přesměrovávání na linkbucks.com

Zpráva

Merk · #1 Příspěvek od **Merk** » 18 úno 2014 09:46

Dobry den, tak jsem se taky stal obeti teto haveti. Prikladam log.
Dekuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Uzivatel (administrator) on UZIVATEL-PC on 18-02-2014 09:32:44
Running from C:\Users\Uzivatel\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(forum.viry.cz) C:\Users\Uzivatel\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [ArcadeDeluxeAgent] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-05-29] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-05-29] (CyberLink)
HKLM\...\Run: [PlayMovie] - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [167936 2008-05-12] (Acer Corp.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6144000 2008-05-21] (Realtek Semiconductor)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [809480 2008-09-10] (Dritek System Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-05-14] (Egis Incorporated)
HKLM\...\Run: [WarReg_PopUp] - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [303104 2008-01-29] (Acer Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-06-16] (InstallShield Software Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKU\S-1-5-21-4259034666-3012792658-4161726749-1000\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-16] (InstallShield Software Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0109&m=aspire_5535
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0109&m=aspire_5535
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220

Chrome: 
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.77\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX Web Player) - D:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Extension: (Peněženka Google) - C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [81504 2008-01-16] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-03-21] ()
S2 gupdate1ca67a88744495f; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-11-17] (Google Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-02-17] (SurfRight B.V.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()
S2 McShield; C:\Program Files\McAfee\VirusScan\McShield.exe [X]
S3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [X]

==================== Drivers (Whitelisted) ====================

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-06-28] ()
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [192056 2008-01-21] (Společnost Microsoft)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1081912 2008-01-21] (Společnost Microsoft)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [61424 2008-05-09] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-18 09:32 - 2014-02-18 09:32 - 00011990 _____ () C:\Users\Uzivatel\Desktop\FRST.txt
2014-02-18 09:32 - 2014-02-18 09:32 - 00000000 ____D () C:\FRST
2014-02-18 09:29 - 2014-02-18 09:24 - 01141248 _____ (Farbar) C:\Users\Uzivatel\Desktop\FRST.exe
2014-02-18 09:26 - 2014-02-18 09:20 - 00112640 _____ (forum.viry.cz) C:\Users\Uzivatel\Desktop\FRSTLauncher.exe
2014-02-18 09:23 - 2014-02-18 09:23 - 00000079 _____ () C:\Windows\wininit.ini
2014-02-18 00:35 - 2014-02-18 00:35 - 00000512 _____ () C:\PhysicalMBR.bin
2014-02-17 23:38 - 2014-02-17 23:38 - 00165576 _____ () C:\Users\Uzivatel\Downloads\ClickHeretoDownload-fbZERhv.exe
2014-02-17 22:00 - 2014-02-17 22:00 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-17 22:00 - 2014-02-17 22:00 - 00000000 ____D () C:\Users\Uzivatel\AppData\Roaming\Malwarebytes
2014-02-17 22:00 - 2014-02-17 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 22:00 - 2014-02-17 22:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 22:00 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-17 21:48 - 2014-02-17 21:48 - 00000959 _____ () C:\Users\Uzivatel\Desktop\JRT.txt
2014-02-17 21:44 - 2014-02-17 21:44 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 21:43 - 2014-02-17 21:12 - 01037530 _____ (Thisisu) C:\Users\Uzivatel\Desktop\JRT.exe
2014-02-17 21:05 - 2014-02-17 21:34 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 20:26 - 2014-02-17 20:26 - 00001674 _____ () C:\Windows\system32\.crusader
2014-02-17 20:19 - 2014-02-17 20:19 - 00001736 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-17 20:19 - 2014-02-17 20:19 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-17 20:05 - 2014-02-17 20:26 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-17 19:58 - 2014-02-17 20:02 - 00000000 ____D () C:\AdwCleaner
2014-02-17 19:58 - 2014-02-17 19:49 - 09988304 _____ (SurfRight B.V.) C:\Users\Uzivatel\Desktop\HitmanPro.exe
2014-02-17 19:58 - 2014-02-17 19:48 - 01241888 _____ () C:\Users\Uzivatel\Desktop\adwcleaner.exe
2014-02-17 19:32 - 2014-02-18 09:24 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-02-17 19:32 - 2014-02-18 09:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-17 19:20 - 2014-02-17 19:21 - 09741752 _____ () C:\Users\Uzivatel\Downloads\yet_another_cleaner.exe
2014-02-16 16:55 - 2014-02-16 16:56 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-06 14:30 - 2014-02-06 14:30 - 01409024 _____ () C:\Users\Uzivatel\Downloads\prevence1.cv. (1).ppt
2014-02-06 14:30 - 2014-02-06 14:30 - 01406976 _____ () C:\Users\Uzivatel\Downloads\prevence1.cv..ppt

==================== One Month Modified Files and Folders =======

2014-02-18 09:32 - 2014-02-18 09:32 - 00011990 _____ () C:\Users\Uzivatel\Desktop\FRST.txt
2014-02-18 09:32 - 2014-02-18 09:32 - 00000000 ____D () C:\FRST
2014-02-18 09:28 - 2009-01-19 18:34 - 01158502 _____ () C:\Windows\WindowsUpdate.log
2014-02-18 09:24 - 2014-02-18 09:29 - 01141248 _____ (Farbar) C:\Users\Uzivatel\Desktop\FRST.exe
2014-02-18 09:24 - 2014-02-17 19:32 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-02-18 09:24 - 2009-11-17 18:25 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-18 09:24 - 2009-01-19 19:06 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2014-02-18 09:24 - 2008-09-02 18:59 - 00000147 _____ () C:\Windows\system32\agent.log
2014-02-18 09:24 - 2008-01-21 03:47 - 03458694 _____ () C:\Windows\PFRO.log
2014-02-18 09:24 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 09:24 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 09:24 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 09:23 - 2014-02-18 09:23 - 00000079 _____ () C:\Windows\wininit.ini
2014-02-18 09:23 - 2014-02-17 19:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-18 09:23 - 2009-01-19 18:47 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-18 09:23 - 2006-11-02 14:01 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-18 09:20 - 2014-02-18 09:26 - 00112640 _____ (forum.viry.cz) C:\Users\Uzivatel\Desktop\FRSTLauncher.exe
2014-02-18 09:06 - 2009-01-19 18:48 - 00076800 _____ () C:\Users\Uzivatel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 09:05 - 2006-11-02 13:47 - 00317608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-18 00:45 - 2009-11-17 18:25 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-18 00:35 - 2014-02-18 00:35 - 00000512 _____ () C:\PhysicalMBR.bin
2014-02-17 23:38 - 2014-02-17 23:38 - 00165576 _____ () C:\Users\Uzivatel\Downloads\ClickHeretoDownload-fbZERhv.exe
2014-02-17 23:32 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\PLA
2014-02-17 22:00 - 2014-02-17 22:00 - 00000910 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-17 22:00 - 2014-02-17 22:00 - 00000000 ____D () C:\Users\Uzivatel\AppData\Roaming\Malwarebytes
2014-02-17 22:00 - 2014-02-17 22:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 22:00 - 2014-02-17 22:00 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-17 21:48 - 2014-02-17 21:48 - 00000959 _____ () C:\Users\Uzivatel\Desktop\JRT.txt
2014-02-17 21:44 - 2014-02-17 21:44 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 21:42 - 2009-01-19 19:15 - 00000000 ____D () C:\Users\Uzivatel\AppData\Local\Google
2014-02-17 21:36 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-17 21:34 - 2014-02-17 21:05 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 21:20 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-02-17 21:20 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-17 21:12 - 2014-02-17 21:43 - 01037530 _____ (Thisisu) C:\Users\Uzivatel\Desktop\JRT.exe
2014-02-17 21:09 - 2006-11-02 11:33 - 01434362 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 20:26 - 2014-02-17 20:26 - 00001674 _____ () C:\Windows\system32\.crusader
2014-02-17 20:26 - 2014-02-17 20:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-17 20:19 - 2014-02-17 20:19 - 00001736 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-17 20:19 - 2014-02-17 20:19 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-17 20:02 - 2014-02-17 19:58 - 00000000 ____D () C:\AdwCleaner
2014-02-17 20:01 - 2009-02-02 18:28 - 00000000 ____D () C:\ProgramData\ICQ
2014-02-17 19:49 - 2014-02-17 19:58 - 09988304 _____ (SurfRight B.V.) C:\Users\Uzivatel\Desktop\HitmanPro.exe
2014-02-17 19:48 - 2014-02-17 19:58 - 01241888 _____ () C:\Users\Uzivatel\Desktop\adwcleaner.exe
2014-02-17 19:31 - 2006-11-02 13:52 - 00106808 _____ () C:\Windows\setupact.log
2014-02-17 19:21 - 2014-02-17 19:20 - 09741752 _____ () C:\Users\Uzivatel\Downloads\yet_another_cleaner.exe
2014-02-16 16:56 - 2014-02-16 16:55 - 00001975 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-16 16:55 - 2009-01-19 19:12 - 00000000 ____D () C:\Program Files\Google
2014-02-16 16:47 - 2009-02-17 20:17 - 00006836 _____ () C:\Users\Uzivatel\AppData\Local\d3d9caps.dat
2014-02-15 03:07 - 2013-08-03 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 03:02 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-06 14:30 - 2014-02-06 14:30 - 01409024 _____ () C:\Users\Uzivatel\Downloads\prevence1.cv. (1).ppt
2014-02-06 14:30 - 2014-02-06 14:30 - 01406976 _____ () C:\Users\Uzivatel\Downloads\prevence1.cv..ppt

Some content of TEMP:
====================
C:\Users\Uzivatel\AppData\Local\temp\advapi32.dll
C:\Users\Uzivatel\AppData\Local\temp\ATIDEMGX.dll
C:\Users\Uzivatel\AppData\Local\temp\dnsapi.dll
C:\Users\Uzivatel\AppData\Local\temp\gdi32.dll
C:\Users\Uzivatel\AppData\Local\temp\imm32.dll
C:\Users\Uzivatel\AppData\Local\temp\kernel32.dll
C:\Users\Uzivatel\AppData\Local\temp\lpk.dll
C:\Users\Uzivatel\AppData\Local\temp\msctf.dll
C:\Users\Uzivatel\AppData\Local\temp\msvcrt.dll
C:\Users\Uzivatel\AppData\Local\temp\nsi.dll
C:\Users\Uzivatel\AppData\Local\temp\ntdll.dll
C:\Users\Uzivatel\AppData\Local\temp\ole32.dll
C:\Users\Uzivatel\AppData\Local\temp\rpcrt4.dll
C:\Users\Uzivatel\AppData\Local\temp\rsaenh.dll
C:\Users\Uzivatel\AppData\Local\temp\secur32.dll
C:\Users\Uzivatel\AppData\Local\temp\shell32.dll
C:\Users\Uzivatel\AppData\Local\temp\shlwapi.dll
C:\Users\Uzivatel\AppData\Local\temp\SLC.dll
C:\Users\Uzivatel\AppData\Local\temp\user32.dll
C:\Users\Uzivatel\AppData\Local\temp\userenv.dll
C:\Users\Uzivatel\AppData\Local\temp\usp10.dll
C:\Users\Uzivatel\AppData\Local\temp\ws2_32.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

  
***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Uzivatel\Desktop" je 13 MB.
 
 
***** Startup Programs *****
 
 
***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
 
***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

 
==================== End Of Log ==============================

#2 Příspěvek od **vyosek** » 18 úno 2014 11:46

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Ale zrejme bude asi nutne jeste kontaktovat i poskytovatele internetu - tento kram napada jejich routery a rpismerovani se deje uz u poskytovatele

Merk · #3 Příspěvek od **Merk** » 18 úno 2014 19:26

Tak tady to je, vcera jsem delal uplne to same, ale nepomohlo to, dneska jsem jeste smazal v chrome udaje o prohlizeni a havet je asi pryc

# AdwCleaner v3.019 - Report created 18/02/2014 at 19:11:44
# Updated 17/02/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Uzivatel - UZIVATEL-PC
# Running from : C:\Users\Uzivatel\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19088

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6741 octets] - [17/02/2014 19:59:13]
AdwCleaner[R1].txt - [976 octets] - [18/02/2014 18:17:21]
AdwCleaner[S0].txt - [6718 octets] - [17/02/2014 20:01:48]
AdwCleaner[S1].txt - [900 octets] - [18/02/2014 19:11:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [959 octets] ##########

#4 Příspěvek od **vyosek** » 19 úno 2014 12:01

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

VIRY.CZ

přesměrovávání na linkbucks.com

přesměrovávání na linkbucks.com

Re: přesměrovávání na linkbucks.com

Re: přesměrovávání na linkbucks.com

Re: přesměrovávání na linkbucks.com