Podezření na spyware

[adam440]

Zdravím,
poslední dobou se mi zpomalil PC a poslední dobou jsem zaznamenal podezřelé chování jako nenadálá změna spořiče obrazovky. Dnes ráno se mi navíc na prohlížeči Chrome a i Exploreru změnila domovská stránka na Reerd.com a jazyk změnil na slovenštinu. V prohlížeči (Chrome) jsem našel nějaký neznámý plugin ale bohužel jsem si nenapsal jeho jméno a rovnou ho odstranil. Byl bych moc rád za pomoc. Přikládám logy z RSIT a FRST v zipu.

[altrok]

Zdravim

Odinstalujte Skype Click to Call

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Clean
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[adam440]

Tak jsem to teda zkusil. Nicméně poprvé jsem to nemohl najít kam se to uložilo (ten otevřený log jsem si omylem vypnul) a tak jsem to potom spustil znova a to už sem to našel. Ale logů je tím pádem několik.

[altrok]

V poradku... ten dulezity jsem si nasel

Otestujte na virustotal.com C:\Windows\SysWOW64\SVKP.sys

Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm

• spustte jako spravce
• do velkeho okna zkopirujte script uvedeny nize
• kliknete na Run script
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi

  Kód: Vybrat vše

  autoclean;
  emptyclsid;
  emptyalltemp;

[adam440]

testování na virustotal proběhlo úplně v pořádku a přikládám ten log z zoek.exe:


Zoek.exe v5.0.0.0 Updated 12-December-2014
Tool run by Adam on so 13.12.2014 at 17:57:53,05.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Adam\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13.12.2014 18:01:03 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\TomTom DesktopSuite deleted successfully
C:\Program Files\Blender Foundation deleted successfully
C:\Program Files\Soluto deleted successfully
C:\Program Files\Symantec deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Twilight deleted successfully
C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted successfully
C:\Users\Adam\AppData\Roaming\The Complete Genealogy Reporter - FTB deleted successfully
C:\Users\Adam\AppData\Roaming\update_tc deleted successfully
C:\Users\Adam\AppData\Local\CrashDumps deleted successfully
C:\Users\Adam\AppData\Local\RefSrcSymbols deleted successfully
C:\Users\Adam\AppData\Local\SymbolSourceSymbols deleted successfully
C:\Users\Adam\AppData\Local\VirtualStore deleted successfully
C:\Users\Adam\AppData\Local\WarThunder deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5hln6vgf.default-1393747057061

user.js not found
---- Lines FFPDFArchitectConverter@pdfarchitect.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_13.12.2014_1816_.backup

ProfilePath: C:\Users\Adam\AppData\Roaming\penguinpop-27e90b3d44db93d2ae695bec675bd9c6\Profiles\0n4uxh0n.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_13.12.2014_1816_.backup

ProfilePath: C:\Users\Adam\AppData\Roaming\TomTom\HOME\Profiles\80anx1fs.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_13.12.2014_1816_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} not found
C:\Users\Adam\.android deleted
C:\PROGRA~2\Mobogenie3 deleted
C:\PROGRA~2\Surgeon Simulator 2013 (Full Version) deleted
C:\PROGRA~2\Surgeon Simulator 2013 save 100 deleted
C:\PROGRA~2\sweetpacks bundle uninstaller_SweetPlayer_1348381 deleted
C:\Users\Adam\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Adam\AppData\Local\cache deleted
C:\Users\Adam\Downloads\ReimageRepair.exe deleted
C:\Users\Adam\Downloads\SoftonicDownloader_for_sumotori-dreams.exe deleted
C:\Users\Adam\AppData\LocalLow\boost_interprocess deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Windows\sysWoW64\config\systemprofile\Documents\Mobogenie deleted
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5hln6vgf.default-1393747057061\jetpack deleted
C:\Users\Adam\Desktop\Google Maps Downloader.lnk deleted
C:\Users\Adam\openscad.exe deleted
C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5hln6vgf.default-1393747057061\extensions\r2d2b2g@mozilla.org deleted
"C:\Users\Adam\AppData\Roaming\wld\7za.exe" deleted
"C:\Users\Adam\AppData\Roaming\wld" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"FFPDFArchitectConverter@pdfarchitect.com"=hex(2):43,00,3a,00,5c,00,50,00,72,\ []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Adam\AppData\Roaming\TomTom\HOME\Profiles\80anx1fs.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\5hln6vgf.default-1393747057061
06DBB13F22F34314D8FB57D1139EBB67 - C:\Users\Adam\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director
B60B2639CE10F1377E5B87C733D78DFB - C:\Users\Adam\AppData\Local\Autodesk\123DPlugins\Autodesk 123D Shapes321.0.129\npAutodesk123DShapes32.dll - Autodesk 123D Shapes
F2CD1D7524F8E15AAC55568B9F72DE5B - C:\ProgramData\NexonEU\NGM\npnxgameEU.dll - Nexon Game Controller
6D657ABADF217DBB17CF0A0AF44A7E29 - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll - Nexon Game Controller
FDB2F7681A36AD24E656A5FF19AEA013 - C:\Users\Adam\AppData\Roaming\Autodesk\Autodesk123D32\1.0.7\npAutodesk123D32.dll - Autodesk 123D
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
B78F4C2C592C87DF54E8E0C6AAEF3874 - C:\Users\Adam\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
58F41CA8F9C2014709F9547B2B81A468 - C:\Windows\SysWoW64\Macromed\Flash\NPSWF32.dll - Shockwave Flash


==== Chromium Look ======================

Google Chrome Version: 38.0.2125.104 (Possible outdated, latest Stable version: 39.0.2171.95)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx[20.09.2014 09:52]

Theme Creator - Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc
Guitar Tuner - Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhglmpmegfnbclojedloihcbkemoiddi
Sumo Paint - Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod
Creately - Online Diagramming - Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\figjjaggcjcojopflaabmebmocabdglm
SOLE 64 - Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\henmjlkeiiclnbeomllgmojdeedomape
Vector Paint - Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo
Sketchpad - Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp
ButtonBeats Guitar - Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcpeekapbmklcidenkpbjcpcicmjmnf
Sopogy Helios - Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncoicgmgmchcilgcginajkgoclbgkch
Psykopaint - Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.reerd.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.reerd.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={sear"
{847A7D5F-ADBA-42CF-B74C-EEC199B95B26} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Adam\AppData\Local\Mozilla\Firefox\Profiles\5hln6vgf.default-1393747057061\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2140 folders=310 408982681 bytes)

==== Empty Temp Folders ======================

C:\Users\Adam\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\MSSQL$SQLEXPRESS\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Adam\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 13.12.2014 at 18:36:53,33 ======================

[altrok]

Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[adam440]

Tak tu máte ten FRST log...

[altrok]

Odinstalujte Skype Click to Call.

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKLM-x32\...\Run: [msryrmxcSrv] => C:\Windows\SysWOW64\msryrmxc.vbe [649 2014-07-06] ()
  HKLM-x32\...\Run: [MSStp] => C:\Windows\inf\msstp.vbe [1584 2014-03-05] ()
  HKU\S-1-5-21-1260573985-770423414-2261320260-1000\...\Policies\Explorer: [NoInstrumentation] 1
  HKU\S-1-5-21-1260573985-770423414-2261320260-1000\...\MountPoints2: E - E:\autorun.exe
  HKU\S-1-5-21-1260573985-770423414-2261320260-1000\...\MountPoints2: {ae4e3ecb-8fcc-11e2-b251-806e6f6e6963} - E:\autorun.exe DVDBrowser.hta
  
  ProxyEnable: [S-1-5-21-1260573985-770423414-2261320260-1000] => Internet Explorer proxy is enabled.
  HKU\S-1-5-21-1260573985-770423414-2261320260-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reerd.com
  Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
  Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
  FF Homepage: hxxp://www.reerd.com
  FF Plugin: @microsoft.com/GENUINE -> disabled No File
  FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
  FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
  FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
  FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
  CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
  CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
  
  S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
  S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
  S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
  S3 portio; \??\G:\Software\Programs\Zinf\portio.sys [X]
  U4 RDSessMgr; No ImagePath
  S0 SMR410; System32\drivers\SMR410.SYS [X]
  
  2014-12-14 09:31 - 2014-12-14 09:31 - 00112640 _____ (forum.viry.cz) C:\Users\Adam\Downloads\FRSTLauncher.exe
  2014-12-14 09:31 - 2014-12-14 09:31 - 00112640 _____ (forum.viry.cz) C:\Users\Adam\Desktop\FRSTLauncher.exe
  2014-12-13 18:26 - 2014-12-13 17:57 - 00024064 _____ () C:\Windows\zoek-delete.exe
  2014-12-13 18:00 - 2014-12-13 18:36 - 00012009 _____ () C:\zoek-results.log
  2014-12-13 17:57 - 2014-12-13 18:19 - 00000000 ____D () C:\zoek_backup
  2014-12-13 16:41 - 2014-12-13 17:32 - 00000000 ____D () C:\AdwCleaner
  2014-12-13 16:40 - 2014-12-13 16:40 - 02166272 _____ () C:\Users\Adam\Downloads\adwcleaner_4.105.exe
  2014-12-13 14:52 - 2014-12-13 14:52 - 00688992 ____R (Swearware) C:\Users\Adam\Downloads\dds.exe
  2014-12-13 14:48 - 2014-12-13 14:50 - 00000000 ____D () C:\Program Files\trend micro
  2014-12-13 14:48 - 2014-12-13 14:49 - 00000000 ____D () C:\rsit
  2014-12-13 14:48 - 2014-12-13 14:48 - 01222144 _____ () C:\Users\Adam\Downloads\RSITx64.exe
  2014-12-13 12:15 - 2014-12-13 14:29 - 00011865 _____ () C:\Users\Adam\Downloads\hijackthis.log
  2014-12-13 12:08 - 2014-12-13 12:08 - 00388608 _____ (Trend Micro Inc.) C:\Users\Adam\Downloads\HijackThis.exe
  C:\Program Files (x86)\Skype\Toolbars
  
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  AlternateDataStreams: C:\ProgramData\TEMP:C5760A8B
  Hosts:
  EmptyTemp:
  End
  

[adam440]

Tak zde je ten fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2014
Ran by Adam at 2014-12-14 12:49:59 Run:1
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam & MSSQL$SQLEXPRESS (Available profiles: Adam & MSSQL$SQLEXPRESS)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [msryrmxcSrv] => C:\Windows\SysWOW64\msryrmxc.vbe [649 2014-07-06] ()
HKLM-x32\...\Run: [MSStp] => C:\Windows\inf\msstp.vbe [1584 2014-03-05] ()
HKU\S-1-5-21-1260573985-770423414-2261320260-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1260573985-770423414-2261320260-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-1260573985-770423414-2261320260-1000\...\MountPoints2: {ae4e3ecb-8fcc-11e2-b251-806e6f6e6963} - E:\autorun.exe DVDBrowser.hta

ProxyEnable: [S-1-5-21-1260573985-770423414-2261320260-1000] => Internet Explorer proxy is enabled.
HKU\S-1-5-21-1260573985-770423414-2261320260-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.reerd.com
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
FF Homepage: hxxp://www.reerd.com
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 portio; \??\G:\Software\Programs\Zinf\portio.sys [X]
U4 RDSessMgr; No ImagePath
S0 SMR410; System32\drivers\SMR410.SYS [X]

2014-12-14 09:31 - 2014-12-14 09:31 - 00112640 _____ (forum.viry.cz) C:\Users\Adam\Downloads\FRSTLauncher.exe
2014-12-14 09:31 - 2014-12-14 09:31 - 00112640 _____ (forum.viry.cz) C:\Users\Adam\Desktop\FRSTLauncher.exe
2014-12-13 18:26 - 2014-12-13 17:57 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-12-13 18:00 - 2014-12-13 18:36 - 00012009 _____ () C:\zoek-results.log
2014-12-13 17:57 - 2014-12-13 18:19 - 00000000 ____D () C:\zoek_backup
2014-12-13 16:41 - 2014-12-13 17:32 - 00000000 ____D () C:\AdwCleaner
2014-12-13 16:40 - 2014-12-13 16:40 - 02166272 _____ () C:\Users\Adam\Downloads\adwcleaner_4.105.exe
2014-12-13 14:52 - 2014-12-13 14:52 - 00688992 ____R (Swearware) C:\Users\Adam\Downloads\dds.exe
2014-12-13 14:48 - 2014-12-13 14:50 - 00000000 ____D () C:\Program Files\trend micro
2014-12-13 14:48 - 2014-12-13 14:49 - 00000000 ____D () C:\rsit
2014-12-13 14:48 - 2014-12-13 14:48 - 01222144 _____ () C:\Users\Adam\Downloads\RSITx64.exe
2014-12-13 12:15 - 2014-12-13 14:29 - 00011865 _____ () C:\Users\Adam\Downloads\hijackthis.log
2014-12-13 12:08 - 2014-12-13 12:08 - 00388608 _____ (Trend Micro Inc.) C:\Users\Adam\Downloads\HijackThis.exe
C:\Program Files (x86)\Skype\Toolbars

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:C5760A8B
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\msryrmxcSrv => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MSStp => value deleted successfully.
HKU\S-1-5-21-1260573985-770423414-2261320260-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => value deleted successfully.
"HKU\S-1-5-21-1260573985-770423414-2261320260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-1260573985-770423414-2261320260-1000" => Key not found.
"HKU\S-1-5-21-1260573985-770423414-2261320260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae4e3ecb-8fcc-11e2-b251-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{ae4e3ecb-8fcc-11e2-b251-806e6f6e6963}" => Key not found.
HKU\S-1-5-21-1260573985-770423414-2261320260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-1260573985-770423414-2261320260-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKCR\PROTOCOLS\Handler\skypec2c" => Key deleted successfully.
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c" => Key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => Key deleted successfully.
Firefox homepage deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
cpuz136 => Service deleted successfully.
EagleX64 => Service deleted successfully.
GPUZ => Service deleted successfully.
portio => Service deleted successfully.
RDSessMgr => Service deleted successfully.
SMR410 => Service deleted successfully.
C:\Users\Adam\Downloads\FRSTLauncher.exe => Moved successfully.
C:\Users\Adam\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Adam\Downloads\adwcleaner_4.105.exe => Moved successfully.
C:\Users\Adam\Downloads\dds.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\Users\Adam\Downloads\RSITx64.exe => Moved successfully.
C:\Users\Adam\Downloads\hijackthis.log => Moved successfully.
C:\Users\Adam\Downloads\HijackThis.exe => Moved successfully.
C:\Program Files (x86)\Skype\Toolbars => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\TEMP => ":C5760A8B" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 172.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

[altrok]

Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[adam440]

Děkuji mockrát. A omlouvám se za opožděnou odpověď.

[altrok]

Nemate zac, rad jsem pomohl


Preju prijemny vecer