Antivir neustále hlásí problém - prosím o kontrolu logu Vyřešeno

[Falla Džej]

Zdravím, prosím o kontrolu logu. Po reinstalaci PC jsem nainstalovat pár "základních" programů, ale Avast mi teď cca každou minutu vyhodí hlášku o infekci. Cílová cesta infikovaných souborů vždy vede k firefox.cz.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:40:52, on 18.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Users\Jakub\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.wonderfulsearches.info ... Z&unqvl=60
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.wonderfulsearches.info ... Z&unqvl=60
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5784 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[Falla Džej]

# AdwCleaner v3.307 - Report created 19/08/2014 at 19:43:37
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Jakub - JAKUB-PC
# Running from : C:\Users\Jakub\Downloads\adwcleaner_3.307.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\xlin0hej.default\searchplugins\WebSearch.xml
File Found : C:\Windows\System32\GroupPolicy\Machine\Registry.pol
Folder Found : C:\Program Files (x86)\Adblocker
Folder Found : C:\Program Files (x86)\Adblocker
Folder Found : C:\Program Files (x86)\EZDownloader
Folder Found : C:\Program Files (x86)\MySearch
Folder Found : C:\Program Files (x86)\ppRicceCihop
Folder Found : C:\Program Files (x86)\priacechop
Folder Found : C:\Program Files (x86)\priCEchop
Folder Found : C:\Program Files (x86)\SW-Booster
Folder Found : C:\ProgramData\Adblocker
Folder Found : C:\ProgramData\Adblocker
Folder Found : C:\ProgramData\MySearch
Folder Found : C:\ProgramData\ppRicceCihop
Folder Found : C:\ProgramData\priacechop
Folder Found : C:\ProgramData\priCEchop
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\Jakub\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Jakub\AppData\Local\torch

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-2060245759
Key Found : HKLM\SOFTWARE\SW-Booster
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.wonderfulsearches.info ... Z&unqvl=60
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.wonderfulsearches.info ... Z&unqvl=60

-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\xlin0hej.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.wonderfulsearches.info/?pid=2145&r=2014/08/17&hid=2400403269968452107&lg=EN&cc=CZ&unqvl=60&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.MOHby0gw.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Found : user_pref("extensions.PQi53ff4a.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumoro[...]
Line Found : user_pref("extensions.iGA.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
Line Found : user_pref("extensions.jbWUo5IK3b.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Found : user_pref("extensions.sytlW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Line Found : user_pref("keyword.URL", "hxxp://websearch.wonderfulsearches.info/?pid=2145&r=2014/08/17&hid=2400403269968452107&lg=EN&cc=CZ&unqvl=60&l=1&q=");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5757 octets] - [19/08/2014 19:43:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5817 octets] ##########

[Falla Džej]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19.8.2014
Scan Time: 19:47:11
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.19.08
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jakub

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305191
Time Elapsed: 10 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 56
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\pricechOp.pricechOp, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\pricechOp.pricechOp.3.9, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\pricechOp.pricechOp, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\pricechOp.pricechOp.3.9, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{EB886C70-281E-BBA0-BB6D-F39F2A11153C}\INPROCSERVER32, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\prIccechop.prIccechop, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\prIccechop.prIccechop.3.9, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\prIccechop.prIccechop, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\prIccechop.prIccechop.3.9, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{D3D758FC-2B7D-C142-F7D3-76C52BD68872}\INPROCSERVER32, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{8186D2C6-66D8-C8C4-A740-C5634313A63D}, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8186D2C6-66D8-C8C4-A740-C5634313A63D}, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\priaceChop.priaceChop, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\priaceChop.priaceChop.3.9, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\priaceChop.priaceChop, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\priaceChop.priaceChop.3.9, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8186D2C6-66D8-C8C4-A740-C5634313A63D}, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8186D2C6-66D8-C8C4-A740-C5634313A63D}, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8186D2C6-66D8-C8C4-A740-C5634313A63D}, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{8186D2C6-66D8-C8C4-A740-C5634313A63D}\INPROCSERVER32, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\Adblocker.Adblocker, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\Adblocker.Adblocker.1.0, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Adblocker.Adblocker, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Adblocker.Adblocker.1.0, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{9A28C5C3-6EE1-6792-65B5-E706A7A608EF}\INPROCSERVER32, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\MySearch.MySearch, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\MySearch.MySearch.2.1, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySearch.MySearch.2.1, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{CA49D376-22C3-8205-FB0E-E9A6774CDDE1}\INPROCSERVER32, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.SWBooster.A, HKLM\SOFTWARE\WOW6432NODE\SW-Booster, , [b6be30984c2f85b1ab0b7976cc36e719],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [83f1587099e20d29509bf058a361d828],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-2060245759, , [de96b612b9c240f689ed6488cb37d52b],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}, , [b6be9137ef8c2511d89f9e4e17eba25e],
PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27, , [f77d01c7df9c58de03ed6fd9ec1857a9],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-288487796-1725444996-988690671-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [185c3395daa172c42b1c4ee7c63e7888],

Registry Values: 2
PUP.Optional.Booster, HKLM\SOFTWARE\WOW6432NODE\{5F189DF5-2D05-472B-9091-84D9848AE48B}\_D0E87C27|svn, SW-Sustainer, , [f77d01c7df9c58de03ed6fd9ec1857a9]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-288487796-1725444996-988690671-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [de967553cbb08bab94b4a293e81c13ed]

Registry Data: 2
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.wonderfulsearches.info ... Z&unqvl=60, Good: (www.google.com), Bad: (http://websearch.wonderfulsearches.info ... Z&unqvl=60),,[bcb8d6f2fd7e91a53a7d7c51897b4cb4]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-288487796-1725444996-988690671-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.wonderfulsearches.info ... Z&unqvl=60, Good: (www.google.com), Bad: (http://websearch.wonderfulsearches.info ... Z&unqvl=60),,[a1d33f89c9b29c9a34822ca1659f8977]

Folders: 6
PUP.Optional.MySearch.A, C:\Program Files (x86)\MySearch, , [75ff19afc2b92b0b0da85b941fe301ff],
PUP.Optional.EZDownloader.A, C:\Program Files (x86)\EZDownloader, , [452f02c6e59659dd17025367d032966a],
PUP.Optional.Booster.A, C:\Program Files (x86)\SW-Booster, , [6212b117e299b38310d78d45b250aa56],
PUP.Optional.MultiPlug.A, C:\ProgramData\priCEchop, , [c9ab9f29e794f64076e3d6fe9171a45c],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\priCEchop, , [acc85672f18a6fc73c1ea92b778b11ef],
PUP.Optional.Booster.A, C:\ProgramData\PlutoApp\SW-Booster, , [284c03c589f21d19c004f8e7ea1806fa],

Files: 14
PUP.Optional.Preload, C:\Program Files (x86)\priCEchop\E05zLS.x64.dll, , [d59f07c1aecd86b0a976c3dc4db4a25e],
PUP.Optional.Preload, C:\Program Files (x86)\priacechop\y.x64.dll, , [2f45b4145625ec4ac659b1ee3cc5916f],
PUP.Optional.Preload, C:\Program Files (x86)\ppRicceCihop\w.x64.dll, , [274d1fa9cfac1620db443b64db26629e],
PUP.Optional.Preload, C:\Program Files (x86)\Adblocker\fKy7Pv9w.x64.dll, , [482c38900675ed49dd42a6f9649db848],
PUP.Optional.Preload, C:\Program Files (x86)\MySearch\ohxKrxZ.x64.dll, , [83f104c447343afc0b14c0dfc9389f61],
PUP.Optional.Installrex, C:\Users\Jakub\Downloads\Windows 7 Ultimate Crack Genuine Activator ~ Free Crack Files Download.exe, , [95df497f542741f541a0f1ba9a6748b8],
PUP.Optional.MySearch.A, C:\Program Files (x86)\MySearch\ohxKrxZ.tlb, , [75ff19afc2b92b0b0da85b941fe301ff],
PUP.Optional.MySearch.A, C:\Program Files (x86)\MySearch\ohxKrxZ.dat, , [75ff19afc2b92b0b0da85b941fe301ff],
PUP.Optional.WebSearch.A, C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\xlin0hej.default\searchplugins\WebSearch.xml, , [4331428668139c9a19e91ee9699a60a0],
PUP.Optional.MultiPlug.A, C:\ProgramData\priCEchop\qTdKFb2.dat, , [c9ab9f29e794f64076e3d6fe9171a45c],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\priCEchop\E05zLS.dat, , [acc85672f18a6fc73c1ea92b778b11ef],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\priCEchop\E05zLS.tlb, , [acc85672f18a6fc73c1ea92b778b11ef],
PUP.Optional.Booster.A, C:\ProgramData\PlutoApp\SW-Booster\2060245759.ini, , [284c03c589f21d19c004f8e7ea1806fa],
PUP.Optional.WonderfulSearches.A, C:\Users\Jakub\AppData\Roaming\Mozilla\Firefox\Profiles\xlin0hej.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://websearch.wonderfulsearches.info/?pid=2145&r=2014/08/17&hid=2400403269968452107&lg=EN&cc=CZ&unqvl=60&l=1&q=");), ,[3e36b612b7c40b2b6fa6fc0e798c2fd1]

Physical Sectors: 0
(No malicious items detected)


(end)

[Pic]

Vlož sem uvedenou hlášku Avastu.

[Falla Džej]

Ty hlášky se mění. Po spuštění Firefoxu vyskočí například 5 hlášek z různými pěti URL...

[Pic]

Jasně to mi stačí. Dělá to některý z doplňků Firefoxu. Již se nepamatuji jaký. Zakaž 2 -3 a restartuj Firefox. Pokud jsi zakázal ten správný, hlášky Avastu se již neozvou. V opačném případě zakázané poval a zakaž další a opět restartuj Firefox.

[Falla Džej]

Mockrát děkuji za pomoc. Používám jen 3 doplňky (AdBlock Plus, Avast a SpeedDial). Objevilo se mi tam asi dalších pět s podivnými názvy. Nejde mi ale do hlavy, jak se tam dostaly...

[Pic]

Takže vyřešeno? Počkej si ještě na stanovisko virobijců, zda nemáš ještě jiný problém.
Virobijcům se omlouvám za vstup do jejich království.

[Falla Džej]

Problém vyřešen. Ještě jednou díky za radu . Myslím, že práce virobijců už nebude potřeba...

[Pic]

Nic Tě to nestojí, jen čas. Tak vyčkej na jejich stanovisko k logu. Jestliže jsi uvedené doplňky neinstaloval, tak to mohl být nějaký vir, který máš ještě v PC.

[jaro3]

ještě to projedem:

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.