Preventivka

[g11193979@trbvm.com]

Dakujem Vam vopred.

Vaše zpráva obsahuje 132945 znaků. Maximální povolený počet znaků je 100000. --> http://paste2.org/IdFJDCLM

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[g11193979@trbvm.com]

paci sa
# AdwCleaner v5.008 - Logfile created 25/09/2015 at 00:00:07
# Updated 18/09/2015 by Xplode
# Database : 2015-09-23.1 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Jozef - THINKPAD_E540
# Running from : C:\Users\Jozef\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Jozef\AppData\Local\MalwareProtectionLive

***** [ Files ] *****

[-] File Deleted : C:\Users\Jozef\AppData\Roaming\Mozilla\Firefox\Profiles\819ncvl4.default\searchplugins\yahoo_ff.xml

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[x] Key Not Deleted : HKCU\Software\AppDataLow\Software\Settings Manager
[x] Key Not Deleted : HKU\S-1-5-21-2188940044-2382974296-1840201773-1001\Software\AppDataLow\Software\Settings Manager
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-2188940044-2382974296-1840201773-1001\Software\Microsoft\Internet Explorer\Main [Start Page]

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1201 bytes] ##########
# AdwCleaner v5.015 - Logfile created 30/10/2015 at 15:36:38
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 10 Pro (x64)
# Username : Jozef - THINKPAD_E540
# Running from : C:\Users\Jozef\Desktop\adwcleaner_5.015.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : torchcrashhandler

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\torchcrashhandler
[-] Folder Deleted : C:\Users\Jozef\AppData\Local\torch
[-] Folder Deleted : C:\Users\Jozef\AppData\Local\Google\Chrome\User Data\Default\Extensions\paddiapjbnmknhhobfcjnnmhgihnpgne

***** [ Files ] *****

[-] File Deleted : C:\Users\Jozef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKCU\Software\Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
[-] Key Deleted : HKCU\Software\torch
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Settings Manager
[-] Key Deleted : HKLM\SOFTWARE\torch
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
[!] Key Not Deleted : [x64] HKCU\Software\torch
[!] Key Not Deleted : HKU\S-1-5-21-2188940044-2382974296-1840201773-1001\Software\AppDataLow\Software\Settings Manager
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-2188940044-2382974296-1840201773-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F31B3D74-87F6-48DF-9738-535189577300}
[!] Key Not Deleted : HKU\S-1-5-21-2188940044-2382974296-1840201773-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F31B3D74-87F6-48DF-9738-535189577300}

***** [ Web browsers ] *****

[-] [C:\Users\Jozef\AppData\Roaming\Mozilla\Firefox\Profiles\819ncvl4.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://fi.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=");
[-] [C:\Users\Jozef\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : paddiapjbnmknhhobfcjnnmhgihnpgne

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3755 bytes] ##########

[Rudy]

Dejte nový log RSIT.

[g11193979@trbvm.com]

http://paste2.org/PXVgKFJJ

[Rudy]

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]/64
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{432dd630-7e03-4c97-9d62-b99f52df4fc2}]/64

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

[g11193979@trbvm.com]

toto je log z otm
a toto rsit

[Rudy]

Dvouklikem na soubor C:\Program Files\trend micro\Jozef.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

[g11193979@trbvm.com]

po tychto upravach nemozem zapnut ponku start

[Rudy]

Nevím, co mají Trusted zony splečného s nabídkou start. Zkuste obnovu systému k datu, kdy korektně fungoval. Desítky jsou zkrátka nevyzpytatelné.

[g11193979@trbvm.com]

okej, Dakujem Vam

[Rudy]

Rádo se stalo!