EA59AF1BA8
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77A8C66C-A10D-570A-6979-FA46660095F9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77A8C66C-A10D-570A-6979-FA46660095F9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ed03782f}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBD49FBF-387B-E1EC-FC92-58EA59AF1BA8
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBD49FBF-387B-E1EC-FC92-58EA59AF1BA8
Key Found : HKLM\SOFTWARE\mystartsearchSoftware
Key Found : HKLM\SOFTWARE\SmdmF
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{91397D20-1446-11D4-8AF4-0040CA1127B6}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{793B01D5-5EA0-73E2-9C7A-04B7FB2E7C9F}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{F066CD2E-9876-CA0B-3A5C-376DEBF38AEE}]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://www.default-search.net?sid=503&a ... &src=ds&p=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&t ... AHL1343497
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&t ... AHL1343497
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type= ... 1343497&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type= ... 1343497&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.look-for-it.info/?pid= ... Z&unqvl=82
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.default-search.net?sid=503&a ... &src=ds&p=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.mystartsearch.com/web/?type= ... 1343497&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://www.mystartsearch.com/web/?type= ... 1343497&q={searchTerms}

-\\ Mozilla Firefox v37.0.1 (x86 cs)

[nahd6ha2.default] - Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[nahd6ha2.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=3458&r=2015/02/14&hid=5591847364702094051&lg=EN&cc=CZ&unqvl=82&l=1&q=");
[nahd6ha2.default] - Line Found : user_pref("browser.search.hiddenOneOffs", "DuckDuckGo,Heuréka,Yandex,Trovi");
[nahd6ha2.default] - Line Found : user_pref("browser.search.order.1", "WebSearch");
[nahd6ha2.default] - Line Found : user_pref("browser.search.order.1,S", "WebSearch");
[nahd6ha2.default] - Line Found : user_pref("browser.search.selectedEngine", "Trovi");
[nahd6ha2.default] - Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[nahd6ha2.default] - Line Found : user_pref("extensions.vb@yandex.ru.description", "Keep all your favorite sites in one place with Visual Bookmarks. Simply click on the one of the mini webpages to visit a site. You can customize the n[...]

-\\ Google Chrome v41.0.2272.118

-\\ Chromium v

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [10877 bytes] - [15/04/2015 14:43:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10937 bytes] ##########

KaitenTsuki · Příspěvekod **KaitenTsuki** » 15 dub 2015 14:57

Log po restartu PC :
# AdwCleaner v4.201 - Logfile created 15/04/2015 at 14:51:46
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : já - J-B6J5LB5X2U9P1
# Running from : C:\Documents and Settings\já\Plocha\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : BlockAndSurf
[#] Service Deleted : {3ad5a8e4-b8a3-4333-9022-726dc1eda808}Gt
[#] Service Deleted : ed03782f

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\DeleteAd
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\f95312f000005432
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\uniaSalues
Folder Deleted : C:\Program Files\UniDeaolsa
Folder Deleted : C:\Program Files\uniisaales
Folder Deleted : C:\Program Files\uunisales
Folder Deleted : C:\Program Files\version60BlockAndSurf
Folder Deleted : C:\Program Files\youtubeadblocker
Folder Deleted : C:\Documents and Settings\já\Local Settings\Data aplikací\cool_mirage
Folder Deleted : C:\Documents and Settings\já\Local Settings\Data aplikací\globalUpdate
Folder Deleted : C:\Documents and Settings\já\Local Settings\Data aplikací\Linkey
Folder Deleted : C:\Documents and Settings\já\Local Settings\Data aplikací\Radio Canyon
Folder Deleted : C:\Documents and Settings\já\Data aplikací\EZDownloader
Folder Deleted : C:\Documents and Settings\já\Data aplikací\RHEng
Folder Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\vb@yandex.ru
File Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru.xpi
File Deleted : C:\END
File Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\trovi.xml
File Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yqs-barff-yandex.xml
File Deleted : C:\Documents and Settings\já\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{793B01D5-5EA0-73E2-9C7A-04B7FB2E7C9F}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{F066CD2E-9876-CA0B-3A5C-376DEBF38AEE}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aminlpmkfcdibgpgfajlgnamicjckkjf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jdkihdhlegcdggknokfekoemkjjnjhgi
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}
Key Deleted : HKLM\SOFTWARE\405ac3e9-3a7c-b29d-7bed-f0538f4fc633
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ed03782f}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77A8C66C-A10D-570A-6979-FA46660095F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77A8C66C-A10D-570A-6979-FA46660095F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91397D20-1446-11D4-8AF4-0040CA1127B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77A8C66C-A10D-570A-6979-FA46660095F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91397D20-1446-11D4-8AF4-0040CA1127B6}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{91397D20-1446-11D4-8AF4-0040CA1127B6}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BlockAndSurf
Key Deleted : HKCU\Software\Brothersoft
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\Crossrider
Key Deleted : HKLM\SOFTWARE\Driver-Soft
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBD49FBF-387B-E1EC-FC92-58EA59AF1BA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DBD49FBF-387B-E1EC-FC92-58EA59AF1BA8
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=162.213.31.27:3128;hxxps=162.213.31.27:3128

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Mozilla Firefox v37.0.1 (x86 cs)

[nahd6ha2.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[nahd6ha2.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=3458&r=2015/02/14&hid=5591847364702094051&lg=EN&cc=CZ&unqvl=82&l=1&q=");
[nahd6ha2.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "DuckDuckGo,Heuréka,Yandex,Trovi");
[nahd6ha2.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[nahd6ha2.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[nahd6ha2.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi");
[nahd6ha2.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[nahd6ha2.default\prefs.js] - Line Deleted : user_pref("extensions.vb@yandex.ru.description", "Keep all your favorite sites in one place with Visual Bookmarks. Simply click on the one of the mini webpages to visit a site. You can customize the n[...]

-\\ Google Chrome v41.0.2272.118

-\\ Chromium v

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [11017 bytes] - [15/04/2015 14:43:57]
AdwCleaner[R1].txt - [11077 bytes] - [15/04/2015 14:50:34]
AdwCleaner[S0].txt - [9428 bytes] - [15/04/2015 14:51:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9487 bytes] ##########

KaitenTsuki · Příspěvekod **KaitenTsuki** » 15 dub 2015 16:19

Log ze Zoek po restartu PC:

Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by j on st 15.04.2015 at 15:00:58,70.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\J1EA6~1\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15.4.2015 15:03:44 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\EA GAMES deleted successfully
C:\Program Files\FlashControl deleted successfully
C:\Program Files\Gabest deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\ProcessGeneration deleted successfully
C:\Program Files\SegmentAugmenter deleted successfully
C:\DOCUME~1\J1EA6~1\NABDKA~1\Programy\Po spuçtŘnˇ deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\firebird deleted successfully
C:\DOCUME~1\ALLUSE~1\DATAAP~1\nView_Profiles deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-842925246-651377827-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} deleted successfully
HKEY_USERS\S-1-5-21-842925246-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611081104} deleted successfully
HKEY_USERS\S-1-5-21-842925246-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611081104} deleted successfully
HKEY_USERS\S-1-5-21-842925246-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-842925246-651377827-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully
HKEY_USERS\S-1-5-21-842925246-651377827-1801674531-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-842925246-651377827-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{32683183-48a0-441b-a342-7c2a440a9478} deleted successfully

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Program Files\EA GAMES not found
C:\Program Files\FlashControl not found
C:\Program Files\Gabest not found
C:\Program Files\ProcessGeneration not found
C:\Program Files\SegmentAugmenter not found
C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\{8bbe7bd1-6e53-27c5-8bbe-e7bd16e5ef45} deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\lpm.dat deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\{FA77A43D-F6ED-4924-87B5-517C061388C6} deleted
C:\WINDOWS\000001_.tmp deleted
C:\WINDOWS\002286_.tmp deleted
C:\WINDOWS\005219_.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET7.tmp deleted
C:\WINDOWS\tasks\BlockAndSurf Update.job deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [25.10.2014 11:35]

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/"
"Search Bar"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\fi]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\ma]
@="http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\se]
@="http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\vi]
@="http://videa.seznam.cz/?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\zb]
@="http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\J1EA6~1\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\J1EA6~1\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=91 folders=28 16772024 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\J1EA6~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on st 15.04.2015 at 16:16:10,42 ======================

mople71 · Příspěvekod **mople71** » 15 dub 2015 17:31

Stáhni si MBAM (verzi zadarmo, trial nechceme): http://www.malwarebytes.org/mwb-download/

Nainstaluj, na poslední stránce instalátoru nezapomeň odškrtnout možnost: Povolit bezplatnou zkušební verzi...

Po spuštění se aplikace aktualizuje, poté zvol v horní liště Sken -> vyber Vlastní sken a klikni na Skenovat nyní

Objeví se okno Konfigurace vlastního skenu - vyber všechny disky/diskové oddíly (kromě mechaniky, čtečky,...), v levé liště zatrhni Hledat rootkity a klikni na Spustit sken

Po dokončení skenu klikni na tlačítko Exportovat záznam, log ulož a jeho obsah vlož sem.

Všechny nálezy dej mezitím do karantény.

KaitenTsuki · Příspěvekod **KaitenTsuki** » 15 dub 2015 18:26

Bohužel se mi nedaří program nainstalovat při instalaci hlásí tuto chybu :
http://imgur.com/7wa2ThF

mople71 · Příspěvekod **mople71** » 15 dub 2015 18:53

Moje chyba.

Mezitím si prosím stáhni FRST: http://www.bleepingcomputer.com/downloa ... ool/dl/81/

Ulož na Plochu, spusť jako Správce, potvrď licenci a klikni na tlačítko Scan. Vše ponech v základním nastavení, nic nezatrhávej.

Po dokončení skenu na tebe vyjedou dva logy, oba sem prosím zkopíruj.

KaitenTsuki · Příspěvekod **KaitenTsuki** » 15 dub 2015 19:24

Po dokončení skenu to oznámí že byl uložen log FRST.txt v místě kde je uložen program ale žádný textový dokument na ploše není :/

Příspěvekod **Orcus** » 16 dub 2015 11:35

FRST necháme na později, nejprve je potřeba použít CF.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.

Otravné přesměrování a reklamy Vyřešeno

Otravné přesměrování a reklamy Vyřešeno

Re: Otravné přesměrování a reklamy

Re: Otravné přesměrování a reklamy

Re: Otravné přesměrování a reklamy

Re: Otravné přesměrování a reklamy

Re: Otravné přesměrování a reklamy

Re: Otravné přesměrování a reklamy

Re: Otravné přesměrování a reklamy

Re: Otravné přesměrování a reklamy

Re: Otravné přesměrování a reklamy

Kdo je online