Nechcene stiahnutie Mystartsearch a nasledne problemy

farba11 · Příspěvekod **farba11** » 30 srp 2015 18:20

Dobry den,

z netu som si stiahol program "My phone explorer" a s nim sa mi svojvolne stiahol "Mystartsearch", ktory sa automaticky ulozil ako domovska stranka, nasledne sa stiahla nejaka hra a prehliadac opera. Potom sa zacali objavovat programy na zrychlenie pocitaca a podobne. Samozrejme Avast zacal kazdu chvilu pipat, ze zabranil skodlivemu suboru a podobne. Operu sa mi podarilo odinstalovat, ale pri kazdom spusteni prehliadaca sa ozyva Avast a som z toho naozaj nervozny. Avast mi ohlasil ROOTKIT a doporucil celkovy scan systemu po restarte pocitaca. Restartoval som, Scan sa spustil a po chvili mi vypisal subor nsh9c28.tmp je infikovany virusom "win32:Adware-gen (adw). Nasledne som mal moznost vyberu z viacerych moznosti tak som dal "opravit automaticky vsetky" ale neskor ked opat nieco nasiel (zial som si uz nenapisal co) ma upozornil, ze to je sucast Windows a ci som si isty co s tym urobit. Kedze sa v tom nevyznam co mozem a co nemozem dat odstranit tak som test ukoncil a pocitac sa korektne nastartoval a doteraz asi po 5 hodinach na nete Avast nic nehlasil. Pouzivam Google Chrome. Mozte mi prosim pomoct, aby sa to neopakovalo a ci je mozne zabranit nezelanym instalaciam pri stiahnuti nejakeho softveru ? Vopred Vam velmi pekne dakujem.

S pozdravom

Martin Farba

Reklama

Příspěvekod **Pic** » 30 srp 2015 18:39

Musíš sem vložit log z programu HiJackThis. Přečti si návod. Bez toho zde nikdo z odborníků neporadí.

farba11 · Příspěvekod **farba11** » 30 srp 2015 20:00

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:59:25, on 30.08.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\KROS\ALFA plus\!System\ALFAplus.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\FreeCommander\FreeCommander.exe
C:\Users\IMS\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=CMDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.bing.com?pc=CMDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Obrazovková spinka a spúšťač programu OneNote 2010.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: ALFA plus - rýchle spustenie.lnk = C:\Program Files (x86)\KROS\ALFA plus\!System\ALFAplus.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files (x86)\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9CB7B51-FC22-48DE-84CD-D69F8786DAD8}: NameServer = 217.73.17.2,217.73.16.2
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: ShrewSoft DNS Proxy Daemon (dtpd) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - KROS_20400 (FirebirdServerKROS_20400) - Firebird Project - C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: ShrewSoft IKE Daemon (iked) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\iked.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: ShrewSoft IPSEC Daemon (ipsecd) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Command Line Courier (myxohiki) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SSFK - TODO: <???> - C:\Program Files (x86)\SFK\SSFK.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14220 bytes

Příspěvekod **jaro3** » 30 srp 2015 20:06

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

farba11 · Příspěvekod **farba11** » 30 srp 2015 20:48

# AdwCleaner v5.004 - Logfile created 30/08/2015 at 20:32:51
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : IMS - IMS-HP8W72
# Running from : C:\Users\IMS\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : SSFK

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Music Toolbar
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\SFK
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\wincert
Folder Found : C:\Users\IMS\AppData\Local\imeshmusicboxtoolbarha
Folder Found : C:\Users\IMS\AppData\LocalLow\Delta
Folder Found : C:\Users\IMS\AppData\LocalLow\imeshmusicboxtoolbarha
Folder Found : C:\Users\IMS\AppData\Roaming\AnyProtectEx
Folder Found : C:\Users\IMS\AppData\Roaming\Music Toolbar
Folder Found : C:\Users\IMS\AppData\Roaming\Systweak
Folder Found : C:\Users\IMS\AppData\Roaming\mystartsearch
Folder Found : C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\imeshmusicboxtoolbarha
Folder Found : C:\Users\IMS\Desktop\hosts

***** [ Files ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Found : C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
File Found : C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
File Found : C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\invalidprefs.js
File Found : C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\searchplugins\Ask.xml
File Found : C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\searchplugins\ask-web-search.xml
File Found : C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\searchplugins\mystartsearch.xml
File Found : C:\Users\IMS\Desktop\Continue Live Installation.lnk
File Found : C:\Users\IMS\Desktop\Live PC Help.lnk
File Found : C:\Windows\Sysnative\roboot64.exe

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : ASP

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKLM\SOFTWARE\Classes\iMeshIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\iMeshIEHelper.DNSGuard.1
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\DAILYPCCLEAN
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\mystartsearchSoftware
Key Found : HKLM\SOFTWARE\IHProtect
Key Found : HKLM\SOFTWARE\FFPluginHp
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\APN DTX
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\DAILYPCCLEAN
Data Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs] - hxxp://www1.delta-search.com/?babsrc=NT ... 6&tsp=4982
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Found : HKU\S-1-5-21-3223069636-60981921-3084265210-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-3223069636-60981921-3084265210-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Data Found : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" hxxp://www.mystartsearch.com/?type=sc&t ... S_Z2A7VPEQ

***** [ Web browsers ] *****

[C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Found : user_pref("browser.search.searchengine.alias", "mystartsearch");
[C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Found : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Found : user_pref("browser.search.searchengine.name", "mystartsearch");
[C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Found : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1440685670&z=585aaa353e1d991423ee672gfzcz4efq5bdw5wcw1o&from=cmi&uid=ST3500413AS_Z2A7VPEQ&q={searchTerms}");
[C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Found : user_pref("extensions.quick_start.enable_search1", false);
[C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Found : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
[C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mystartsearch
[C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Found : hxxp://www.mystartsearch.com/webfavicon.ico
[C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}","usage_count":0}},"extensions":{"settings":{"aaaaihhnfnbnpbhpagnmoplpcjbediml":{"ack_external":true,"active_permissions":{"api":["nativeMessaging"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.ask.com/
[C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.mystartsearch.com/?type=hp&t ... S_Z2A7VPEQ

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [11813 bytes] ##########

Příspěvekod **jaro3** » 30 srp 2015 22:12

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

farba11 · Příspěvekod **farba11** » 30 srp 2015 22:56

# AdwCleaner v5.004 - Logfile created 30/08/2015 at 22:43:51
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : IMS - IMS-HP8W72
# Running from : C:\Users\IMS\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : IHProtect Service
[-] Service Deleted : SSFK

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\AnyProtectEx
[-] Folder Deleted : C:\Program Files (x86)\ASP
[-] Folder Deleted : C:\Program Files (x86)\Music Toolbar
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\Program Files (x86)\RCP
[#] Folder Deleted : C:\Program Files (x86)\SFK
[-] Folder Deleted : C:\Program Files (x86)\MiniLite
[-] Folder Deleted : C:\ProgramData\Babylon
[+] Folder Deleted : C:\ProgramData\BitGuard
[+] Folder Deleted : C:\ProgramData\Browser Manager
[+] Folder Deleted : C:\ProgramData\BrowserProtect
[-] Folder Deleted : C:\ProgramData\Systweak
[-] Folder Deleted : C:\ProgramData\wincert
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
[-] Folder Deleted : C:\Users\IMS\AppData\Local\imeshmusicboxtoolbarha
[-] Folder Deleted : C:\Users\IMS\AppData\LocalLow\Delta
[-] Folder Deleted : C:\Users\IMS\AppData\LocalLow\imeshmusicboxtoolbarha
[-] Folder Deleted : C:\Users\IMS\AppData\Roaming\AnyProtectEx
[-] Folder Deleted : C:\Users\IMS\AppData\Roaming\Music Toolbar
[-] Folder Deleted : C:\Users\IMS\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\IMS\AppData\Roaming\mystartsearch
[-] Folder Deleted : C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\imeshmusicboxtoolbarha
[#] Folder Deleted : C:\Users\IMS\Desktop\hosts

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
[-] File Deleted : C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
[-] File Deleted : C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
[-] File Deleted : C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\invalidprefs.js
[-] File Deleted : C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\searchplugins\Ask.xml
[-] File Deleted : C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\searchplugins\ask-web-search.xml
[-] File Deleted : C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\searchplugins\mystartsearch.xml
[-] File Deleted : C:\Users\IMS\Desktop\Continue Live Installation.lnk
[-] File Deleted : C:\Users\IMS\Desktop\Live PC Help.lnk
[-] File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk
[-] File Deleted : C:\Users\Public\Desktop\Advanced System~Protector.lnk
[-] File Deleted : C:\Windows\Sysnative\roboot64.exe
[-] File Deleted : C:\Windows\Sysnative\sasnative64.exe

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\IMS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\IMS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : APSnotifierPP1
[-] Task Deleted : APSnotifierPP2
[-] Task Deleted : APSnotifierPP3
[-] Task Deleted : RegClean Pro
[-] Task Deleted : RegClean Pro_DEFAULT
[-] Task Deleted : RegClean Pro_UPDATES
[-] Task Deleted : Advanced System~Protector
[-] Task Deleted : Advanced System~Protector_startup

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Key Deleted : HKCU\Software\Mozilla\Extends
[-] Key Deleted : HKLM\SOFTWARE\Classes\iMeshIEHelper.DNSGuard
[-] Key Deleted : HKLM\SOFTWARE\Classes\iMeshIEHelper.DNSGuard.1
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
[-] Key Deleted : HKCU\Software\AnyProtect
[-] Key Deleted : HKCU\Software\APN DTX
[-] Key Deleted : HKCU\Software\Imesh
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKLM\SOFTWARE\DataMngr
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
[-] Key Deleted : HKLM\SOFTWARE\IHProtect
[-] Key Deleted : HKLM\SOFTWARE\FFPluginHp
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[!] Key Not Deleted : [x64] HKCU\Software\AnyProtect
[!] Key Not Deleted : [x64] HKCU\Software\APN DTX
[!] Key Not Deleted : [x64] HKCU\Software\Imesh
[!] Key Not Deleted : [x64] HKCU\Software\systweak
[!] Key Not Deleted : [x64] HKCU\Software\Tutorials
[!] Key Not Deleted : [x64] HKCU\Software\TutoTag
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[!] Data Not Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[!] Key Not Deleted : HKU\S-1-5-21-3223069636-60981921-3084265210-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : HKU\S-1-5-21-3223069636-60981921-3084265210-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command []

***** [ Web browsers ] *****

[-] [C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.alias", "mystartsearch");
[-] [C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[-] [C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.name", "mystartsearch");
[-] [C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1440685670&z=585aaa353e1d991423ee672gfzcz4efq5bdw5wcw1o&from=cmi&uid=ST3500413AS_Z2A7VPEQ&q={searchTerms}");
[-] [C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
[-] [C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.mystartsearch.com/webfavicon.ico
[-] [C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.mystartsearch.com/web/?type= ... 2A7VPEQ&q={searchTerms}
[-] [C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.mystartsearch.com/?type=hp&t ... S_Z2A7VPEQ
[-] [C:\Users\IMS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hp&t ... S_Z2A7VPEQ

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13873 bytes] ##########

farba11 · Příspěvekod **farba11** » 31 srp 2015 07:47

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 7 Professional x64
Ran by IMS on 31.08.2015 at 7:41:19,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Successfully deleted: [Service] jimocoso [Reboot required]
Successfully deleted: [Service] myxohiki [Reboot required]
Successfully deleted: [Service] totyseku [Reboot required]

~~~ Tasks

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_ra_005010072

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

~~~ Files

Successfully deleted: [File] C:\Users\IMS\Appdata\Local\nssC369.tmp
Successfully deleted: [File] C:\Users\IMS\Appdata\Local\nsx9E6C.tmp
Successfully deleted: [File] C:\Users\IMS\Appdata\Local\nsxE6A8.tmp
Successfully deleted: [File] C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

~~~ Folders

Failed to delete: [Folder] C:\Program Files (x86)\company
Failed to delete: [Folder] C:\Users\IMS\Appdata\Local\gmsd_ra_005010075 [Adware.EoRezo]
Successfully deleted: [Folder] C:\Program Files (x86)\gmsd_ra_005010075 [Adware.EoRezo]
Successfully deleted: [Folder] C:\ProgramData\datamngr
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\IMS\Appdata\LocalLow\datamngr
Successfully deleted: [Folder] C:\ProgramData\UWinManProU

~~~ FireFox

Successfully deleted: [File] C:\Users\IMS\AppData\Roaming\mozilla\firefox\profiles\u1wimdrs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Successfully deleted the following from C:\Users\IMS\AppData\Roaming\mozilla\firefox\profiles\u1wimdrs.default\prefs.js

user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, cmi);
user_pref(browser.search.searchengine.uid, ST3500413AS_Z2A7VPEQ);
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, en);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, 8cf80f44000000000000004f6a09567a);
user_pref(extensions.delta.instlDay, 15939);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.24.6);
user_pref(extensions.delta.vrsnTs, 1.8.24.67:26:22);
user_pref(extensions.delta.vrsni, 1.8.24.6);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=120692&tt=200813_246&tsp=4982);
user_pref(extensions.delta_i.srcExt, ss);
Emptied folder: C:\Users\IMS\AppData\Roaming\mozilla\firefox\profiles\u1wimdrs.default\minidumps [125 files]

~~~ Chrome

[C:\Users\IMS\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\IMS\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\IMS\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\IMS\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.08.2015 at 7:44:06,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

farba11 · Příspěvekod **farba11** » 31 srp 2015 08:21

Malwarebytes Anti-Malware
www.malwarebytes.org

Dátum skenovania: 31.08.2015
Scan ??as: 7:56
Logfile: Malwarebytes 31.8.2015.txt
Správca: áno

Verzia: 2.1.8.1057
Malware databázy: v2015.08.30.01
Rootkit databázy: v2015.08.16.01
Licencia: Zadarmo
Ochrana pred škodlivým softvérom: Telesne
Škodlivých webových stránok Ochrana: Telesne
Sebaobrany: Telesne

OS: Windows 7 Service Pack 1
CPU: x64
Systém súborov: NTFS
Používateľ: IMS

Typ skenu: Hrozba Scan
Výsledok: Dokon??ené
Objekty naskenované: 436796
Uplynulý ??as: 13 min, 29 sec

Pamäť: Povolené
Pri spustení: Povolené
Súborový systém: Povolené
Archív: Povolené
Rootkity: Telesne
Heuristiky: Povolené
ŠTEŇA: Povolené
VYKUROVAC: Povolené

Procesy: 1
PUP.Optional.MultiPlug, C:\Program Files (x86)\14799800-1440658405-11E0-0000-2C27D71F570B\knsk191.tmp, 2224, , [22d747c79dee46f08cd1316fa460f60a]

Moduly: 0
(Žiadne zákernej položky neboli zistené)

Kľú??e databázy Registry: 10
PUP.Optional.WProtectManager, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WdsManPro, , [50a9ec22a0ebb482d7706c27cc39817f],
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaihhnfnbnpbhpagnmoplpcjbediml, , [e316c945aedd7cbae983aecd21e3b24e],
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0307351F-B2D7-41F2-B44A-8AF7D9D90A18}, , [13e69777c7c46bcb1c542e4dd232f40c],
PUP.Optional.GamesDesktop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gmsd_ra_005010075_is1, , [2ecb6f9f6e1d95a14c34553b71931fe1],
PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [8e6b47c72962979ff3d35267897b8e72],
PUP.Optional.Hicosmea, HKU\S-1-5-21-3223069636-60981921-3084265210-1001_Classes\WOW6432NODE\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}, , [a554e02e4546a98dc516c8ab10f46c94],
PUP.Optional.Hicosmea, HKU\S-1-5-21-3223069636-60981921-3084265210-1001_Classes\WOW6432NODE\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}, , [c732927c7714b18511cb97dc0301dc24],
PUP.Optional.MusicBoxToolBar, HKU\S-1-5-21-3223069636-60981921-3084265210-1002\SOFTWARE\imeshmusicboxtoolbarha, , [a9505eb07b105fd79e01257b18ec1ce4],
PUP.Optional.Hicosmea, HKU\S-1-5-21-3223069636-60981921-3084265210-1002_Classes\WOW6432NODE\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}, , [b74243cbeba057dfffdcea89b84c6898],
PUP.Optional.Hicosmea, HKU\S-1-5-21-3223069636-60981921-3084265210-1002_Classes\WOW6432NODE\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}, , [03f64ec0b9d2db5b5785d89b8a7a23dd],

Hodnoty databázy Registry: 2
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaihhnfnbnpbhpagnmoplpcjbediml|path, C:\Users\IMS\AppData\Local\imeshmusicboxtoolbarha\GC\toolbar.crx, , [807997776f1c2c0a64045229a1636898]
PUP.Optional.Bandoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0307351f-b2d7-41f2-b44a-8af7d9d90a18}|AppPath, C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\GC, , [13e69777c7c46bcb1c542e4dd232f40c]

Údaje databázy Registry: 0
(Žiadne zákernej položky neboli zistené)

Prie??inky: 3
PUP.Optional.MultiPlug, C:\Program Files (x86)\14799800-1440658405-11E0-0000-2C27D71F570B, , [22d747c79dee46f08cd1316fa460f60a],
PUP.Optional.GamesDesktop, C:\Users\IMS\AppData\Local\gmsd_ra_005010075, , [6b8e46c81972f2441a5b9177758e6a96],
PUP.Optional.GamesDesktop, C:\Users\IMS\AppData\Local\gmsd_ra_005010075\gmsd_ra_005010075, , [6b8e46c81972f2441a5b9177758e6a96],

Súbory: 12
PUP.Optional.WProtectManager, C:\ProgramData\UWdsManProU\WdsManPro.exe, , [50a9ec22a0ebb482d7706c27cc39817f],
PUP.Optional.MyStartSearch.ShrtCln, C:\Users\IMS\AppData\Local\Temp\nsb44B1.tmp, , [e21721ed6427e6507ba46727e91c6d93],
PUP.Optional.AnyProtect, C:\Users\IMS\AppData\Local\Temp\nssC369.tmp, , [7d7c7599c4c76bcb14a62760907238c8],
PUP.Optional.InstallCore, C:\Users\IMS\Downloads\MovieBario_FM.exe, , [f009db333b500135b3f6bdd42cd97f81],
PUP.Optional.OpenCandy, C:\Users\IMS\Downloads\MyPhoneExplorer_Setup_1.8.1.exe, , [0ced7f8fd9b27bbb3f33453e22e31ce4],
PUP.Optional.OpenCandy, C:\Users\IMS\Downloads\InternationalPrimoPDF.exe, , [2bced935f794a096c4aee3a047be7f81],
PUP.Optional.MultiPlug, C:\Program Files (x86)\14799800-1440658405-11E0-0000-2C27D71F570B\knsk191.tmp, , [22d747c79dee46f08cd1316fa460f60a],
PUP.Optional.MultiPlug, C:\Program Files (x86)\14799800-1440658405-11E0-0000-2C27D71F570B\hnsiA381.tmp, , [22d747c79dee46f08cd1316fa460f60a],
PUP.Optional.MultiPlug, C:\Program Files (x86)\14799800-1440658405-11E0-0000-2C27D71F570B\jnsi8CA5.tmp, , [22d747c79dee46f08cd1316fa460f60a],
PUP.Optional.MultiPlug, C:\Program Files (x86)\14799800-1440658405-11E0-0000-2C27D71F570B\Uninstall.exe, , [22d747c79dee46f08cd1316fa460f60a],
PUP.Optional.DefaultProtectedSearch, C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js, Dobrá:)), Zlá:)defsearchp@gmail.com), ,[b841af5fb4d77eb87b3c326900052dd3]
PUP.Optional.DeskCut, C:\Users\IMS\AppData\Roaming\Mozilla\Firefox\Profiles\u1wimdrs.default\prefs.js, Dobrá:)), Zlá:)deskCutv2@gmail.com), ,[d0298e809af1cd69892fbfdc0ef7ea16]

Fyzický sektory: 0
(Žiadne zákernej položky neboli zistené)

(end)

Příspěvekod **jaro3** » 31 srp 2015 09:04

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Aktualizuj javu:
[url= http://www.oracle.com/technetwork/java/ ... 33155.html
]Java SE Runtime Environment 8[/url]

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-8-windows-i586-p.exe nebo
jre-8-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

farba11 · Příspěvekod **farba11** » 31 srp 2015 13:24

Dátum skenovania: 31.08.2015
Scan ??as: 13:07
Logfile: Malwarebytes 31.8.2015 cast 2.txt
Správca: áno

Verzia: 2.1.8.1057
Malware databázy: v2015.08.31.01
Rootkit databázy: v2015.08.16.01
Licencia: Zadarmo
Ochrana pred škodlivým softvérom: Telesne
Škodlivých webových stránok Ochrana: Telesne
Sebaobrany: Telesne

OS: Windows 7 Service Pack 1
CPU: x64
Systém súborov: NTFS
Používateľ: IMS

Typ skenu: Hrozba Scan
Výsledok: Dokon??ené
Objekty naskenované: 436892
Uplynulý ??as: 12 min, 37 sec

Pamäť: Povolené
Pri spustení: Povolené
Súborový systém: Povolené
Archív: Povolené
Rootkity: Telesne
Heuristiky: Povolené
ŠTEŇA: Povolené
VYKUROVAC: Povolené

Procesy: 0
(Žiadne zákernej položky neboli zistené)

Moduly: 0
(Žiadne zákernej položky neboli zistené)

Kľú??e databázy Registry: 0
(Žiadne zákernej položky neboli zistené)

Hodnoty databázy Registry: 0
(Žiadne zákernej položky neboli zistené)

Údaje databázy Registry: 0
(Žiadne zákernej položky neboli zistené)

Prie??inky: 0
(Žiadne zákernej položky neboli zistené)

Súbory: 0
(Žiadne zákernej položky neboli zistené)

Fyzický sektory: 0
(Žiadne zákernej položky neboli zistené)

(end)

farba11 · Příspěvekod **farba11** » 31 srp 2015 13:43

RogueKiller V10.10.3.0 (x64) [Aug 31 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : IMS [Administrator]
Started from : C:\Users\IMS\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 08/31/2015 13:40:50

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com?pc=CMDTDF -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com?pc=CMDTDF -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3223069636-60981921-3084265210-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=CMDTDF -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3223069636-60981921-3084265210-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=CMDTDF -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com?pc=CMDTDF -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3223069636-60981921-3084265210-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com?pc=CMDTDF -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3223069636-60981921-3084265210-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com?pc=CMDTDF -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3223069636-60981921-3084265210-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3223069636-60981921-3084265210-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 4 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 192.168.20.103 italmarketap
[C:\Windows\System32\drivers\etc\hosts] 192.168.1.103 gwdom.ims
[C:\Windows\System32\drivers\etc\hosts] 192.168.1.105 imap.ims

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500413AS +++++
--- User ---
[MBR] d75cb0757e4e6384a7d87e66367ae952
[BSP] f1c0716855ad41bf4673131cd72d6e8f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 469534 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 961812480 | Size: 7304 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Nechcene stiahnutie Mystartsearch a nasledne problemy

Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Re: Nechcene stiahnutie Mystartsearch a nasledne problemy

Kdo je online