nějaký viry ..

[bobik123]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 25. 9. 2015
Čas skenování: 20:03
Protokol: 7777.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.09.25.03
Databáze rootkitů: v2015.09.22.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: ASUS

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 394796
Uplynulý čas: 33 min, 16 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 6
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [e235a68e8902a29484917166679dfe02],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, , [8196f73da1ea49ede00c2a57d72d728e],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [6daa40f4bbd0181eb3623b9cd430c838],
PUP.Optional.InternetSpeedChecker.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\Internet Speed Checker-nv, , [83947fb56e1db383f20791a7b152f50b],
PUP.Optional.InternetSpeedChecker.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\Internet Speed Checker-nv-ie, , [a176a094bccf4fe7f702d86059aa51af],
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [b760072d4f3c4fe735c53ff6758e7b85],

Hodnoty registru: 4
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, , [8196f73da1ea49ede00c2a57d72d728e]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, , [d6412e060d7e0234905dc3bea85c9c64]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [b760072d4f3c4fe735c53ff6758e7b85]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, , [c255ae862a617cbaea00b2cf20e4c23e]

Data registru: 1
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[6ea9f143dead70c65dcea3d5798c40c0]

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

Tohle tam predtim nebylo Delal jste pred tim druhym testem neco?

Nalezy opet nechte odstranit a po restartu udelejte jeste jeden test. Uvidime, jestli tam zas neco bude.

[bobik123]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 25. 9. 2015
Čas skenování: 20:03
Protokol: 7777.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.09.25.03
Databáze rootkitů: v2015.09.22.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: ASUS

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 394796
Uplynulý čas: 33 min, 16 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 6
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [e235a68e8902a29484917166679dfe02],
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, , [8196f73da1ea49ede00c2a57d72d728e],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [6daa40f4bbd0181eb3623b9cd430c838],
PUP.Optional.InternetSpeedChecker.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\Internet Speed Checker-nv, , [83947fb56e1db383f20791a7b152f50b],
PUP.Optional.InternetSpeedChecker.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\Internet Speed Checker-nv-ie, , [a176a094bccf4fe7f702d86059aa51af],
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [b760072d4f3c4fe735c53ff6758e7b85],

Hodnoty registru: 4
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, , [8196f73da1ea49ede00c2a57d72d728e]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, , [d6412e060d7e0234905dc3bea85c9c64]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [b760072d4f3c4fe735c53ff6758e7b85]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, , [c255ae862a617cbaea00b2cf20e4c23e]

Data registru: 1
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[6ea9f143dead70c65dcea3d5798c40c0]

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

Zas to tam je, takze...


Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.


4)
Postupujte podle navodu kolegy

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

5)
Postupujte podle navodu kolegy

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

6) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.

Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.

[bobik123]

omylem jsem to tu hodil 2x , jo a nevymazal jsem tyto hrozby včera, zapomněl jsem na to, takže teď mám postupovat jak?

[Márty84]

Udelejte kroky 2, 4, 5 a 6. A jestli u bodu 6 nebudou nejake nove nalezy, rovnou je i smazte. Pak napiste a pojedem dale.

[bobik123]

Start - Programy - Prislusenstvi - Systemove nastroje - Obnoveni systemu

nevím jak to najít ve windows 8.1

[Márty84]

Co se zeptat strejdy googla?

Kdyz date mys doprava, vyjede ta nabidka. Kliknete na nastaveni - ovladaci panely - system - ochrana systemu - konfigurovat - zakazat ochranu systemu a potvrdit

[bobik123]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 8.1 x64
Ran by ASUS on ne 27. 09. 2015 at 20:29:49,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] saophase [Reboot required]



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FF057E0F-007F-4814-ABBD-5083D7857366}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Box Rock
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Box Rock



~~~ Files

Successfully deleted: [File] C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat



~~~ Folders



~~~ Chrome


[C:\Users\ASUS\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\ASUS\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\ASUS\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\ASUS\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 27. 09. 2015 at 20:33:40,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[bobik123]

Zoek.exe v5.0.0.0 Updated 27-09-2015
Tool run by ASUS on ne 27. 09. 2015 at 20:36:48,56.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ASUS\AppData\Local\Temp\Rar$DIa0.598\zoek.com [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-08-02-190616.log 415 bytes
C:\zoek-results2015-08-02-202722.log 19757 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\963c382f-8ddd-4cf1-9fa0-d87507a907e9 deleted successfully
C:\PROGRA~2\ba0c937c-4d5b-4ea1-8941-e9e2cff32790 deleted successfully
C:\PROGRA~2\Gabest deleted successfully
C:\PROGRA~2\Vitware deleted successfully
C:\PROGRA~2\COMMON~1\Nero deleted successfully
C:\Users\ASUS\AppData\Roaming\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\963c382f-8ddd-4cf1-9fa0-d87507a907e9 not found
C:\PROGRA~2\ba0c937c-4d5b-4ea1-8941-e9e2cff32790 not found
C:\PROGRA~2\Gabest not found
C:\PROGRA~2\Vitware not found
C:\Users\ASUS\AppData\Roaming\Aegisub deleted
C:\task.vbs deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\ASUS\AppData\Local\Unity deleted
C:\Users\ASUS\AppData\LocalLow\Unity deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\ASUS\AppData\Local\Ancode.exe.config deleted
"C:\Users\ASUS\AppData\Roaming\ccKE7KWDPeDYPanKq2PM9f" deleted
"C:\WINDOWS\tasks\ccKE7KWDPeDYPanKq2PM9f.job" deleted
"C:\WINDOWS\SysNative\tasks\ccKE7KWDPeDYPanKq2PM9f" deleted
"C:\Users\ASUS\AppData\Roaming\IisaTUcvyNpQTZEHP0tG" deleted
"C:\WINDOWS\tasks\IisaTUcvyNpQTZEHP0tG.job" deleted
"C:\WINDOWS\SysNative\tasks\IisaTUcvyNpQTZEHP0tG" deleted

==== Chromium Look ======================

Google Chrome Version: 45.0.2454.99

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01. 05. 2015 11:17]

Skype Click to Call - ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chromium Fix ======================

C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage deleted successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal deleted successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.snapdo.com_0.localstorage deleted successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.snapdo.com_0.localstorage-journal deleted successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Use Search Asst"="yes"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{060B046C-71E8-4393-B42C-F6E213AC19E1} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... arch_16194"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
{0BBA08A4-3430-4924-BBD8-987539D419CE} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_16194"
{28FB04F3-498F-4FC4-BB59-56790F44FF2C} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&so ... arch_16194"
{356A085D-E3AB-460C-A3F1-3874890869B1} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_16194"
{60CD57CE-8ED8-4F14-B488-39DCE95BEC7E} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_16194"
{78CF3F94-9144-427E-92C5-1B51230A2B0A} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_16194"
{828F1FDD-72DA-483B-9599-4F5386202733} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_16194"
{B6A4C9EB-A25A-4496-87E1-35432DD113C9} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194"

==== Reset Google Chrome ======================

C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6E365EDC-4C72-46FC-AB9D-68DAE743E85A} deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ASUS\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\ASUS\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\ASUS\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\ASUS\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=871 folders=36 218177714 bytes)

==== Empty Temp Folders ======================

C:\Users\ASUS\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\ASUS\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ne 27. 09. 2015 at 20:58:53,48 ======================

[Márty84]

Fajn, ted ten novy test s MBAM

[bobik123]

ten rychlý? xd

[Márty84]

Ano, ten bude stacit.

[bobik123]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 28. 9. 2015
Čas skenování: 14:57
Protokol: oki.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.09.28.03
Databáze rootkitů: v2015.09.22.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: ASUS

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 393970
Uplynulý čas: 33 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 2
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, , [79ca4bea0586c86e0c697e065ba9ac54],
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [82c17cb99cefb97dfa8a1b1da06331cf],

Hodnoty registru: 6
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, , [79ca4bea0586c86e0c697e065ba9ac54]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, , [75ce2f067417c472fb7b7410e32124dc]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, , [59ea989d33582c0a89ee582c38cc817f]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [82c17cb99cefb97dfa8a1b1da06331cf]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, , [4bf8e451e4a750e6561dadd7996b4bb5]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, , [f74c87ae3556fe3811635034d72d6c94]

Data registru: 7
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[b3908baa18732a0c76efdc9f91742cd4]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}),,[48fb1223d2b941f593cc8eed9d688878]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpvqjMZMi5Vt-ap3r-nQH3vbz0x9zJA2HaS43JCDjXLYAp_sPFDbslysQS_zZmSxSOvP7ArKRgobZCX9, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpvqjMZMi5Vt-ap3r-nQH3vbz0x9zJA2HaS43JCDjXLYAp_sPFDbslysQS_zZmSxSOvP7ArKRgobZCX9),,[99aaa491ddae10265d03b2c9bc4924dc]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}),,[410202337d0e0135045b5a21fc0924dc]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}),,[d370fc398902d165cb94f98255b06799]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-Tqs2OVvqpTxFp_mf8596oJ0raYPS2lBR3JnibuQMfA_mb-rAreTX0THRAcx_1LRKClLpeY_JU6b_6EXZYM7HcHroknzRy_g0JFTeO4ABl7KG_RBoXrLNFjepdC8A12ONhPdGm2_5LngoPhfswJ&q={searchTerms}),,[8fb4e352a2e99b9b4d140e6d5ea7f40c]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1447694392-248528962-4126827209-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({ielnksrch}),,[4af947eec4c758de5210f883778e9967]

Složky: 1
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons, , [9ea575c0424948ee15cdb9f90cf9fe02],

Soubory: 3
PUP.Optional.Linkury.Gen, C:\WINDOWS\SysWOW64\findit.xml, , [6bd81520a1ea55e1f6ad4962c242619f],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons\ff.HP, , [9ea575c0424948ee15cdb9f90cf9fe02],
PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Airrons\ff.NT, , [9ea575c0424948ee15cdb9f90cf9fe02],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

Nalezy nechte odstranit, pak MBAM odinstalujte.

Dejte nove logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach