Zavirovany laptop

[altrok]

Krasny den Vam preju


V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm

• spustte jako spravce
• do velkeho okna zkopirujte script uvedeny nize
• kliknete na Run script
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi

  Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;

[altrok]

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  Folder: C:\ProgramData\Validity
  File: C:\Windows\system32\Mystify.scr
  File: C:\ProgramData\CloudPrinter\CloudPrinter.exe
  File: C:\Users\user\AppData\Roaming\Freshtom.tst
  File: C:\Users\user\AppData\Roaming\Zenex.tst
  Folder: C:\Users\user\AppData\Local\Tempfolder
  File: C:\Windows\system32\winupd.exe
  File: C:\Windows\system32\Wimboldon.exe
  File: C:\Windows\system32\win.exe
  File: C:\Windows\system32\Mint.exe
  File: C:\Users\user\AppData\Roaming\ReukmQichif\Jeastof.exe
  HKLM-x32\...\Run: [dply_en_015020253] => [X]
  HKU\S-1-5-21-2009210261-2343647282-559151360-1002\...\Run: [yllgpa] => rundll32.exe "C:\Users\user\AppData\Local\yllgpa.dll",yllgpa <===== ATTENTION
  HKU\S-1-5-21-2009210261-2343647282-559151360-1002\...\MountPoints2: {4f66dbac-a0ac-11e4-800e-10604bdc1d7e} - "F:\NokiaPCIA_Autorun.exe" 
  AppInit_DLLs: C:\ProgramData\Konksolex\Rundonbam.dll => No File
  AppInit_DLLs-x32: C:\ProgramData\Konksolex\Quadtech.dll => No File
  SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
  S2 Konksolex; C:\ProgramData\\Konksolex\\Konksolex.exe shuz -f "C:\ProgramData\\Konksolex\\Konksolex.dat" -l -a
  C:\ProgramData\Konksolex
  R2 Gudsanru; C:\Users\user\AppData\Roaming\ReukmQichif\Jeastof.exe [125776 2016-02-29] () [File not signed]
  C:\Users\user\AppData\Roaming\ReukmQichif
  S3 AtiDCM; \??\C:\Users\user\AppData\Local\Temp\atdcm64a.sys [X]
  S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
  S3 STHDA; \SystemRoot\system32\DRIVERS\stwrt64.sys [X]
  2016-02-29 17:08 - 2016-02-29 17:08 - 00000000 ____D C:\uninst
  2016-02-29 17:05 - 2016-03-04 19:38 - 00000000 ____D C:\Program Files\shopperz290220162341
  2016-02-29 17:05 - 2016-02-29 17:05 - 00000000 ____D C:\Users\user\AppData\Roaming\ReukmQichif
  2016-03-04 19:36 - 2014-09-01 07:10 - 00000000 ____D C:\AdwCleaner
  2016-03-04 18:08 - 2014-03-14 10:55 - 00000000 ____D C:\Program Files\trend micro
  CMD: ipconfig /flushdns
  Task: {04090299-7F50-4D3C-BF9C-2A6402F0E968} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe <==== ATTENTION
  Task: {06CA4585-E982-4001-B2E9-E15D33F8BF6F} - \Balance Component -> No File <==== ATTENTION
  Task: {077924CB-C402-4235-A580-34D744AB7184} - System32\Tasks\Opewp => C:\PROGRA~1\SHOPPE~1\Cizdi.bat
  C:\PROGRA~1\SHOPPE~1
  Task: {0C755020-9C6E-44A9-8C01-3250F1DC98C8} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
  C:\Windows\system32\winupd.exe
  Task: {2439A55E-A7E5-40D6-90FA-41846A408F95} - System32\Tasks\Nedgie => C:\PROGRA~1\SHOPPE~1\Soyqbew.bat
  Task: {2F46F28D-3DCD-4593-840A-5E3B2750DF97} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe <==== ATTENTION
  C:\Windows\system32\Wimboldon.exe
  Task: {39582745-A349-4860-9CA0-8D0E1A611B7B} - System32\Tasks\{EFA80B71-E2C6-4D5A-A032-2896DC818B7E} => pcalua.exe -a C:\Users\user\Desktop\zoek\zoek.com -d C:\Users\user\Desktop\zoek
  Task: {54499370-72FC-4B77-BE4F-B2FD3B44E153} - \bvxvcxxvaf -> No File <==== ATTENTION
  Task: {9D2CA2AA-029C-49EA-9F51-68BE78FCB3CB} - System32\Tasks\{0226161A-52F5-4DA3-8A13-66689F298090} => pcalua.exe -a C:\Users\user\Desktop\zoek\zoek.scr -d C:\Users\user\Desktop\zoek -c /S
  Task: {D20E8A17-A250-47E6-B624-AD611FC3D71F} - \Tlaoudnoweet -> No File <==== ATTENTION
  Task: {D272D7FB-B501-418A-904D-E3636C2E5566} - \Punixnuifx -> No File <==== ATTENTION
  Task: {D989D97C-A7F6-47BB-9D64-D25C4705ADBE} - System32\Tasks\Emakoraw => C:\PROGRA~1\SHOPPE~1\Igohcu.bat
  Task: {F14DC18B-A123-4363-A1BD-E82D27066776} - \impo -> No File <==== ATTENTION
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  FirewallRules: [{7EA7F9A0-B377-4E78-83B1-5EBF32148F3A}] => (Allow) C:\WINDOWS\explorer.exe
  FirewallRules: [{B1FC92C4-3315-4D96-B634-FF1502768928}] => (Allow) C:\WINDOWS\system32\rundll32.exe
  FirewallRules: [{88A1CE66-6986-415E-8821-8721B993DA56}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
  FirewallRules: [{7FC6D382-1217-4A1C-A00D-FEE63AD027F4}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
  FirewallRules: [{3329D1FF-B99B-4A3A-8B77-DEE89D733869}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
  FirewallRules: [{1F166FCA-DA68-410C-900B-B8E2C9767184}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
  FirewallRules: [{1A78F0A5-B64B-4338-856C-2A350ED830F6}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
  FirewallRules: [{ADDD6F92-DD8D-4C4D-8613-06D6BAFAE836}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
  FirewallRules: [{0AF2DF27-125E-4238-BF29-7A2308183CC0}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
  FirewallRules: [{DD964D38-F054-480C-8BCB-693B5ECA56A3}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
  FirewallRules: [{D6488F88-7614-41EF-B8A3-30D3DA729E6C}] => (Allow) C:\WINDOWS\system32\rundll32.exe
  CMD: dir "C:\PROGRA~1"
  CMD: dir "C:\PROGRA~2"
  CMD: dir "C:\PROGRA~3"
  CMD: dir "%localappdata%"
  CMD: dir "%appdata%"
  Hosts:
  EmptyTemp:
  End

[altrok]

Stale je v PC hodne malwaru, takze velice doporucuji leceni dokoncit do uplneho konce.


Otestujte na virustotal.com C:\Users\user\AppData\Roaming\Freshtom.tst a C:\Users\user\AppData\Roaming\Zenex.tst - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.


Ulozte na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

• spuste dvojklikem a extrahujte na plochu
• kliknete na Next
• aktualizujte virovou databazi klikem na Update a pokracujte na Next
• vsechny 3 moznosti nechte zaskrtnute a zvolte Scan (potrva cca 20 minut)
• zatrhnete vsechny nalezy a take zkontrolujte zatrzitko u Create Restore Point
• kliknete na Cleanup a souhlaste s restartem - Yes
• obsah logu ulozene na plose v mbar\mbar-log-2015-mm-dd (hh-mm-ss).txt vlozte do pristi odpovedi

[altrok]

Postupujte dle navodu kolegy

Stahnete si TDSSKiller http://media.kaspersky.com/utilities/Vi ... killer.exe

• Po spusteni odsouhlaste licencni podminky (klik na Accept)
• Kliknete na volbu Change parametrs
• V okne Additional Option zakliknete vsechny moznosti
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

[altrok]

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

[altrok]

Nemate aktivni zadny antivir - alespon zapnete Windows Defender.


Odinstalujte starou a zranitelnou verzi javy. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit. Aktualni je 8U66. Verze Javy, ktere v PC mate nainstalovane:

• Java 7 Update 21

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  Folder: C:\Users\user\AppData\Local\Shortcut Installer
  Folder: C:\WINDOWS\system32\aoky
  Folder: C:\ProgramData\AppxelosknoK
  Folder: C:\Users\user\AppData\Local\Setup944066328
  File: C:\ProgramData\AppxelosknoK\AppxelosknoK.exe
  File: C:\PROGRA~2\AOL\AOL_HE~1.EXE
  C:\ProgramData\AppxelosknoK
  C:\ProgramData\CloudPrinter
  HKU\S-1-5-21-2009210261-2343647282-559151360-1002\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-17] (Google Inc.)
  AppInit_DLLs: C:\ProgramData\AppxelosknoK\Movetech.dll => C:\ProgramData\AppxelosknoK\Movetech.dll [363520 2016-03-08] ()
  AppInit_DLLs-x32: C:\ProgramData\AppxelosknoK\Quotetax.dll => C:\ProgramData\AppxelosknoK\Quotetax.dll [257536 2016-03-08] ()
  HKU\S-1-5-21-2009210261-2343647282-559151360-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... v44DG9Cxx0,
  HKU\S-1-5-21-2009210261-2343647282-559151360-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... KyxUSI,&q={searchTerms}
  HKU\S-1-5-21-2009210261-2343647282-559151360-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... KyxUSI,&q={searchTerms}
  HKU\S-1-5-21-2009210261-2343647282-559151360-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... KyxUSI,&q={searchTerms}
  SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
  SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... KyxUSI,&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-2009210261-2343647282-559151360-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... KyxUSI,&q={searchTerms}
  SearchScopes: HKU\S-1-5-21-2009210261-2343647282-559151360-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... KyxUSI,&q={searchTerms}
  FF NewTab: C:\\ProgramData\\AppxelosknoKs\\ff.NT
  FF Homepage: C:\\ProgramData\\AppxelosknoKs\\ff.HP
  FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\djzt7o2x.default\searchplugins\findit.xml [2016-03-09]
  FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-03] [not signed]
  FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2016-03-08] [not signed]
  CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... IdcNsY5aws,
  CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?shva=1#inbox/13d3b377bda7cb17","hxxp://bakalari.gymmost.cz/bakaweb/prehled.aspx?s=2","hxxp://www.darwiniana.cz/masozravky/forum:start","hxxp://www.searchnu.com/406?appid=484","hxxp://www1.delta-search.com/?affID=119292&tt=220413_www1&babsrc=HP_ss&mntrId=421B16E543B70157","hxxp://istart.webssearches.com/?type=hp&ts=1424181399&from=kmp&uid=HitachiXHTS547575A9E384_J2140059EWPG5AEWPG5AX","hxxp://istart.webssearches.com/?type=hppp&ts=1424181424&from=kmp&uid=HitachiXHTS547575A9E384_J2140059EWPG5AEWPG5AX","hxxp://www.delta-homes.com/?type=hp&ts=1434476281&z=1b085f3e900abe6e4735582g5z2c5z4zem8qao3bdo&from=ient06162&uid=HitachiXHTS547575A9E384_J2140059EWPG5AEWPG5AX","hxxp://www.istartsurf.com/?type=hppp&ts=1434476576&from=xtab&uid=4FE7469D149A49e4AE3EFE449E77E960"
  CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... rQAV-A,&q={searchTerms}
  CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
  CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?ou ... s&command={searchTerms}
  R2 AppxelosknoK; C:\ProgramData\\AppxelosknoK\\AppxelosknoK.exe [529408 2016-03-06] () [File not signed]
  R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [764416 2016-03-01] () [File not signed]
  S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]
  2016-03-10 21:52 - 2016-03-10 21:56 - 00441600 _____ C:\TDSSKiller.3.1.0.9_10.03.2016_21.52.01_log.txt
  2016-03-10 21:51 - 2016-03-10 21:51 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\tdsskiller.exe
  2016-03-08 16:38 - 2016-03-08 20:35 - 00000000 ____D C:\Users\user\Desktop\mbar
  2016-03-08 16:38 - 2016-03-08 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
  2016-03-08 16:38 - 2016-03-08 16:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
  2016-03-08 16:37 - 2016-03-08 16:37 - 16563352 _____ (Malwarebytes Corp.) C:\Users\user\Desktop\mbar-1.09.3.1001.exe
  2016-03-06 14:17 - 2016-03-09 15:19 - 00003626 _____ C:\WINDOWS\System32\Tasks\snp
  2016-03-06 14:17 - 2016-03-09 15:19 - 00002401 _____ C:\WINDOWS\SysWOW64\findit.xml
  2016-03-06 14:17 - 2016-03-06 14:17 - 00000000 ____D C:\ProgramData\AppxelosknoKs
  2016-03-04 20:28 - 2016-03-04 20:28 - 00000000 ____D C:\ProgramData\Validity
  2016-03-04 20:05 - 2015-12-06 07:36 - 00000000 ____D C:\ProgramData\Nico Mak Computing
  Task: {0762D7A8-844D-4142-941B-CFAFC1202770} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
  Task: {56CB206A-C116-451C-B84B-8C54239D9D6B} - System32\Tasks\win => C:\Windows\system32\win.exe
  C:\Windows\system32\win.exe
  Task: {A70FCF60-65CE-4A5F-9152-AC5A77D99A52} - System32\Tasks\SecurityApps2 => C:\Program Files (x86)\PC Optimizer\PC Optimizer\SecurityApps.exe
  Task: {AAD34274-23B2-4906-A612-D9C71FA8D54E} - System32\Tasks\snp => C:\ProgramData\AppxelosknoK\AppxelosknoK.exe [2016-03-06] () <==== ATTENTION
  Task: {BF63B5C2-E435-48B2-94FB-52C864BB9AB8} - System32\Tasks\psv_Vaialab => /c regedit.exe /s "C:\ProgramData\AppxelosknoK\Dingtone.reg" & del "C:\ProgramData\AppxelosknoK\Dingtone.reg" & SCHTASKS /Delete /TN "psv_Vaialab" /F <==== ATTENTION
  Task: {CC648FC0-3A50-49C9-A9AF-396198816C03} - System32\Tasks\import => C:\Windows\system32\Mint.exe
  C:\Windows\system32\Mint.exe
  CMD: dir "C:\PROGRA~1"
  CMD: dir "C:\PROGRA~2"
  CMD: dir "C:\PROGRA~3"
  CMD: dir "%localappdata%"
  CMD: dir "%appdata%"
  Hosts:
  EmptyTemp:
  End

[altrok]

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

[altrok]

Stahnout zdarma muzete vsechny, co znam, ale tim, ze jej chcete zdarma pouzivat po neomezenou dobu se vyber zuzil na Avast, Aviru (ve free verzi anglicky), BitDefender, AVG, ... Kouknete na srovnavaci testy, ktere tady pro vas Tatry03 shromazduje a udelejte si vlastni nazor http://forum.viry.cz/viewtopic.php?f=14 ... &start=165



Ted uz PC vypada o poznani lepe nez na zacatku, ale stale se cast haveti obnovuje.



Ulozte na plochu ESET Online Scanner kliknutim na esetsmartinstaller_csy.exe

• ulozeny esetsmartinstaller_csy.exe dvojklikem spustte
• zaskrtnete Ano, souhlasim s podminkami uziti a kliknete na Spustit
• vyberte moznost Povolit detekci nechtenych aplikaci
• rozkliknete moznost Rozsirene nastaveni a
  • zruste zatrzitko u volby Odstranit nalezene infiltrace
  • ponechte zatrhnutou moznost Pouzit technologii Anti-Stealth
• kliknete na Kontrola, cimz se spusti az nekolikahodinovy sken
• po dokonceni skenu kliknete na Seznam nalezenych infiltraci (v pripade zadneho nalezu log nevytvorite)
• kliknete na Ulozit do textoveho souboru, log pojmenujte jako ESETlog a ulozte na plochu
• obsah logu vlozte do pristi odpovedi
• kliknete na << Zpet a zatrhnete moznost Odinstalovat
• klikem na Dokoncit ESET Online Scanner zavrete.

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... IdcNsY5aws,
  CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?shva=1#inbox/13d3b377bda7cb17","hxxp://bakalari.gymmost.cz/bakaweb/prehled.aspx?s=2","hxxp://www.darwiniana.cz/masozravky/forum:start","hxxp://www.searchnu.com/406?appid=484","hxxp://www1.delta-search.com/?affID=119292&tt=220413_www1&babsrc=HP_ss&mntrId=421B16E543B70157","hxxp://istart.webssearches.com/?type=hp&ts=1424181399&from=kmp&uid=HitachiXHTS547575A9E384_J2140059EWPG5AEWPG5AX","hxxp://istart.webssearches.com/?type=hppp&ts=1424181424&from=kmp&uid=HitachiXHTS547575A9E384_J2140059EWPG5AEWPG5AX","hxxp://www.delta-homes.com/?type=hp&ts=1434476281&z=1b085f3e900abe6e4735582g5z2c5z4zem8qao3bdo&from=ient06162&uid=HitachiXHTS547575A9E384_J2140059EWPG5AEWPG5AX","hxxp://www.istartsurf.com/?type=hppp&ts=1434476576&from=xtab&uid=4FE7469D149A49e4AE3EFE449E77E960"
  CHR DefaultSearchKeyword: Default -> pa
  2016-03-12 09:01 - 2016-03-12 09:01 - 00003292 _____ C:\WINDOWS\System32\Tasks\psv_CofSaodom
  2016-03-01 16:27 - 2016-03-01 16:27 - 1895432 _____ () C:\Users\user\AppData\Roaming\Freshtom.tst
  2016-03-01 16:27 - 2016-03-01 16:27 - 0072857 _____ () C:\Users\user\AppData\Roaming\Zenex.tst
  2016-03-01 16:26 - 2016-03-01 16:26 - 0127488 _____ () C:\Users\user\AppData\Roaming\Installer.dat
  2016-03-01 16:27 - 2016-03-01 16:27 - 0126464 _____ () C:\Users\user\AppData\Roaming\lobby.dat
  2016-03-01 16:27 - 2016-03-01 16:27 - 0018432 _____ () C:\Users\user\AppData\Roaming\Main.dat
  Task: {C303846A-65A0-44E1-8988-76D160519B90} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
  Task: {EAB19A2B-AD04-4860-8D60-C87059AC83D7} - System32\Tasks\psv_CofSaodom => /c regedit.exe /s "C:\ProgramData\AppxelosknoK\Dongtough.reg" & del "C:\ProgramData\AppxelosknoK\Dongtough.reg" & SCHTASKS /Delete /TN "psv_CofSaodom" /F <==== ATTENTION
  C:\ProgramData\AppxelosknoK
  ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
  ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
  End

[altrok]

Jake problemy na PC pozorujete ted?


Dejte nove logy z FRST - pred zacatkem skenu navic zatrhnete List BCD, Shortcut.txt a Addition.txt. Vsechny tri vysledne logy vlozte do pristich odpovedi (FRST.txt, Addition.txt i Shortcut.txt).

[altrok]

Nemate zac


Jedina havet, ktera se obnovuje, je v prohlizeci Google Chrome

Kód: Vybrat vše

CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... IdcNsY5aws,
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?shva=1#inbox/13d3b377bda7cb17","hxxp://bakalari.gymmost.cz/bakaweb/prehled.aspx?s=2","hxxp://www.darwiniana.cz/masozravky/forum:start","hxxp://www.searchnu.com/406?appid=484","hxxp://www1.delta-search.com/?affID=119292&tt=220413_www1&babsrc=HP_ss&mntrId=421B16E543B70157","hxxp://istart.webssearches.com/?type=hp&ts=1424181399&from=kmp&uid=HitachiXHTS547575A9E384_J2140059EWPG5AEWPG5AX","hxxp://istart.webssearches.com/?type=hppp&ts=1424181424&from=kmp&uid=HitachiXHTS547575A9E384_J2140059EWPG5AEWPG5AX","hxxp://www.delta-homes.com/?type=hp&ts=1434476281&z=1b085f3e900abe6e4735582g5z2c5z4zem8qao3bdo&from=ient06162&uid=HitachiXHTS547575A9E384_J2140059EWPG5AEWPG5AX","hxxp://www.istartsurf.com/?type=hppp&ts=1434476576&from=xtab&uid=4FE7469D149A49e4AE3EFE449E77E960"
CHR DefaultSearchKeyword: Default -> pa

a dale mate v Chromu hodne rozsireni (extensions), ale nedari se mi zjistit, ktere by to mohlo mit na svedomi, proto doporucuji zazalohovat zalozky a hesla napr. pomoci http://www.stahuj.centrum.cz/internet_a ... me-backup/ , pote Chrome odinstalovat vcetne profilu a nanovo nainstalovat (ze zalohy obnovit pouze zalozky a hesla).


Ve zbytku logu jiz zadny malware nevidim, takze navrhuji zaverecny uklid pouzitych utilit

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run