Prosím o kontrolu, čínská stránka Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43051
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod jaro3 » 21 kvě 2019 18:43

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

Máš mít vše vypnuté před skenem..

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\sharepoint.com -> hxxps://suall-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\123simsen.com -> www.123simsen.com

There are 7934 more sites.
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15621 more lines.
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {13A9DB25-F1AE-4E0F-B9AF-DA3287E875E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-23] (Google Inc -> Google Inc.)
Task: {67A20380-AB2F-401D-ABEB-1446F6430F89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-23] (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
C:\ProgramData\Lavasoft
C:\Program Files (x86)\Lavasoft
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy

EmptyTemp:
Hosts:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
AlePet
nováček
Příspěvky: 31
Registrován: květen 19
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod AlePet » 21 kvě 2019 19:41

Když kliknu na Fix, tak se mi objeví hláška, že nevím co dělám, a proto se program zavře. Co s tím?

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43051
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod jaro3 » 21 kvě 2019 19:58

Soubor frst.exe a fixlist.txt musí být na ploše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

AlePet
nováček
Příspěvky: 31
Registrován: květen 19
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod AlePet » 21 kvě 2019 20:17

Jsou na ploše.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43051
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod jaro3 » 21 kvě 2019 20:36

samostatně? Nemáš něco ve složce? Fixlist je správně?

vlož sem obrázek , co to píše ( jako přílohu).
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

AlePet
nováček
Příspěvky: 31
Registrován: květen 19
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod AlePet » 21 kvě 2019 21:42

► Zobrazit spoiler

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43051
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod jaro3 » 21 kvě 2019 21:48

Upravil jsem script výše , zkus to znovu s novým fixlistem. Postup stejný.

//obrázky vkládej sem jako přílohu. Chtěl jsem vložit obsah toho fixlistu
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

AlePet
nováček
Příspěvky: 31
Registrován: květen 19
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod AlePet » 22 kvě 2019 09:54

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by Alenka v říši divů (22-05-2019 09:48:21) Run:1
Running from C:\Users\Alenka v říši divů\Desktop
Loaded Profiles: Alenka v říši divů (Available Profiles: Alenka v říši divů & petre)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\sharepoint.com -> hxxps://suall-files.sharepoint.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3504179015-840285602-4212699369-1001\...\123simsen.com -> www.123simsen.com

There are 7934 more sites.
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15621 more lines.
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {13A9DB25-F1AE-4E0F-B9AF-DA3287E875E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-23] (Google Inc -> Google Inc.)
Task: {67A20380-AB2F-401D-ABEB-1446F6430F89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-02-23] (Google Inc -> Google Inc.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
C:\ProgramData\Lavasoft
C:\Program Files (x86)\Lavasoft
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy

EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com => removed successfully
There are 7934 more sites. => Error: No automatic fix found for this entry.
127.0.0.1 www.007guard.com => Error: No automatic fix found for this entry.
127.0.0.1 007guard.com => Error: No automatic fix found for this entry.
127.0.0.1 008i.com => Error: No automatic fix found for this entry.
127.0.0.1 www.008k.com => Error: No automatic fix found for this entry.
127.0.0.1 008k.com => Error: No automatic fix found for this entry.
127.0.0.1 www.00hq.com => Error: No automatic fix found for this entry.
127.0.0.1 00hq.com => Error: No automatic fix found for this entry.
127.0.0.1 010402.com => Error: No automatic fix found for this entry.
127.0.0.1 www.032439.com => Error: No automatic fix found for this entry.
127.0.0.1 032439.com => Error: No automatic fix found for this entry.
127.0.0.1 www.0scan.com => Error: No automatic fix found for this entry.
127.0.0.1 0scan.com => Error: No automatic fix found for this entry.
127.0.0.1 1000gratisproben.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1000gratisproben.com => Error: No automatic fix found for this entry.
127.0.0.1 1001namen.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1001namen.com => Error: No automatic fix found for this entry.
127.0.0.1 100888290cs.com => Error: No automatic fix found for this entry.
127.0.0.1 www.100888290cs.com => Error: No automatic fix found for this entry.
127.0.0.1 www.100sexlinks.com => Error: No automatic fix found for this entry.
127.0.0.1 100sexlinks.com => Error: No automatic fix found for this entry.
127.0.0.1 10sek.com => Error: No automatic fix found for this entry.
127.0.0.1 www.10sek.com => Error: No automatic fix found for this entry.
127.0.0.1 www.1-2005-search.com => Error: No automatic fix found for this entry.
127.0.0.1 1-2005-search.com => Error: No automatic fix found for this entry.
127.0.0.1 123fporn.info => Error: No automatic fix found for this entry.
127.0.0.1 www.123fporn.info => Error: No automatic fix found for this entry.
127.0.0.1 123haustiereundmehr.com => Error: No automatic fix found for this entry.
127.0.0.1 www.123haustiereundmehr.com => Error: No automatic fix found for this entry.
127.0.0.1 123moviedownload.com => Error: No automatic fix found for this entry.
127.0.0.1 www.123moviedownload.com => Error: No automatic fix found for this entry.
There are 15621 more lines. => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate => removed successfully
HKLM\System\CurrentControlSet\Services\gupdate => removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem => removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13A9DB25-F1AE-4E0F-B9AF-DA3287E875E2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13A9DB25-F1AE-4E0F-B9AF-DA3287E875E2}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{67A20380-AB2F-401D-ABEB-1446F6430F89}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67A20380-AB2F-401D-ABEB-1446F6430F89}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-3504179015-840285602-4212699369-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => removed successfully
C:\ProgramData\Lavasoft => moved successfully
C:\Program Files (x86)\Lavasoft => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21072518 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2077227 B
Edge => 1110883 B
Chrome => 5682071 B
Firefox => 0 B
Opera => 469560296 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 21646 B
LocalService => 0 B
NetworkService => 14524 B
NetworkService => 0 B
Alenka v říši divů => 4886091 B
petre => 60469 B

RecycleBin => 0 B
EmptyTemp: => 491.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:49:09 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43051
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod jaro3 » 22 kvě 2019 18:19

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

AlePet
nováček
Příspěvky: 31
Registrován: květen 19
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod AlePet » 22 kvě 2019 19:25

Ano, stále se mi při spuštění nabízí otevřít soubor/ stránku.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43051
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod jaro3 » 22 kvě 2019 19:37

Deaktivuj si rezidenční štíty u svého antiviru i Windows Defenderu, nejlépe až do restartu PC.
Stáhni si AdsFix
http://www.telecharger.sosvirus.net/download/quickdiag/
nebo:
https://toolslib.net/downloads/viewdownload/20-adsfix/

klikni na „Télécharger“. A ulož si soubor na svojí plochu.
Poznámka: Ulož si svojí práci před pokračováním!
Zavři všechny ostatní programy a prohlížeče.
Spusť AdsFix.exe poklepáním ( u Windows Vista/7/8/8.1/10, klikni pravým myšítkem a z nabídky vyber "spustit jako správce")
Pro silně infikovaný PC to může trvat několik sekund, než se program spustí.
Nástroj se spustí a zobrazí se, vyhledávání a inicializace jejich aktualizaci, zobrazí se funkce nástroje.
Chceš-li odemknout nástroj pro čištění počítače, klikni na tlačítko „Option“ ("Možnosti")

Objeví se okno ,klikni na tlačítko „Unlock the deletion“ ("Odblokovat")
Klikneš-li přímo na "Clean" bez možnosti odemknutí, ukáže Vám nástroj okno , abyste nejprve nástroj odblokovali.
Pokud nástroj zjistí, že váš antivirový je stále aktivní, objeví se okno označující, že byste ho měli zakázat před klepnutím na tlačítko "OK" pro pokračování čištění AdsFix.
Pak klikni na tlačítko „Clean“ (Vyčistit) poté , co se zveřejní možnosti.
Zadejte svou "Zemi", a potvrďte tlačítkem "OK"
Nástroj provede zálohu registru.
Obrazovka zmizí a nástroj začne pracovat ...
Při čištění, Tě může nástroj vyzvat k odstranění proxy, klepni na tlačítko "Delete".

Na konci čištění, se AdsFix zeptá, zda: chceš nechat zprávu odeslat do Infekční laboratoře k analýze? .... Klikni na "OK" to umožní aktualizovat nástroj..

Pro kompletní vyčištění,vás nástroj vyzve k restartování počítače, klepněte na tlačítko "OK".
Pak se PC restartuje.
Po spuštění PC se objeví zpráva na ploše.
Nicméně, pokud se zpráva neobjeví na ploše, nachází se také zde => C: \ AdsFix_[b](datum_hodina_minuta_).txt [/b]Bude to jen hostovat na upload.sosvirus a zveřejnění své zprávy na Virus fóru SOS.
Zkopíruj sem celý obsah té zprávy.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt

Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

AlePet
nováček
Příspěvky: 31
Registrován: květen 19
Pohlaví: Žena
Stav:
Offline

Re: Prosím o kontrolu, čínská stránka

Příspěvekod AlePet » 22 kvě 2019 21:53

---------- | AdsFix | g3n-h@ckm@n | V6_13.05.19.1

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 20:08:14 - 22/05/2019

update on : 13/05/2019 | 07:50 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Alenka v říši divů\Desktop\adsfix_V6_13.05.19.1.exe
Boot: Normal boot
[Alenka v říši divů (Administrator)] - [ALENKA-PC] - (the Czech Republic [0405])
SID = S-1-5-21-3504179015-840285602-4212699369-1001 || [416c656e6b61207620c599c3adc5a16920646976c5af205e5e]
PC : LENOVO - LNVNB161216 - LENOVO_MT_80XL_BU_idea_FM_ideapad 320-15IKB
Processor : X64 - 2712 - Intel(R) Core(TM) i3-7130U CPU @ 2.70GHz
Bios : LENOVO - 12/25/2017 - V.4WCN38WW
CoreTemp : ? C

CPU #1 value:0 %
CPU #2 value:-1 %
CPU #3 value:0 %
CPU #4 value:0 %
Total Overall CPU Usage value:0 %

System : Windows 10 Home (64 bits) Core
RAM memory = Total (MB) : 4066 | Free (MB) : 1892
Pagefile = Total (MB) : 5115 | Free (MB) : 2953
Virtual = Total (MB) : 4194 | Free (MB) : 3890

C:\ -> [Fixed] | [Windows] | Total : 237.23 Go | Free : 112.49 Go -> NTFS (SSD) [RAID]

Registry saved, to restore : Click on Options & Restore the registry (C:\AdsFix\Save\Registry [22.05.2019 @ 20_08_12]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates - Activation - License


W.A.T : :)

Test 1 : Windows Activated
Test 2 : Windows Activated

Volume License

---------- | Browsers

IE : 11.0.17134.1 (© Microsoft Corporation. Všechna práva vyhrazena.)
GC : 74.0.3729.157 (Copyright 2018 Google Inc. All rights reserved.)
MS-Edge : 11.0.17134.765 (© Microsoft Corporation. All rights reserved.)

---------- | Security

AV : Malwarebytes Enabled
FW :
WMI : OK
WU: Windows Update Service [Manual(3)] = Started
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 32.0.0.192

---------- | Killed processes

2496 | [Owner : SYSTEM | Parent : 764 (services.exe)] - (.AVAST Software - Avast Service.) - (19.5.4444.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe
3828 | [Owner : SYSTEM | Parent : 764 (services.exe)] - (.ELAN Microelectronics Corp. - Elan Service.) - (11.11.0.0) = C:\Program Files\Elantech\ETDService.exe
3836 | [Owner : SYSTEM | Parent : 764 (services.exe)] - (.AVAST Software - Avast Cleanup Service.) - (17.3.4228.0) = C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
3844 | [Owner : SYSTEM | Parent : 764 (services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.11601.20184) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
8628 | [Owner : SYSTEM | Parent : 764 (services.exe)] - (.Dolby Laboratories, Inc. - DolbyDAX2API.) - (0.8.8.87) = C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
812 | [Owner : SYSTEM | Parent : 764 (services.exe)] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.) - (1.1.18.1) = C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
5092 | [Owner : Alenka v říši divů | Parent : 3828 ()] - (.ELAN Microelectronics Corp. - ETD Control Center.) - (11.94.4.9) = C:\Program Files\Elantech\ETDCtrl.exe
8356 | [Owner : Alenka v říši divů | Parent : 764 (services.exe)] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe
8348 | [Owner : Alenka v říši divů | Parent : 764 (services.exe)] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe
8540 | [Owner : Alenka v říši divů | Parent : 5092 ()] - (.ELAN Microelectronics Corp. - ETD Control Center Helper.) - (11.26.0.0) = C:\Program Files\Elantech\ETDCtrlHelper.exe
3732 | [Owner : Alenka v říši divů | Parent : 812 (Lenovo.Modern.ImController.exe)] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
3868 | [Owner : Alenka v říši divů | Parent : 812 (Lenovo.Modern.ImController.exe)] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
10908 | [Owner : Alenka v říši divů | Parent : 812 (Lenovo.Modern.ImController.exe)] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
11020 | [Owner : Alenka v říši divů | Parent : 764 (services.exe)] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe
11164 | [Owner : Alenka v říši divů | Parent : 812 ()] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
5728 | [Owner : SYSTEM | Parent : 812 ()] - (.Lenovo Group Ltd. - Lenovo.Modern.ImController.PluginHost.) - (1.1.18.1) = C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe

---------- | Tasks

Deleted successfully : AMHelper


---------- | Services

Restored : BROWSER

---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\WINDOWS\System32\dnsapi.dll : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot

Repaired : [HKLM | Minimal\WudfSvc] : -> Service
Repaired : [HKLM | Minimal\vga.sys] : -> Driver
Repaired : [HKLM | Minimal\vgasave.sys] : -> Driver

¤

Repaired : [HKLM | Network\WudfSvc] : -> Service
Repaired : [HKLM | Network\vga.sys] : -> Driver
Repaired : [HKLM | Network\vgasave.sys] : -> Driver

---------- | Winsock


---------- | DNS


---------- | Registry

Deleted successfully : HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\iobit.com
Deleted successfully : HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.iobit.com
Deleted successfully : HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\iobit.com
Deleted successfully : HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.iobit.com
Deleted successfully : HKLM\SOFTWARE\Classes\.sds : Spybot2.SDSFile
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\.sdsb : Spybot2.SDSBFile
Deleted successfully : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]~[HostAppService.exe]
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AntiMalware
Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Spybot - Search & Destroy 2
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TuneupSvc_RASAPI32
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\TuneupSvc_RASMANCS
Deleted successfully : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Users\Alenka v říši divů\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe]
Deleted successfully : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\Spybot Anti-Beacon\SDCutTheLine.exe]
Deleted successfully : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\IObit\Advanced SystemCare\StartupInfo.exe]
Deleted successfully : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\IObit\Advanced SystemCare\unins000.exe]
Deleted successfully : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]~[C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe]
Deleted successfully : HKU\S-1-5-18\SOFTWARE\IObit
Deleted successfully : HKU\S-1-5-18\SOFTWARE\Safer Networking Limited
Deleted successfully : HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Chromium
Deleted successfully : HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\IObit
Deleted successfully : HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Safer Networking Limited
Deleted successfully : HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\TuneUp
Deleted successfully : HKLM\SOFTWARE\PC-Doctor
Deleted successfully : HKLM\SOFTWARE\Safer Networking Limited
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\IObit
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Safer Networking Limited
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\TuneUp
Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]~[c:\Windows\system32\msvcr100.dll] [X]
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{96f2c180-62a4-4e9c-bd19-395648040610} : (Web Companion) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe --uninstall
Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking

---------- | Folders | Files

Deleted successfully : C:\Program Files (x86)\IObit
Deleted successfully : C:\Program Files (x86)\Common Files\IObit
Deleted successfully : C:\Users\petre\AppData\LocalLow\IObit
Deleted successfully : C:\Users\petre\AppData\Roaming\IObit
Reboot : C:\Users\Alenka v říši divů\AppData\LocalLow\IObit
Reboot : C:\Users\Alenka v říši divů\AppData\Roaming\IObit
Deleted successfully : C:\Users\Alenka v říši divů\AppData\Roaming\PCDr
Reboot : C:\ProgramData\IObit
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
Deleted successfully : C:\Users\Alenka v říši divů\AppData\Roaming\IObit\IObit Uninstaller
Deleted successfully : C:\ProgramData\IObit\IObitRtt
Deleted successfully : C:\Users\Alenka v říši divů\Desktop\AntiMalware_Setup.exe (Copyright 2017 .-.Advanced Malware Protection )
Deleted successfully : C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\Databases\https_www.slunecnice.cz_0\1 (.-.)
Deleted successfully : C:\Users\Alenka v říši divů\Downloads\undefined.ics (.-.)
Deleted successfully : C:\ProgramData\IObit\iobitpromotion.ini (.-.)
Deleted successfully : C:\WINDOWS\IObit

---------- | .LNK


---------- | opening unknown extension


---------- | Proxy


---------- | Internet Explorer

Repaired : [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm
Repaired : [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : %11%\blank.htm -> C:\WINDOWS\System32\blank.htm
Repaired : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : -> 2
Repaired : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : -> 1
Repaired : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] : -> 1
Repaired : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] : -> 1
Repaired : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0
Repaired : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... ->
Repaired : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[SavedLegacySettings] : 0x46000000..... ->
Repaired : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... ->
Repaired : [HKU\S-1-5-21-3504179015-840285602-4212699369-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings\Connections]~[DefaultConnectionSettings] : 0x46000000..... ->

---------- | Yandex : X

---------- | CLIQZ : X

---------- | Google Chrome

Deleted successfully : C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences

C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm = : __MSG_extShortDesc__ - name: uBlock Origin - short_name: uBlock₀ - permissions:[contextMenusprivacystoragetabsunlimitedStoragewebNavigationwebRequestwebRequestBlocking\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : __MSG_avastAppDesc__ - __MSG_avastAppShortName__ - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\gcbommkclmclpchllfjekcdonpmejbdp = : __MSG_about_ext_description__ - __MSG_about_ext_name__ - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\gojamcfopckidlocpkbelmpjcgmbgjcl = : Block coin miners using your computer ressources without your consent. - No Coin - Block miners on the web! - permissions:[activeTabtabs\u003Call_urls>webRequestwebRequestBlocking] - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Alenka v říši divů\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\eofcbnmajmjmplflapaojjnihcjkigck = : __MSG_avastAppDesc__ - __MSG_avastAppName__ - https://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegieacbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\petre\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

---------- | Comodo Dragon : X

---------- | Firefox : X

---------- | SeaMonkey : X

---------- | Pale moon : X

---------- | Opera


C:\Users\Alenka v říši divů\AppData\Roaming\Opera Software\Opera Stable\extensions\kccohkcpppjjkkjppopfnflnebibpida = : __MSG_extShortDesc__ - name: uBlock Origin - default_title: __MSG_statsPageName__ - permissions:[contextMenusprivacystoragetabsunlimitedStoragewebNavigationwebRequestwebRequestBlocking\u003Call_urls>] - https://extension-updates.opera.com/api/omaha/update/

---------- | Spark : X

---------- | StartMenuInternet


---------- | Javascript


---------- | Firewall

Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1


Other(s) report(s)


Analyzed : 159063 | Modified : 12 | Deleted : 54

---------- |EOF| ---------- | 21:48:30 | [22 Ko]


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti