Prohlížeče se chovají divně

Zpráva

cyklon · #1 Příspěvek od **cyklon** » 31 srp 2015 11:50

Ahoj, asi jsem si natáhl něco do počítače, protože mé prohlížeče se chovají dost nestandardně. Chrome začal najednou mít problém s textovými polemi v adminu WordPressu (prostě je nezobrazuje), u některých stránek načítá jen záhlaví, FireFox zase po kliknutí na nějaký odkaz otevře zároveň nějakou stránku s reklamami...

Tady přikládám RSIT log: http://pastebin.ca/3142032 (vaše fórum mi nedovolilo nahrát txt soubor a log překročil i počet znaků, co se vejdou do příspěvku)

#2 Příspěvek od **altrok** » 31 srp 2015 14:01

Krasny den Vam preju

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Cleaning
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

cyklon · #3 Příspěvek od **cyklon** » 31 srp 2015 21:01

Kód: Vybrat vše

# AdwCleaner v5.004 - Logfile created 31/08/2015 at 17:42:43
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Václav - VASEK-PC
# Running from : C:\Users\Václav\Desktop\adwcleaner_5.004.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : PrivoxyService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\CinemaP-1.9cV09.07

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : AmiUpdXp
[-] Task Deleted : 16569258-46d8-4da5-b693-90f0d23de2ce-10_user
[-] Task Deleted : 16569258-46d8-4da5-b693-90f0d23de2ce-5_user
[-] Task Deleted : 336b6588-d689-4286-a3f1-4774b0f309f8-10_user
[-] Task Deleted : 336b6588-d689-4286-a3f1-4774b0f309f8-5_user
[-] Task Deleted : 75f54a3a-df0e-4604-a974-2c6f2e36b879-5_user

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Key Deleted : HKLM\SOFTWARE\CinemaP-1.9cV09.07
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaP-1.9cV09.07
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\324B4B70AD4E1D7438725B98BEB4BE85
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\324B4B70AD4E1D7438725B98BEB4BE85
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\324B4B70AD4E1D7438725B98BEB4BE85

***** [ Web browsers ] *****

[-] [C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : 
[-] [C:\Users\Václav\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.google.com/","hxxp://www.trovi.com/?gd=&ctid=CT3324850&octid=EB_ORIGINAL_CTID&ISID=656b2c49-a9e8-4d6a-b604-d2a7ae560a58&SearchSource=55&CUI=&UM=6&UP=SP1F020B94-A19D-4B4E-99B6-B7EF4B4C9BC9&SSPV=","hxxp://www.mystartsearch.com/?type=hp&ts=1417288467&from=wpc&uid=WDCXWD7500BPVT-08HXZT3_WD-WX41A92J0791J0791","hxxp://search.gboxapp.com/

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3054 bytes] ##########

#4 Příspěvek od **altrok** » 31 srp 2015 21:08

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

cyklon · #5 Příspěvek od **cyklon** » 01 zář 2015 07:12

Opět se mi to nepodařilo vložit do těla zprávy, je to v příloze obojí

#6 Příspěvek od **altrok** » 01 zář 2015 13:17

Mate vypnutou funkci bodu obnoveni. Velice doporucuji tuto funkci zapnout.

Odinstalujte starou a zranitelnou verzi javy. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit. Verze Javy, ktere v PC mate nainstalovane:

Java 8 Update 40

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
File: C:\Users\Václav\AppData\Roaming\B05B5F0B-62EF-4747-8AEC-0DD229253AC5\UDP Manager\udpmgr.exe
File: C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-07] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2712542141-108017203-508658787-1002\...\Run: [Google Update] => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-02] (Google Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2712542141-108017203-508658787-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.trovi.com/?gd=&ctid=CT3324850&octid=EB_ORIGINAL_CTID&ISID=656b2c49-a9e8-4d6a-b604-d2a7ae560a58&SearchSource=55&CUI=&UM=6&UP=SP1F020B94-A19D-4B4E-99B6-B7EF4B4C9BC9&SSPV=","hxxp://www.mystartsearch.com/?type=hp&ts=1417288467&from=wpc&uid=WDCXWD7500BPVT-08HXZT3_WD-WX41A92J0791J0791","hxxp://search.gboxapp.com/"
2015-09-01 07:58 - 2015-09-01 07:59 - 00112640 _____ (forum.viry.cz) C:\Users\Václav\Desktop\FRSTLauncher.exe
2015-08-31 17:21 - 2015-08-31 17:21 - 01618432 _____ C:\Users\Václav\Desktop\adwcleaner_5.004.exe
2015-08-31 12:33 - 2015-08-31 12:33 - 00000000 ____D C:\Program Files\trend micro
2015-08-31 17:42 - 2015-07-09 15:11 - 00000000 ____D C:\AdwCleaner
Task: {7A4E6BC7-5D90-488A-81DA-731F6E9A2CC2} - System32\Tasks\PassMaster => c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\16569258-46d8-4da5-b693-90f0d23de2ce-10_user.job => C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\16569258-46d8-4da5-b693-90f0d23de2ce-5_user.job => C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\336b6588-d689-4286-a3f1-4774b0f309f8-10_user.job => C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\336b6588-d689-4286-a3f1-4774b0f309f8-5_user.job => C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\75f54a3a-df0e-4604-a974-2c6f2e36b879-5_user.job => C:\Program Files (x86)\Sense\75f54a3a-df0e-4604-a974-2c6f2e36b879-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Václav\AppData\Local\10725\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}\setup_product_461.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d090cd9440d9ad.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2712542141-108017203-508658787-1002Core.job => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2712542141-108017203-508658787-1002UA.job => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HHbcFkCQ5T6MiF5uMwrac8nu.job => C:\Users\Vý˙clav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\hMFSn6VGiEKYz.job => C:\Users\Vý˙clav\AppData\Roaming\hMFSn6VGiEKYz.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PassMaster.job => c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe <==== ATTENTION
Folder: c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}
File: c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe
c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}
Folder: C:\Program Files (x86)\Ge-Force
C:\Program Files (x86)\Ge-Force
Folder: C:\Program Files (x86)\CinemaP-1.9cV09.07
File: C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-5.exe
File: C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-5.exe
C:\Program Files (x86)\CinemaP-1.9cV09.07
Folder: C:\Program Files (x86)\Sense
File: C:\Program Files (x86)\Sense\75f54a3a-df0e-4604-a974-2c6f2e36b879-5.exe
C:\Program Files (x86)\Sense
Folder: C:\Users\Václav\AppData\Local\10725
File: C:\Users\Václav\AppData\Local\10725\Updater.exe
C:\Users\Václav\AppData\Local\10725
Folder: c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}
File: c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}\setup_product_461.exe
c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}
2015-04-19 14:20 - 2015-07-09 12:14 - 0000626 _____ () C:\Users\Václav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Václav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Václav\AppData\Roaming\hMFSn6VGiEKYz
Hosts:
EmptyTemp:
End

cyklon · #7 Příspěvek od **cyklon** » 01 zář 2015 16:38

Počítač mi během téhle operace zamrzl, ale log se vytvořil. Kdyžtak řekněte, kdyby něco bylo špatně...

EDIT: Musím říct, že pozoruji změnu - textová pole ve WP už reagují

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Václav (2015-09-01 14:53:14) Run:1
Running from C:\Users\Václav\Desktop
Loaded Profiles: Václav (Available Profiles: UpdatusUser & Václav & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
File: C:\Users\Václav\AppData\Roaming\B05B5F0B-62EF-4747-8AEC-0DD229253AC5\UDP Manager\udpmgr.exe
File: C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-07] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2712542141-108017203-508658787-1002\...\Run: [Google Update] => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-02] (Google Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2712542141-108017203-508658787-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.trovi.com/?gd=&ctid=CT3324850&octid=EB_ORIGINAL_CTID&ISID=656b2c49-a9e8-4d6a-b604-d2a7ae560a58&SearchSource=55&CUI=&UM=6&UP=SP1F020B94-A19D-4B4E-99B6-B7EF4B4C9BC9&SSPV=","hxxp://www.mystartsearch.com/?type=hp&ts=1417288467&from=wpc&uid=WDCXWD7500BPVT-08HXZT3_WD-WX41A92J0791J0791","hxxp://search.gboxapp.com/"
2015-09-01 07:58 - 2015-09-01 07:59 - 00112640 _____ (forum.viry.cz) C:\Users\Václav\Desktop\FRSTLauncher.exe
2015-08-31 17:21 - 2015-08-31 17:21 - 01618432 _____ C:\Users\Václav\Desktop\adwcleaner_5.004.exe
2015-08-31 12:33 - 2015-08-31 12:33 - 00000000 ____D C:\Program Files\trend micro
2015-08-31 17:42 - 2015-07-09 15:11 - 00000000 ____D C:\AdwCleaner
Task: {7A4E6BC7-5D90-488A-81DA-731F6E9A2CC2} - System32\Tasks\PassMaster => c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\16569258-46d8-4da5-b693-90f0d23de2ce-10_user.job => C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\16569258-46d8-4da5-b693-90f0d23de2ce-5_user.job => C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\336b6588-d689-4286-a3f1-4774b0f309f8-10_user.job => C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\336b6588-d689-4286-a3f1-4774b0f309f8-5_user.job => C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\75f54a3a-df0e-4604-a974-2c6f2e36b879-5_user.job => C:\Program Files (x86)\Sense\75f54a3a-df0e-4604-a974-2c6f2e36b879-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Václav\AppData\Local\10725\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}\setup_product_461.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d090cd9440d9ad.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2712542141-108017203-508658787-1002Core.job => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2712542141-108017203-508658787-1002UA.job => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HHbcFkCQ5T6MiF5uMwrac8nu.job => C:\Users\Vý˙clav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\hMFSn6VGiEKYz.job => C:\Users\Vý˙clav\AppData\Roaming\hMFSn6VGiEKYz.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PassMaster.job => c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe <==== ATTENTION
Folder: c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}
File: c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe
c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}
Folder: C:\Program Files (x86)\Ge-Force
C:\Program Files (x86)\Ge-Force
Folder: C:\Program Files (x86)\CinemaP-1.9cV09.07
File: C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-5.exe
File: C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-5.exe
C:\Program Files (x86)\CinemaP-1.9cV09.07
Folder: C:\Program Files (x86)\Sense
File: C:\Program Files (x86)\Sense\75f54a3a-df0e-4604-a974-2c6f2e36b879-5.exe
C:\Program Files (x86)\Sense
Folder: C:\Users\Václav\AppData\Local\10725
File: C:\Users\Václav\AppData\Local\10725\Updater.exe
C:\Users\Václav\AppData\Local\10725
Folder: c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}
File: c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}\setup_product_461.exe
c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}
2015-04-19 14:20 - 2015-07-09 12:14 - 0000626 _____ () C:\Users\Václav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Václav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Václav\AppData\Roaming\hMFSn6VGiEKYz
Hosts:
EmptyTemp:
End
*****************

#8 Příspěvek od **altrok** » 01 zář 2015 19:47

Dle logu se zadna operace nevykonala. Pouzijte znovu stejny postup.

cyklon · #9 Příspěvek od **cyklon** » 02 zář 2015 07:36

Tak tedy pokus 2

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Václav (2015-09-02 08:03:25) Run:2
Running from C:\Users\Václav\Desktop
Loaded Profiles: Václav (Available Profiles: UpdatusUser & Václav & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
File: C:\Users\Václav\AppData\Roaming\B05B5F0B-62EF-4747-8AEC-0DD229253AC5\UDP Manager\udpmgr.exe
File: C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795728 2015-07-07] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2712542141-108017203-508658787-1002\...\Run: [Google Update] => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-02] (Google Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2712542141-108017203-508658787-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = 
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.trovi.com/?gd=&ctid=CT3324850&octid=EB_ORIGINAL_CTID&ISID=656b2c49-a9e8-4d6a-b604-d2a7ae560a58&SearchSource=55&CUI=&UM=6&UP=SP1F020B94-A19D-4B4E-99B6-B7EF4B4C9BC9&SSPV=","hxxp://www.mystartsearch.com/?type=hp&ts=1417288467&from=wpc&uid=WDCXWD7500BPVT-08HXZT3_WD-WX41A92J0791J0791","hxxp://search.gboxapp.com/"
2015-09-01 07:58 - 2015-09-01 07:59 - 00112640 _____ (forum.viry.cz) C:\Users\Václav\Desktop\FRSTLauncher.exe
2015-08-31 17:21 - 2015-08-31 17:21 - 01618432 _____ C:\Users\Václav\Desktop\adwcleaner_5.004.exe
2015-08-31 12:33 - 2015-08-31 12:33 - 00000000 ____D C:\Program Files\trend micro
2015-08-31 17:42 - 2015-07-09 15:11 - 00000000 ____D C:\AdwCleaner
Task: {7A4E6BC7-5D90-488A-81DA-731F6E9A2CC2} - System32\Tasks\PassMaster => c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\16569258-46d8-4da5-b693-90f0d23de2ce-10_user.job => C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\16569258-46d8-4da5-b693-90f0d23de2ce-5_user.job => C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\336b6588-d689-4286-a3f1-4774b0f309f8-10_user.job => C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\336b6588-d689-4286-a3f1-4774b0f309f8-5_user.job => C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\75f54a3a-df0e-4604-a974-2c6f2e36b879-5_user.job => C:\Program Files (x86)\Sense\75f54a3a-df0e-4604-a974-2c6f2e36b879-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AmiUpdXp.job => C:\Users\Václav\AppData\Local\10725\Updater.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}\setup_product_461.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d090cd9440d9ad.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2712542141-108017203-508658787-1002Core.job => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2712542141-108017203-508658787-1002UA.job => C:\Users\Václav\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HHbcFkCQ5T6MiF5uMwrac8nu.job => C:\Users\Vý˙clav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\hMFSn6VGiEKYz.job => C:\Users\Vý˙clav\AppData\Roaming\hMFSn6VGiEKYz.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PassMaster.job => c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe <==== ATTENTION
Folder: c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}
File: c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe
c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}
Folder: C:\Program Files (x86)\Ge-Force
C:\Program Files (x86)\Ge-Force
Folder: C:\Program Files (x86)\CinemaP-1.9cV09.07
File: C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-5.exe
File: C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-5.exe
C:\Program Files (x86)\CinemaP-1.9cV09.07
Folder: C:\Program Files (x86)\Sense
File: C:\Program Files (x86)\Sense\75f54a3a-df0e-4604-a974-2c6f2e36b879-5.exe
C:\Program Files (x86)\Sense
Folder: C:\Users\Václav\AppData\Local\10725
File: C:\Users\Václav\AppData\Local\10725\Updater.exe
C:\Users\Václav\AppData\Local\10725
Folder: c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}
File: c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}\setup_product_461.exe
c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}
2015-04-19 14:20 - 2015-07-09 12:14 - 0000626 _____ () C:\Users\Václav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Václav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Václav\AppData\Roaming\hMFSn6VGiEKYz
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.

========================= File: C:\Users\Václav\AppData\Roaming\B05B5F0B-62EF-4747-8AEC-0DD229253AC5\UDP Manager\udpmgr.exe ========================

File is digitally signed
MD5: F2D67EB6DEB0BDE3904510E16305B3AD
Creation and modification date: 2014-11-01 12:06 - 2013-08-10 02:56
Size: 2459192
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: vbc.exe
Original Name: vbc.exe
Product: Microsoft® .NET Framework
Description: Visual Basic Command Line Compiler
File Version: 12.0.20806.33440
Product Version: 12.0.20806.33440
Copyright: © Microsoft Corporation.  All rights reserved.

====== End of File: ======


========================= File: C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE ========================

File is digitally signed
MD5: 6320CA4A7C486D412D01391E202745F6
Creation and modification date: 2014-11-01 01:23 - 2011-04-24 23:01
Size: 0239488
Attributes: ----A
Company Name: SEIKO EPSON CORPORATION
Internal Name: E_WT50IC
Original Name: E_WT50IC.EXE
Product: EPSON Status Monitor 3
Description: EPSON Status Monitor 3
File Version: 7.01
Product Version: 7.01
Copyright: Copyright (C) SEIKO EPSON CORP. 2011

====== End of File: ======

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value removed successfully
HKU\S-1-5-21-2712542141-108017203-508658787-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2712542141-108017203-508658787-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}" => key removed successfully
HKCR\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
"HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => key removed successfully
"HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => key removed successfully
Chrome StartupUrls not found.
"C:\Users\Václav\Desktop\FRSTLauncher.exe" => File/Folder not found.
C:\Users\Václav\Desktop\adwcleaner_5.004.exe => moved successfully
C:\Program Files\trend micro => moved successfully
C:\AdwCleaner => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A4E6BC7-5D90-488A-81DA-731F6E9A2CC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A4E6BC7-5D90-488A-81DA-731F6E9A2CC2}" => key removed successfully
C:\WINDOWS\System32\Tasks\PassMaster => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PassMaster" => key removed successfully
C:\WINDOWS\Tasks\16569258-46d8-4da5-b693-90f0d23de2ce-10_user.job => moved successfully
C:\WINDOWS\Tasks\16569258-46d8-4da5-b693-90f0d23de2ce-5_user.job => moved successfully
C:\WINDOWS\Tasks\336b6588-d689-4286-a3f1-4774b0f309f8-10_user.job => moved successfully
C:\WINDOWS\Tasks\336b6588-d689-4286-a3f1-4774b0f309f8-5_user.job => moved successfully
C:\WINDOWS\Tasks\75f54a3a-df0e-4604-a974-2c6f2e36b879-5_user.job => moved successfully
C:\WINDOWS\Tasks\AmiUpdXp.job => moved successfully
C:\WINDOWS\Tasks\Bidaily Synchronize Task[973b].job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d090cd9440d9ad.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2712542141-108017203-508658787-1002Core.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2712542141-108017203-508658787-1002UA.job => moved successfully
C:\WINDOWS\Tasks\HHbcFkCQ5T6MiF5uMwrac8nu.job => moved successfully
C:\WINDOWS\Tasks\hMFSn6VGiEKYz.job => moved successfully
C:\WINDOWS\Tasks\PassMaster.job => moved successfully

========================= Folder: c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4} ========================

not found.

====== End of Folder: ======


========================= File: c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe ========================

"c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}\setup.exe" => not found.
====== End of File: ======

"c:\programdata\{0a586439-0f72-86b0-0a58-864390f790e4}" => File/Folder not found.

========================= Folder: C:\Program Files (x86)\Ge-Force ========================

not found.

====== End of Folder: ======

"C:\Program Files (x86)\Ge-Force" => File/Folder not found.

========================= Folder: C:\Program Files (x86)\CinemaP-1.9cV09.07 ========================

not found.

====== End of Folder: ======


========================= File: C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-5.exe ========================

"C:\Program Files (x86)\Ge-Force\16569258-46d8-4da5-b693-90f0d23de2ce-5.exe" => not found.
====== End of File: ======


========================= File: C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-5.exe ========================

"C:\Program Files (x86)\CinemaP-1.9cV09.07\336b6588-d689-4286-a3f1-4774b0f309f8-5.exe" => not found.
====== End of File: ======

"C:\Program Files (x86)\CinemaP-1.9cV09.07" => File/Folder not found.

========================= Folder: C:\Program Files (x86)\Sense ========================

not found.

====== End of Folder: ======


========================= File: C:\Program Files (x86)\Sense\75f54a3a-df0e-4604-a974-2c6f2e36b879-5.exe ========================

"C:\Program Files (x86)\Sense\75f54a3a-df0e-4604-a974-2c6f2e36b879-5.exe" => not found.
====== End of File: ======

"C:\Program Files (x86)\Sense" => File/Folder not found.

========================= Folder: C:\Users\Václav\AppData\Local\10725 ========================

2015-07-09 10:54 - 2015-07-09 10:54 - 0000001 _____ () C:\Users\Václav\AppData\Local\10725\status.cfg
2015-07-09 10:54 - 2015-07-09 11:34 - 0000791 _____ () C:\Users\Václav\AppData\Local\10725\Updater.xml

====== End of Folder: ======


========================= File: C:\Users\Václav\AppData\Local\10725\Updater.exe ========================

"C:\Users\Václav\AppData\Local\10725\Updater.exe" => not found.
====== End of File: ======

C:\Users\Václav\AppData\Local\10725 => moved successfully

========================= Folder: c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc} ========================

not found.

====== End of Folder: ======


========================= File: c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}\setup_product_461.exe ========================

"c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}\setup_product_461.exe" => not found.
====== End of File: ======

"c:\programdata\{8cddb4b7-09ea-f95b-8cdd-db4b709ed2dc}" => File/Folder not found.
C:\Users\Václav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu => moved successfully
C:\Users\Václav\AppData\Roaming\HHbcFkCQ5T6MiF5uMwrac8nu.exe => moved successfully
C:\Users\Václav\AppData\Roaming\hMFSn6VGiEKYz => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 2.4 GB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 08:05:04 ====

#10 Příspěvek od **altrok** » 02 zář 2015 08:03

Pokud to bude skrz Vase internetove pripojeni mozne, uploadnete prosim slozku C:\FRST\Quarantine na leteckaposta.cz a odkaz mi zaslete do mailu, ktery mam uveden nize.

Mel jste tam toho docela hodne - pozorujete nejake zlepseni?

Dejte jeste pro kontrolu logy FRST.txt a Addition.txt

VIRY.CZ

Prohlížeče se chovají divně

Prohlížeče se chovají divně

Re: Prohlížeče se chovají divně

Re: Prohlížeče se chovají divně

Re: Prohlížeče se chovají divně

Re: Prohlížeče se chovají divně

Re: Prohlížeče se chovají divně

Re: Prohlížeče se chovají divně

Re: Prohlížeče se chovají divně

Re: Prohlížeče se chovají divně

Re: Prohlížeče se chovají divně