Prosím o kontrolu logu

Příspěvekod **jaro3** » 22 zář 2016 20:10

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2221263169-337054609-1600395678-1171_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\andrys\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {B1001144-DDAB-4068-ADFA-B32D9D8FB72E} - System32\Tasks\BKUpdate 22904 => C:\Program Files (x86)\BKWin\22904\BKWinUpd.exe [2009-12-01] (Helpsoft spol. s r.o.) <==== ATTENTION
Task: {FD94B27D-F2FD-472A-966F-3C957B09C3D1} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
IE trusted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\mojeplatba.cz -> hxxps://www.mojeplatba.cz
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\123simsen.com -> www.123simsen.com
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKU\S-1-5-21-2221263169-337054609-1600395678-1171 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221263169-337054609-1600395678-1171 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird => not found
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\andrys\AppData\Local\PeerDistRepub
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\ProgramData\SynFPRmsiLogs.log

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Reklama

zaari · Příspěvekod **zaari** » 26 zář 2016 13:24

Díky a kopíruji Fixlog.

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by andrys (26-09-2016 13:16:09) Run:1
Running from C:\Users\andrys\Desktop
Loaded Profiles: andrys (Available Profiles: andrys & Administrator & Martin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2221263169-337054609-1600395678-1171_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\andrys\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
Task: {B1001144-DDAB-4068-ADFA-B32D9D8FB72E} - System32\Tasks\BKUpdate 22904 => C:\Program Files (x86)\BKWin\22904\BKWinUpd.exe [2009-12-01] (Helpsoft spol. s r.o.) <==== ATTENTION
Task: {FD94B27D-F2FD-472A-966F-3C957B09C3D1} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
IE trusted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\mojeplatba.cz -> hxxps://www.mojeplatba.cz
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2221263169-337054609-1600395678-1171\...\123simsen.com -> www.123simsen.com
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKU\S-1-5-21-2221263169-337054609-1600395678-1171 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221263169-337054609-1600395678-1171 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird => not found
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\andrys\AppData\Local\PeerDistRepub
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\ProgramData\SynFPRmsiLogs.log

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1001144-DDAB-4068-ADFA-B32D9D8FB72E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1001144-DDAB-4068-ADFA-B32D9D8FB72E}" => key removed successfully
C:\WINDOWS\System32\Tasks\BKUpdate 22904 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BKUpdate 22904" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD94B27D-F2FD-472A-966F-3C957B09C3D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD94B27D-F2FD-472A-966F-3C957B09C3D1}" => key removed successfully
C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojeplatba.cz" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com" => key removed successfully
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotPostWindows10UpgradeReInstall" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-2221263169-337054609-1600395678-1171\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\andrys\AppData\Local\PeerDistRepub => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\ProgramData\SynFPRmsiLogs.log => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 69625877 B
Java, Flash, Steam htmlcache => 1232 B
Windows/system/drivers => 4146815 B
Edge => 6209933 B
Chrome => 0 B
Firefox => 383788769 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 104720 B
NetworkService => 39548 B
andrys => 23800709 B
administrator => 41000 B
Martin => 27376 B

RecycleBin => 0 B
EmptyTemp: => 465.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:17:16 ====

Příspěvekod **jaro3** » 26 zář 2016 18:49

Co problémy?

zaari · Příspěvekod **zaari** » 29 zář 2016 12:12

je to lepší, díky.

Příspěvekod **Orcus** » 29 zář 2016 13:14

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde: C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno , zelenou fajfku.

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online