prosím o kontrolu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

kesudj
Level 2.5
Level 2.5
Příspěvky: 309
Registrován: listopad 12
Pohlaví: Muž

prosím o kontrolu

Příspěvekod kesudj » 01 úno 2020 12:18

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:14:16, on 01.02.2020
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)

FIREFOX: 47.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\pavel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\DTHtml.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
C:\Users\pavel\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID= ... 824D70613B
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK13/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files (x86)\real\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
O4 - HKLM\..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
O4 - HKLM\..\Run: [BATINDICATORHL] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
O4 - HKLM\..\Run: [OSDTool] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WSVCUUpdateHelper.exe] C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\WSVCUUpdateHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealDownloader] c:\program files (x86)\real\RealDownloader\downloader2.exe
O4 - HKCU\..\Run: [BingSvc] C:\Users\pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\pavel\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.717\SSScheduler.exe
O4 - Global Startup: RealTimes.lnk = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ExpressCache - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: myradioplayerV2 - Unknown owner - C:\Program Files (x86)\myradioplayer\myradioplayer.Service.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - RealNetworks, Inc. - C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: RealTimes Desktop Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Wondershare Video Converter Ultimate(CPC)\Transfer\DriverInstall.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 15419 bytes



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40449
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod jaro3 » 01 úno 2020 20:10

Odinstaluj:
McAfee Security Scan

Stáhni si ATF Cleaner
https://www.majorgeeks.com/mg/getmirror ... ner,2.html
Poklepej na ATF Cleaner.exe, klikni na select all, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/
pro majitele win7 stáhni zde:
https://filehippo.com/download_adwcleaner/ ( nedávej aktualizaci!)

Ulož si ho na svojí plochu . Klikni na „Souhlasím“ k povrzení podmínek.
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Skenování“
Po skenu se objeví log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware na plochu , nainstaluj a spusť ho
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Spustit skenování
- po proběhnutí skenu se ti objeví hláška vpravo dole, tak klikni na Zobrazit zprávu a vyber Export a vyber Kopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází v programu po kliknutí na „Zprávy“ , nebo je uložen zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

kesudj
Level 2.5
Level 2.5
Příspěvky: 309
Registrován: listopad 12
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod kesudj » 02 úno 2020 10:22

McAfee securitym scan jsem nikde nenašel
tady je log
# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-02-2020
# Duration: 00:00:41
# OS: Windows 10 Home
# Scanned: 34824
# Detected: 154


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Ask C:\Program Files (x86)\AskPartnerNetwork
PUP.Optional.Ask C:\ProgramData\AskPartnerNetwork
PUP.Optional.Ask C:\Users\pavel\AppData\Local\AskPartnerNetwork
PUP.Optional.Conduit.A C:\Users\pavel\AppData\Roaming\RHEng
PUP.Optional.Legacy C:\Program Files (x86)\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\Public\Documents\Downloaded Installers
PUP.Optional.Legacy C:\Users\pavel\AppData\LocalLow\Yahoo! Companion
PUP.Optional.Legacy C:\Users\pavel\AppData\LocalLow\Yahoo!\Companion
PUP.Optional.Legacy C:\Users\pavel\AppData\Local\SweetLabs App Platform
PUP.Optional.Legacy C:\Users\pavel\AppData\Roaming\Yahoo!\Companion
PUP.Optional.OpenCandy C:\Users\pavel\AppData\Roaming\OpenCandy
PUP.Optional.SlimCleanerPlus C:\Users\pavel\AppData\Local\slimware utilities inc
PUP.Optional.WebCompanion C:\ProgramData\Application Data\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\ProgramData\Lavasoft\Web Companion
PUP.Optional.WebCompanion C:\Users\pavel\AppData\Roaming\Lavasoft\Web Companion
Rogue.ForcedExtension C:\ProgramData\apn

***** [ Files ] *****

PUP.Optional.Legacy C:\END
PUP.Optional.Legacy C:\Program Files (x86)\Yahoo!\Common\unyt.exe
PUP.Optional.Legacy C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\extj07tc.default\invalidprefs.js
PUP.Optional.Legacy C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\extj07tc.default\searchplugins\bingp.xml
PUP.Optional.PCAppStore C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.pokki HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Adware.pokki HKCU\Software\Classes\Directory\shell\pokki
Adware.pokki HKCU\Software\Classes\Drive\shell\pokki
Adware.pokki HKCU\Software\Classes\lnkfile\shell\pokki
Adware.pokki HKCU\Software\Classes\pokki
Adware.pokki HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Pokki
Adware.pokki HKCU\Software\SweetLabs App Platform
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\banggood.com
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.banggood.com
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\banggood.com
PUP.Optional.Banggood HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.banggood.com
PUP.Optional.Conduit HKCU\Software\AppDataLow\Software\Conduit
PUP.Optional.Conduit HKCU\Software\Conduit
PUP.Optional.Conduit HKLM\Software\Wow6432Node\Conduit
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\Software\APN PIP
PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Smartbar
PUP.Optional.Legacy HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\chatango.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\rvshare.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s-usweb.dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\chatango.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\rvshare.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s-usweb.dotomi.com
PUP.Optional.Legacy HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{D8278076-BC68-4484-9233-6E7F1628B56C}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
PUP.Optional.Legacy HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy HKCU\Software\usyndication.com
PUP.Optional.Legacy HKLM\Software\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.Legacy HKLM\Software\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
PUP.Optional.Legacy HKLM\Software\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
PUP.Optional.Legacy HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ApnTBMon
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
PUP.Optional.Legacy HKLM\Software\Wow6432Node\Yahoo\Companion
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\Interface\{BD125908-5F10-409F-9C01-F2207CA18887}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Ext\Preapproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\plsvcv2
PUP.Optional.SaferBrowser HKLM\Software\Wow6432Node\Safer Technologies
PUP.Optional.SlimCleanerPlus HKLM\Software\Wow6432Node\SlimWare Utilities Inc
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
PUP.Optional.TheBrightTag HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com
PUP.Optional.WebBar HKCU\Software\AppDataLow\Toolbar
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Preinstalled.HPHealthCheck Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP HEALTH CHECK
Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Preinstalled.HPMediaSmart Folder C:\Program Files (x86)\HEWLETT-PACKARD\MEDIA\WEBCAM
Preinstalled.HPMediaSmart Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88244F43-2F10-4BE0-B54D-1C9373A035B0}
Preinstalled.HPMediaSmart Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MirageAgent
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Preinstalled.HPMediaSmart Task C:\Windows\System32\Tasks\MIRAGEAGENT
Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT INFORMATION
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\pavel\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\pavel\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FF27F674-821E-4BA2-985B-DDF539C2CD03}
Preinstalled.HPTouchSmartMyDisplay Folder C:\Program Files (x86)\Common Files\PORTRAIT DISPLAYS\DRIVERS
Preinstalled.HPTouchSmartMyDisplay Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP MY DISPLAY TOUCHSMART EDITION
Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Classes\CLSID\{8602BDD8-9780-4717-B89A-7F89AF75B2AB}
Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|DT HPO
Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{8602BDD8-9780-4717-B89A-7F89AF75B2AB}
Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|DT HPO
Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}
Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer_For_P2G8
Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLVirtualDrive
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer_For_P2G8
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLVirtualDrive
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Preinstalled.LenovoYouCam File C:\Users\Public\Desktop\CyberLink YouCam.lnk
Preinstalled.Pokki File C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

kesudj
Level 2.5
Level 2.5
Příspěvky: 309
Registrován: listopad 12
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod kesudj » 02 úno 2020 10:39

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 02.02.20
Čas skenování: 10:32
Logovací soubor: ee215f8e-459e-11ea-99dd-0025ab1da3a1.json

-Informace o softwaru-
Verze: 4.0.4.49
Verze komponentů: 1.0.810
Aktualizovat verzi balíku komponent: 1.0.18576
Licence: Bezplatná

-Systémová informace-
OS: Windows 10 (Build 18362.592)
CPU: x64
Systém souborů: NTFS
Uživatel: kesud\pavel

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 298061
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 5 min, 29 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40449
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod jaro3 » 02 úno 2020 17:35

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Skenování“ , po prohledání klikni na „ Čištění

Program provede opravu, po automatickém restartu klikni na „Log soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
https://downloads.malwarebytes.com/file/JRT-EOL
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.


Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/files/details ... _tool.html
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.
Pokud byly nalezeny viry , tak po skenu klikni na „Details…“ a potom na „View log file“. Zkopíruj celý log a vlož ho sem. Potom zavři „threat detail“ a klikni na „Start cleanup“.
Jinak se log nachází zde:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

další odkazy:
http://www.adlice.com/download/roguekiller/
http://www.bleepingcomputer.com/download/roguekiller/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

kesudj
Level 2.5
Level 2.5
Příspěvky: 309
Registrován: listopad 12
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod kesudj » 02 úno 2020 18:12

-----------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-02-2020
# Duration: 00:01:06
# OS: Windows 10 Home
# Cleaned: 48
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Not Deleted HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{D8278076-BC68-4484-9233-6E7F1628B56C}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.CyberLinkLabelPrint Folder C:\Program Files (x86)\CYBERLINK\LABELPRINT
Deleted Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted Preinstalled.CyberLinkLabelPrint Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{C59C179C-668D-49A9-B6EA-0121CCFC1243}
Deleted Preinstalled.CyberLinkShellExtension Registry HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Deleted Preinstalled.HPCleanFLC File C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
Deleted Preinstalled.HPHealthCheck Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP HEALTH CHECK
Deleted Preinstalled.HPHealthCheck Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Deleted Preinstalled.HPMediaSmart Folder C:\Program Files (x86)\HEWLETT-PACKARD\MEDIA\WEBCAM
Deleted Preinstalled.HPMediaSmart Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88244F43-2F10-4BE0-B54D-1C9373A035B0}
Deleted Preinstalled.HPMediaSmart Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MirageAgent
Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted Preinstalled.HPMediaSmart Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted Preinstalled.HPMediaSmart Task C:\Windows\System32\Tasks\MIRAGEAGENT
Deleted Preinstalled.HPRegistrationService Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted Preinstalled.HPRegistrationService Folder C:\ProgramData\HEWLETT-PACKARD\HP REGISTRATION SERVICE
Deleted Preinstalled.HPRegistrationService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}
Deleted Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP CUSTOMER FEEDBACK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT INFORMATION
Deleted Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\pavel\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\pavel\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}
Deleted Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{FF27F674-821E-4BA2-985B-DDF539C2CD03}
Deleted Preinstalled.HPTouchSmartMyDisplay Folder C:\Program Files (x86)\Common Files\PORTRAIT DISPLAYS\DRIVERS
Deleted Preinstalled.HPTouchSmartMyDisplay Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP MY DISPLAY TOUCHSMART EDITION
Deleted Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Classes\CLSID\{8602BDD8-9780-4717-B89A-7F89AF75B2AB}
Deleted Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|DT HPO
Deleted Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{8602BDD8-9780-4717-B89A-7F89AF75B2AB}
Deleted Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|DT HPO
Deleted Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}
Deleted Preinstalled.HPTouchSmartMyDisplay Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer_For_P2G8
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLVirtualDrive
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer_For_P2G8
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLVirtualDrive
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted Preinstalled.LenovoPowerDVD Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}
Deleted Preinstalled.LenovoYouCam File C:\Users\Public\Desktop\CyberLink YouCam.lnk
Deleted Preinstalled.Pokki File C:\Users\pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk
Deleted Preinstalled.WildTangentGamesBundle Folder C:\Program Files (x86)\WILDTANGENT GAMES


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [20961 octets] - [02/02/2020 10:18:06]
AdwCleaner[C00].txt - [13123 octets] - [02/02/2020 10:24:14]
AdwCleaner[S01].txt - [7737 octets] - [02/02/2020 18:01:29]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

kesudj
Level 2.5
Level 2.5
Příspěvky: 309
Registrován: listopad 12
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod kesudj » 02 úno 2020 18:27

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by pavel (Administrator) on 02.02.2020 at 18:18:03,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Program Files (x86)\safer technologies (Folder)

Deleted the following from C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\extj07tc.default\prefs.js
user_pref(CT2269050.1000082.isDisplayHidden, true);
user_pref(CT2269050.1000082.isPlayDisplay, true);
user_pref(CT2269050.1000082.state, {\state\:\stopped\,\text\:\Hotmix 108\,\description\:\Hotmix 108\,\url\:\hxxp://67.202.67.18:8082\});
user_pref(CT2269050.1000234.TWC_TMP_city, IRVINE);
user_pref(CT2269050.1000234.TWC_TMP_country, US);
user_pref(CT2269050.1000234.TWC_locId, CAXX0203);
user_pref(CT2269050.1000234.TWC_location, Irvine, Canada);
user_pref(CT2269050.1000234.TWC_region, US);
user_pref(CT2269050.1000234.TWC_temp_dis, f);
user_pref(CT2269050.1000234.TWC_wind_dis, mph);
user_pref(CT2269050.1000234.weatherData, {\icon\:\28.png\,\temperature\:\70°F\,\temperatureClear\:\70°F\,\highTemperature\:\70°F\,\lowTemperature\
user_pref(CT2269050.CBOpenMAMSettings.enc, MA==);
user_pref(CT2269050.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE, {\dataType\:\string\,\data\:\true\});
user_pref(CT2269050.FirstTime, true);
user_pref(CT2269050.FirstTimeFF3, true);
user_pref(CT2269050.InstallDate, 9/1/2013 21:08:44);
user_pref(CT2269050.LAST_CLIENT_STATS_SUBMIT_2.enc, MTM3MjIwOTg4MQ==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc, MTM3MjIwOTg5NQ==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, OQ==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc, MQ==);
user_pref(CT2269050.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc, Nw==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc, MTM3MjIxMDk0Mg==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc, MTM3MjIxMDE0Mg==);
user_pref(CT2269050.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc, MTM3MjIxMDg4Nw==);
user_pref(CT2269050.LoginRevertSettingsEnabled, true);
user_pref(CT2269050.PG_ENABLE, dHJ1ZQ==);
user_pref(CT2269050.PG_ENABLE.enc, dHJ1ZQ==);
user_pref(CT2269050.RevertSettingsEnabled, true);
user_pref(CT2269050.SF_JUST_INSTALLED.enc, RkFMU0U=);
user_pref(CT2269050.SF_STATUS.enc, RU5BQkxFRA==);
user_pref(CT2269050.SF_USER_ID.enc, Y2lkXzI1NjIwMTMxODI0MzE0OTUxMDU3);
user_pref(CT2269050.SearchAppState.enc, Mw==);
user_pref(CT2269050.SearchAppTracking.enc, c2VudA==);
user_pref(CT2269050.UserID, UN71002091920239924);
user_pref(CT2269050.acp_personal.appstate.enc, ZW5hYmxl);
user_pref(CT2269050.addressBarTakeOverEnabledInHidden, true);
user_pref(CT2269050.autoDisableScopes, -1);
user_pref(CT2269050.browser.search.defaultthis.engineName, true);
user_pref(CT2269050.cb_experience_000.enc, OTQ=);
user_pref(CT2269050.cb_firstuse0100.enc, MQ==);
user_pref(CT2269050.cb_user_id_000.enc, Q0I0NjYzNTk5ODc3NDFfMTM1ODIxNzIzMDM5M19GaXJlZm94);
user_pref(CT2269050.cbcountry_001.enc, VVM=);
user_pref(CT2269050.cbfirsttime.enc, VGh1IEphbiAxMCAyMDEzIDA1OjMyOjU0IEdNVC0wODAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp);
user_pref(CT2269050.countryCode, US);
user_pref(CT2269050.discover-periodic-reports.enc, eyJwaW5nXzAiOlsxMzcyMjEwNjk1ODUwLDE0NDAwMDAwXX0=);
user_pref(CT2269050.discover-user-id.enc, IjEwMGMxNTkzLTVlZDYtNDYxMy04NGI0LTRjNzQ4MzRlM2M5NSI=);
user_pref(CT2269050.embeddedsData, [{\appId\:\128834881989343895\,\apiPermissions\:{\crossDomainAjax\:true,\getMainFrameTitle\:true,\getMainFrameUrl\:true,\get
user_pref(CT2269050.enableAlerts, always);
user_pref(CT2269050.enableFix404ByUser, TRUE);
user_pref(CT2269050.firstTimeDialogOpened, true);
user_pref(CT2269050.fixPageNotFoundErrorByUser, TRUE);
user_pref(CT2269050.fixPageNotFoundErrorInHidden, true);
user_pref(CT2269050.fixUrls, true);
user_pref(CT2269050.fullUserID, UN71002091920239924.UP.20130626191243);
user_pref(CT2269050.ground-country-code.enc, IlVTIg==);
user_pref(CT2269050.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.PriceSparrowUuid.enc, MzNBNUEzMkMtMjU3OC00ODU5LTk0MUMtRjYxQzJGMTgwMjl
user_pref(CT2269050.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc, b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc
user_pref(CT2269050.installType, Unknown);
user_pref(CT2269050.isCheckedStartAsHidden, true);
user_pref(CT2269050.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT2269050.isFirstTimeToolbarLoading, false);
user_pref(CT2269050.isNewTabEnabled, true);
user_pref(CT2269050.isPerformedSmartBarTransition, true);
user_pref(CT2269050.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT2269050.keyword, true);
user_pref(CT2269050.lastVersion, 10.16.4.519);
user_pref(CT2269050.mam_gk_appStateReportTime, %B7%BA%B6%BA%B8%BA%B7%B9%BE%BF%B9%B7%BD);
user_pref(CT2269050.mam_gk_appStateReportTime.enc, MTQwNDI0MTM4OTMxNw==);
user_pref(CT2269050.mam_gk_appState_CouponBuddy.enc, b24=);
user_pref(CT2269050.mam_gk_appState_DealPly.enc, b24=);
user_pref(CT2269050.mam_gk_appsConfig.enc, eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJFYXN5dG9ib29rX3RhcmdldGVkIiwidXJsIjoiaHR0cDovL2NvbmQwMS5ldGJ4bWwuY29tL2NvbmR1aXRfYnVuZGxlL
user_pref(CT2269050.mam_gk_appsDefaultEnabled, %F4%FB%F2%F2);
user_pref(CT2269050.mam_gk_appsDefaultEnabled.enc, bnVsbA==);
user_pref(CT2269050.mam_gk_calledSetupService, %B7);
user_pref(CT2269050.mam_gk_calledSetupService.enc, MQ==);
user_pref(CT2269050.mam_gk_currentVersion, %B7%B4%B7%B9%B4%B6%B4%B7%BD);
user_pref(CT2269050.mam_gk_currentVersion.enc, MS4xMy4wLjE3);
user_pref(CT2269050.mam_gk_existingUsersRecoveryDone, %B7);
user_pref(CT2269050.mam_gk_existingUsersRecoveryDone.enc, MQ==);
user_pref(CT2269050.mam_gk_first_time, %B7);
user_pref(CT2269050.mam_gk_first_time.enc, MQ==);
user_pref(CT2269050.mam_gk_lastLoginTime, %B7%BA%B6%BA%B8%BA%B7%B9%BE%BF%BC%BF%BD);
user_pref(CT2269050.mam_gk_lastLoginTime.enc, MTQwNDI0MTM4OTY5Nw==);
user_pref(CT2269050.mam_gk_localization.enc, eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXB
user_pref(CT2269050.mam_gk_mamEnabled, %FA%F8%FB%EB);
user_pref(CT2269050.mam_gk_mamEnabled.enc, dHJ1ZQ==);
user_pref(CT2269050.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT2269050.mam_gk_settings1.13.0.17, %u0101%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0%u0101%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7
user_pref(CT2269050.mam_gk_settings1.13.0.17.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDA3MDEiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsIlJUSy
user_pref(CT2269050.mam_gk_settings1.4.4.6.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjMxXzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVu
user_pref(CT2269050.mam_gk_settings1.8.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT2269050.mam_gk_showCloseButton.enc, dHJ1ZQ==);
user_pref(CT2269050.mam_gk_showWelcomeGadget, %EC%E7%F2%F9%EB);
user_pref(CT2269050.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT2269050.mam_gk_stamp, %B7%B6%BA%B9%E5%B6);
user_pref(CT2269050.mam_gk_stamp.enc, MTA0M18w);
user_pref(CT2269050.mam_gk_userBornDate, %D4%B5%C7);
user_pref(CT2269050.mam_gk_userBornDate.enc, Ti9B);
user_pref(CT2269050.mam_gk_userId, %E8%BA%EB%EC%B8%BE%B8%EB%B3%B8%BC%EA%BF%B3%BA%E7%EB%EC%B3%E7%E8%E7%E7%B3%B6%E7%B7%E9%EB%E8%BB%BA%BA%BD%BD%B9);
user_pref(CT2269050.mam_gk_userId.enc, YjRlZjI4MmUtMjZkOS00YWVmLWFiYWEtMGExY2ViNTQ0Nzcz);
user_pref(CT2269050.mam_gk_user_approval_interacted, %B7);
user_pref(CT2269050.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT2269050.mam_gk_welcomeDialogMode, %B7);
user_pref(CT2269050.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT2269050.migrateAppsAndComponents, true);
user_pref(CT2269050.navigationAliasesJson, {\EB_MAIN_FRAME_URL\:\hxxp%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Didnes%26pc%3Dcosp%26ptag%3DC31A892CD84FE5%26form%3DCONADR%26con
user_pref(CT2269050.openThankYouPage, FALSE);
user_pref(CT2269050.openUninstallPage, FALSE);
user_pref(CT2269050.originalHomepage, hxxps://us.search.yahoo.com/yhs/web?hsp ... %3Dus%26pa
user_pref(CT2269050.originalSearchAddressUrl, hxxp://search.conduit.com/ResultsExt.as ... 924&UM=&q=);
user_pref(CT2269050.originalSearchEngine, YHS);
user_pref(CT2269050.price-gong.bornDate, {\dataType\:\string\,\data\:\{\\\Response\\\:\\\01\\\\/10\\\\/2013 16\\\}\});
user_pref(CT2269050.price-gong.isManagedApp, true);
user_pref(CT2269050.search.searchAppId, 128834881989343895);
user_pref(CT2269050.search.searchCount, 2);
user_pref(CT2269050.searchInNewTabEnabledByUser, true);
user_pref(CT2269050.searchInNewTabEnabledInHidden, true);
user_pref(CT2269050.searchSuggestEnabledByUser, true);
user_pref(CT2269050.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT2269050.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT2269050.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT2269050.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT2269050\});
user_pref(CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\});
user_pref(CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\DVDVideoSoftTB\});
user_pref(CT2269050.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT2269050.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT2269050.serviceLayer_services_Configuration_lastUpdate, 1372299164521);
user_pref(CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1372209983051);
user_pref(CT2269050.serviceLayer_services_appTracking_lastUpdate, 1358730433808);
user_pref(CT2269050.serviceLayer_services_appsMetadata_lastUpdate, 1372209982934);
user_pref(CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1372209982843);
user_pref(CT2269050.serviceLayer_services_location_lastUpdate, 1372209983156);
user_pref(CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate, 1362673229634);
user_pref(CT2269050.serviceLayer_services_login_10.14.65.43_lastUpdate, 1364964436644);
user_pref(CT2269050.serviceLayer_services_login_10.15.0.562_lastUpdate, 1366752009212);
user_pref(CT2269050.serviceLayer_services_login_10.15.2.523_lastUpdate, 1372209983015);
user_pref(CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1372209982939);
user_pref(CT2269050.serviceLayer_services_searchAPI_lastUpdate, 1372209983176);
user_pref(CT2269050.serviceLayer_services_serviceMap_lastUpdate, 1372209982753);
user_pref(CT2269050.serviceLayer_services_setupAPI_lastUpdate, 1364964436920);
user_pref(CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate, 1372209982903);
user_pref(CT2269050.serviceLayer_services_toolbarSettings_lastUpdate, 1372217183126);
user_pref(CT2269050.serviceLayer_services_translation_lastUpdate, 1372209982982);
user_pref(CT2269050.serviceLayer_services_userApps_lastUpdate, 1366150402340);
user_pref(CT2269050.settingsINI, true);
user_pref(CT2269050.shouldFirstTimeDialog, FALSE);
user_pref(CT2269050.showToolbarPermission, false);
user_pref(CT2269050.smartbar.CTID, CT2269050);
user_pref(CT2269050.smartbar.Uninstall, 0);
user_pref(CT2269050.smartbar.homepage, true);
user_pref(CT2269050.smartbar.toolbarName, DVDVideoSoftTB );
user_pref(CT2269050.toolbarBornServerTime, 10-1-2013);
user_pref(CT2269050.toolbarCurrentServerTime, 26-6-2013);
user_pref(CT2269050.toolbarDisabled, true);
user_pref(CT2269050.toolbarLoginClientTime, Tue Apr 16 2013 15:13:21 GMT-0700 (Pacific Daylight Time));
user_pref(CT2269050.url_history0001.enc, aHR0cDovL3d3dy5iaW5nLmNvbS9zZWFyY2g/cT1jaGFybG90dGUrdHJhY2smRk9STT1BV1JFOjo6Y2xpY2toYW5kbGVyOjo6MTM2MTM0NzIwMzQ4OSwsLGh0dHA6Ly93d3c
user_pref(CT2269050_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1467051759847,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(Smartbar.ConduitHomepagesList, hxxp://search.conduit.com/?ctid=CT22690 ... CUI=SB_CUI);
user_pref(Smartbar.ConduitSearchEngineList, DVDVideoSoftTB Customized Web Search);
user_pref(Smartbar.ConduitSearchUrlList, hxxp://search.conduit.com/ResultsExt.as ... =SB_CUI&q=);
user_pref(Smartbar.keywordURLSelectedCTID, CT2269050);



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FFD2C0A1-D142-4EEE-8FC8-95915805350B} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{FFD2C0A1-D142-4EEE-8FC8-95915805350B} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2020 at 18:20:51,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40449
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod jaro3 » 02 úno 2020 19:44

Ještě jednou adwcleaner , jeden klíč zůstal nesmazán.Pak to ostatní.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

kesudj
Level 2.5
Level 2.5
Příspěvky: 309
Registrován: listopad 12
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod kesudj » 02 úno 2020 21:10

dělal jsem zrovna ten sophos virus,ale běželo to přes dvě hodiny a bylo to pořád na začátku,tak jsem to zrušil a udělal ten adw a posílám log, mám potom zase dělat i ten JRT?

----------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-02-2020
# Duration: 00:00:03
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Not Deleted HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{D8278076-BC68-4484-9233-6E7F1628B56C}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [20961 octets] - [02/02/2020 10:18:06]
AdwCleaner[C00].txt - [13123 octets] - [02/02/2020 10:24:14]
AdwCleaner[S01].txt - [7737 octets] - [02/02/2020 18:01:29]
AdwCleaner[C01].txt - [8529 octets] - [02/02/2020 18:05:01]
AdwCleaner[S02].txt - [1743 octets] - [02/02/2020 21:00:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40449
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod jaro3 » 02 úno 2020 21:45

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Skenování“ , po prohledání klikni na „ Čištění

Program provede opravu, po automatickém restartu klikni na „Log soubor“ a pak poklepej na odpovídají log, (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

ne , JRT už ne.

Sophos ( v nouz. režimu) a RK.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

kesudj
Level 2.5
Level 2.5
Příspěvky: 309
Registrován: listopad 12
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod kesudj » 02 úno 2020 22:10

# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-02-2020
# Duration: 00:00:04
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Not Deleted HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{D8278076-BC68-4484-9233-6E7F1628B56C}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [20961 octets] - [02/02/2020 10:18:06]
AdwCleaner[C00].txt - [13123 octets] - [02/02/2020 10:24:14]
AdwCleaner[S01].txt - [7737 octets] - [02/02/2020 18:01:29]
AdwCleaner[C01].txt - [8529 octets] - [02/02/2020 18:05:01]
AdwCleaner[S02].txt - [1743 octets] - [02/02/2020 21:00:32]
AdwCleaner[C02].txt - [1913 octets] - [02/02/2020 21:00:50]
AdwCleaner[S03].txt - [1865 octets] - [02/02/2020 22:02:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 40449
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: prosím o kontrolu

Příspěvekod jaro3 » 02 úno 2020 23:10

Tak to nech , klíč se tímto nástrojem nedá smazat.

Udělej Sophos ( pokud půjde) a RogueKiller.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 6 hostů