prosím o kontrolu

[karelnazachode]

Dobrý den, prosím o kontrolu logu. Pravděpodobně jsem při stahování jiných souborů získal i malware. Projevuje se to tak, že mám všude reklamy, původně i na normální ploše. Teď mi přesměrovávají reklamy skoro každou stránku. Děkuji Vám za pomoc!

Jelikož ten log.txt má asi 350 000 znaků a nejde vložit ani jako příloha, s dovolením pošlu odkaz na pastebin
http://pastebin.com/Rf2xDmt6

[JaRon]

ahoj
vykonaj oba kroky http://forum.viry.cz/viewtopic.php?f=30 ... k#p1451290

[karelnazachode]

Dobře, díky. Takže ten první log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 8.1 Pro x64
Ran by Ladik (Administrator) on po 20. 06. 2016 at 9:14:55,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 13

Failed to delete: C:\Program Files (x86)\mpc cleaner (Folder)
Successfully deleted: C:\Users\Ladik\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Ladik\AppData\Roaming\Mozilla\Firefox\Profiles\gqhegdhd.default\searchplugins\smod.xml (File)
Successfully deleted: C:\Users\Ladik\AppData\Roaming\nico mak computing (Folder)
Successfully deleted: C:\Windows\prefetch\DRIVERQUERY.EXE-DF9DD6EE.pf (File)
Successfully repaired: C:\ProgramData\Microsoft\windows\Start Menu\Programs\Google Chrome.lnk (Shortcut)
Successfully repaired: C:\ProgramData\Microsoft\windows\Start Menu\Programs\Mozilla Firefox.lnk (Shortcut)
Successfully repaired: C:\Users\Ladik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk (Shortcut)
Successfully repaired: C:\Users\Ladik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk (Shortcut)
Successfully repaired: C:\Users\Ladik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk (Shortcut)
Successfully repaired: C:\Users\Ladik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk (Shortcut)
Successfully repaired: C:\Users\Ladik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (Shortcut)
Successfully repaired: C:\Users\Public\Desktop\Google Chrome.lnk (Shortcut)

Deleted the following from C:\Users\Ladik\AppData\Roaming\Mozilla\Firefox\Profiles\gqhegdhd.default\prefs.js
user_pref(browser.search.defaultenginename, hohosearch);
user_pref(browser.search.searchengine.hp, hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBXAnC30oAU..&v=20160615&uid=CAE8E0FF07876F453A8EF6C28B403B47&ptid=csdi&mode=loadm);
user_pref(browser.search.searchengine.sp, hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?mode=ffsengext&ptid=csdi&q={searchTerms}&ts=AHEqBXAnC30oAU..&uid=CAE8E0FF07876F453
user_pref(browser.search.searchengine.uid, CAE8E0FF07876F453A8EF6C28B403B47);
user_pref(browser.search.searchengine.url, hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?mode=ffsengext&ptid=csdi&q={searchTerms}&ts=AHEqBXAnC30oAU..&uid=CAE8E0FF07876F45
user_pref(browser.search.selectedEngine, hohosearch);
user_pref(browser.startup.homepage, search.mpc.am);
user_pref(browser.urlbar.suggest.searches, true);



Registry: 1

Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\MPCKpt (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 20. 06. 2016 at 9:16:33,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[karelnazachode]

No, rad bych pridal i ten druhy log, ale nemohu. Nejprve jsem ten zoek spustil a on se zastavil na jednom bode. Celkem ten test trval asi dve a pul hodiny, ale bez konecneho vysledku. Tak jsem to spustil znovu a tentokrat jsem na pocitaci nebo na internetu vubec nic nedelal. A po hodine a pul se ten test zastavil na velmi podobnem miste (Firefox Extensions, tam uz to ceka hodinu dvacet). Nejake tipy, prosim?

[JaRon]

spust s príkazového riadku:

RD /S /Q C:\Program Files (x86)\mpc cleaner

po restarte vloz aktualny log FRST

[karelnazachode]

Když to tam vložím, píše to, že:
Systém nemůže nalézt uvedený soubor.
Systém nemůže nalézt uvedený soubor.
Systém nemůže nalézt uvedenou cestu.
Systém nemůže nalézt uvedený soubor.

[JaRon]

mozno sa niektorej utilite uz podarilo zmatka zmazat
vloz log FRST - zajtra pozriem

[karelnazachode]

A když mi ta stránka, kde si mohu stáhnout FRSTLauncher ( http://vyosek.ic.cz/pro_usery/FRSTLauncher.exe ) hlásí, že nefunguje (503 Service Temporarily Unavailable), tak mám kromě čekání dělat co?

[JaRon]

pouzi len FRST

[karelnazachode]

Tady posílám ten FRST. Koukám, že se tam objevují i německé termíny, protože mám Windows v němčině, ale tak to snad nevadí. Když tak se pocvičíte

[JaRon]

Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start

2016-06-19 14:54 - 2016-06-20 09:15 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
C:\Users\Ladik\AppData\Local\Temp\1JJYX23LJG.exe
C:\Users\Ladik\AppData\Local\Temp\2sdIGbu20w.exe
C:\Users\Ladik\AppData\Local\Temp\2Y3VIU1IWX.exe
C:\Users\Ladik\AppData\Local\Temp\3D68.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\6woYUAvDaI.exe
C:\Users\Ladik\AppData\Local\Temp\7za.exe
C:\Users\Ladik\AppData\Local\Temp\957E.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\9CE.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\9sS08BmilE.exe
C:\Users\Ladik\AppData\Local\Temp\A97C.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\AMS1WLVMHD.exe
C:\Users\Ladik\AppData\Local\Temp\C352.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\CF5E.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\DaS_21.exe
C:\Users\Ladik\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Ladik\AppData\Local\Temp\L0Wb0DMFkh.exe
C:\Users\Ladik\AppData\Local\Temp\libeay32.dll
C:\Users\Ladik\AppData\Local\Temp\msvcr120.dll
C:\Users\Ladik\AppData\Local\Temp\nsdE15F.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\nsq4260.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\PEVZ.EXE
C:\Users\Ladik\AppData\Local\Temp\remove.exe
C:\Users\Ladik\AppData\Local\Temp\SecuExp.exe
C:\Users\Ladik\AppData\Local\Temp\sed.exe
C:\Users\Ladik\AppData\Local\Temp\shortcut.exe
C:\Users\Ladik\AppData\Local\Temp\SQDNZMN6PK.exe
C:\Users\Ladik\AppData\Local\Temp\swreg.exe
C:\Users\Ladik\AppData\Local\Temp\swxcacls.exe
C:\Users\Ladik\AppData\Local\Temp\uninst.exe
C:\Users\Ladik\AppData\Local\Temp\XNR3BT4WA2.exe
C:\Users\Ladik\AppData\Local\Temp\ZBDHI0T1DQ.exe
C:\Users\Ladik\AppData\Local\Temp\{A2E9B79C-E95A-40AF-8C98-EE7073D7BC55}.exe
C:\Users\Ladik\AppData\Local\Temp\{DC394143-97F8-4353-AFB6-01027FF01550}.exe
R1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
S2 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X]
HKLM-x32\...\Run: [sun21] => [X]
HKLM\...\Run: [gplyra] => C:\Users\Ladik\AppData\Roaming\gplyra\gplyra.exe


EmptyTemp:
Reboot:
End

•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[karelnazachode]

Děkuji, doufám, že je to tohle...

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
durchgeführt von Ladik (2016-06-21 08:57:58) Run:2
Gestartet von C:\Users\Ladik\Desktop
Geladene Profile: Ladik (Verfügbare Profile: Ladik)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start

2016-06-19 14:54 - 2016-06-20 09:15 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
C:\Users\Ladik\AppData\Local\Temp\1JJYX23LJG.exe
C:\Users\Ladik\AppData\Local\Temp\2sdIGbu20w.exe
C:\Users\Ladik\AppData\Local\Temp\2Y3VIU1IWX.exe
C:\Users\Ladik\AppData\Local\Temp\3D68.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\6woYUAvDaI.exe
C:\Users\Ladik\AppData\Local\Temp\7za.exe
C:\Users\Ladik\AppData\Local\Temp\957E.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\9CE.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\9sS08BmilE.exe
C:\Users\Ladik\AppData\Local\Temp\A97C.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\AMS1WLVMHD.exe
C:\Users\Ladik\AppData\Local\Temp\C352.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\CF5E.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\DaS_21.exe
C:\Users\Ladik\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Ladik\AppData\Local\Temp\L0Wb0DMFkh.exe
C:\Users\Ladik\AppData\Local\Temp\libeay32.dll
C:\Users\Ladik\AppData\Local\Temp\msvcr120.dll
C:\Users\Ladik\AppData\Local\Temp\nsdE15F.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\nsq4260.tmp.exe
C:\Users\Ladik\AppData\Local\Temp\PEVZ.EXE
C:\Users\Ladik\AppData\Local\Temp\remove.exe
C:\Users\Ladik\AppData\Local\Temp\SecuExp.exe
C:\Users\Ladik\AppData\Local\Temp\sed.exe
C:\Users\Ladik\AppData\Local\Temp\shortcut.exe
C:\Users\Ladik\AppData\Local\Temp\SQDNZMN6PK.exe
C:\Users\Ladik\AppData\Local\Temp\swreg.exe
C:\Users\Ladik\AppData\Local\Temp\swxcacls.exe
C:\Users\Ladik\AppData\Local\Temp\uninst.exe
C:\Users\Ladik\AppData\Local\Temp\XNR3BT4WA2.exe
C:\Users\Ladik\AppData\Local\Temp\ZBDHI0T1DQ.exe
C:\Users\Ladik\AppData\Local\Temp\{A2E9B79C-E95A-40AF-8C98-EE7073D7BC55}.exe
C:\Users\Ladik\AppData\Local\Temp\{DC394143-97F8-4353-AFB6-01027FF01550}.exe
R1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
S2 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X]
HKLM-x32\...\Run: [sun21] => [X]
HKLM\...\Run: [gplyra] => C:\Users\Ladik\AppData\Roaming\gplyra\gplyra.exe


EmptyTemp:
Reboot:
End

*****************


"C:\Program Files (x86)\MPC Cleaner" Ordner verschieben:

Konnte nicht verschoben werden "C:\Program Files (x86)\MPC Cleaner" => ist geplant bei Neustart verschoben zu werden.

"C:\Users\Ladik\AppData\Local\Temp\1JJYX23LJG.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\2sdIGbu20w.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\2Y3VIU1IWX.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\3D68.tmp.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\6woYUAvDaI.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\7za.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\957E.tmp.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\9CE.tmp.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\9sS08BmilE.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\A97C.tmp.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\AMS1WLVMHD.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\C352.tmp.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\CF5E.tmp.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\DaS_21.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\drm_dialogs.dll" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\L0Wb0DMFkh.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\libeay32.dll" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\msvcr120.dll" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\nsdE15F.tmp.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\nsq4260.tmp.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\PEVZ.EXE" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\remove.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\SecuExp.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\sed.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\shortcut.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\SQDNZMN6PK.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\swreg.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\swxcacls.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\uninst.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\XNR3BT4WA2.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\ZBDHI0T1DQ.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\{A2E9B79C-E95A-40AF-8C98-EE7073D7BC55}.exe" => nicht gefunden.
"C:\Users\Ladik\AppData\Local\Temp\{DC394143-97F8-4353-AFB6-01027FF01550}.exe" => nicht gefunden.
MPCKpt => Dienst konnte nicht gestoppt werden.
MPCKpt => Dienst konnte nicht entfernt werden
MPCProtectService => Dienst konnte nicht entfernt werden
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun21 => Wert nicht gefunden.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gplyra => Wert nicht gefunden.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3152744 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 36973133 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Ladik => 214457894 B

RecycleBin => 1225899 B
EmptyTemp: => 252 MB temporäre Dateien entfernt.

================================

Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 2016-06-21 09:01:32)

"C:\Program Files (x86)\MPC Cleaner" => Konnte nicht verschoben werden

==== Ende von Fixlog 09:01:35 ====

[JaRon]

vycisti PC s MBAM

[karelnazachode]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 21. 6. 2016
Čas skenování: 9:20
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.06.21.01
Databáze rootkitů: v2016.05.27.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Ladik

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 554617
Uplynulý čas: 4 hod, 17 min, 59 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 33
PUP.Optional.HohoSearch, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ReujosestogleCmmS, , [30656d92079263d39ce8be27827f768a],
PUP.Optional.YesSearches, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PraoshnodifierService, , [3362e31c8d0ca6903027ca1b43be1fe1],
PUP.Optional.Youndoo, HKLM\SOFTWARE\CLASSES\CLSID\{6710C780-E20E-4C49-A87D-321850ED3D7C}, , [167fb44b25748da9448885e450b22ad6],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\CLASSES\CLSID\{98C066AB-D735-4339-9E52-A34875141B56}, , [1c79f20d3762ea4c08863c5535cd2dd3],
PUP.Optional.BrowserAir, HKLM\SOFTWARE\BrowserAir, , [5c3928d745540f271cef7b566d9515eb],
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, , [8015a35c633610263dc8e90b768d5da3],
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASAPI32, , [bed7f00f584193a361ccd025aa5904fc],
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASMANCS, , [8c0919e61386fa3c43ea1cd97e85c040],
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\TRACING\otutnetwork_RASAPI32, , [0b8ad629c5d45ed8dd11eb09d82bb749],
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\TRACING\otutnetwork_RASMANCS, , [6e27d42b7e1bbe78915daf45966daa56],
PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASAPI32, , [385ded1231683afc2478659231d2c23e],
PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASMANCS, , [2b6aab54168393a39a029661aa596b95],
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{168CF531-C137-4A84-88E2-55C7402CDA68}, , [8f069d621188013527f1668b6d96cb35],
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{16B05D4E-6775-45AD-BE0D-307D97EA76D5}, , [6530ad52257476c09c89747546bdf010],
PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{84327A89-54F0-46E9-872B-9E40120EFAC0}, , [5b3af00f069335019936dce6976b8c74],
PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AE11C9B4-8780-42A5-B93B-054530443A39}, , [890c748b5544b086834d873b9d65649c],
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2B4F671-B35A-4F29-80C4-5CD1A0C8AEE8}, , [098cb74879207fb7bf65e50419ead729],
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IBUpd2, , [0e879c6330699c9aae4109d506fdfd03],
PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Praosh Nodifier, , [6a2bb946a5f42a0c0ac7d1f1b44e0bf5],
PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Reujosestogle Community, , [cbca609fe1b89e984c867f43ed15b64a],
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, , [bbda44bb0099b97d88835d9a3ec546ba],
PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\INFO, , [573ee718f1a8cf674d5f06b3649fab55],
PUP.Optional.BrowserAir, HKLM\SOFTWARE\WOW6432NODE\BrowserAir, , [c2d3f10ef1a8ef4757b4b31e39c90cf4],
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, , [efa6ae512c6d68cee71e9a5a21e2e21e],
PUP.Optional.BrowserAir, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\BrowserAir.exe, , [9ef7a956d0c9c076b658349d2ad8b749],
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC, , [8b0a748b8019af8790248c5e09fae917],
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKPT, , [98fd916e80192610565fa347d62d768a],
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCPROTECTSERVICE, , [8c0956a99affa4921679bc2fb152ee12],
PUP.Optional.BrowserAir, HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\SOFTWARE\BrowserAir, , [bbda7c83dfba79bd7eabb121e61da15f],
PUP.Optional.WizzCaster, HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\SOFTWARE\WindowsScreenManager, , [464f7e811782d1658b10985fcb387888],
PUP.Optional.BrowserAir, HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\SOFTWARE\CLIENTS\STARTMENUINTERNET\BrowserAir.MOBI32RCIMCYE7AKAX657TEE4I, , [5b3afb045d3c71c59e25e6d6c043b34d],
PUP.Optional.BrowserAir, HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\BrowserAir.exe, , [bbda8d72fe9be74fb6fe9537a063d729],
PUP.Optional.BrowserAir, HKU\S-1-5-21-1478414814-3749218601-3539646535-1001_Classes\BrowserAir.MOBI32RCIMCYE7AKAX657TEE4I, , [6d289c637c1db77f9f377d5531d2857b],

Hodnoty registru: 14
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{168CF531-C137-4A84-88E2-55C7402CDA68}|Path, \SMW_P, , [8f069d621188013527f1668b6d96cb35]
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{16B05D4E-6775-45AD-BE0D-307D97EA76D5}|Path, \IBUpd, , [6530ad52257476c09c89747546bdf010]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{84327A89-54F0-46E9-872B-9E40120EFAC0}|Path, \Praosh Nodifier, , [5b3af00f069335019936dce6976b8c74]
PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AE11C9B4-8780-42A5-B93B-054530443A39}|Path, \Reujosestogle Community, , [890c748b5544b086834d873b9d65649c]
PUP.Optional.MyBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D2B4F671-B35A-4F29-80C4-5CD1A0C8AEE8}|Path, \IBUpd2, , [098cb74879207fb7bf65e50419ead729]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, http://d2ucfwpxlh3zh3.cloudfront.net/?t ... =ffsengext, , [bbda44bb0099b97d88835d9a3ec546ba]
PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, http://d2ucfwpxlh3zh3.cloudfront.net/?t ... =ffsengext, , [1580e9160594f44224e7d22553b056aa]
PUP.Optional.Goobzo, HKLM\SOFTWARE\SEARCHMODULE\INFO|Aff, g6jzcsdbl0bq,ebc097c5-ff65-4b38-9d50-c2a60ca003b3,, , [573ee718f1a8cf674d5f06b3649fab55]
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC|Location, C:\Program Files (x86)\MPC Cleaner, , [8b0a748b8019af8790248c5e09fae917]
Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{F894A9B6-BE39-4B8F-BC84-F306A4A89C4E}|AutoConfigUrl, http://un-stop.info/wpad.dat?503ff41c70 ... e011876124, , [dcb969969bfec2744bb46c56bd45e21e]
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKPT|Description, MPC Driver, , [98fd916e80192610565fa347d62d768a]
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCPROTECTSERVICE|ImagePath, "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe", , [8c0956a99affa4921679bc2fb152ee12]
PUP.Optional.BrowserAir, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{02E38A21-8D45-4A62-9600-A798011E5C24}, v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Ladik\AppData\Local\BrowserAir\Application\BrowserAir.exe|Name=BrowserAir (mDNS-In)|Desc=Inbound rule for BrowserAir to allow mDNS traffic.|EmbedCtxt=BrowserAir|, , [7322de218118082e4e3a687ee122817f]
PUP.Optional.BrowserAir, HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\SOFTWARE\REGISTEREDAPPLICATIONS|BrowserAir.MOBI32RCIMCYE7AKAX657TEE4I, Software\Clients\StartMenuInternet\BrowserAir.MOBI32RCIMCYE7AKAX657TEE4I\Capabilities, , [257018e72277e452d5283aaf8b78e41c]

Data registru: 2
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www-searching.com/?pid=s&s=G6Jzc ... prd=set_ie, Dobré: (www.google.com), Špatné: (http://www-searching.com/?pid=s&s=G6Jzc ... prd=set_ie),,[128349b6efaadc5a8120bfa85da7b749]
PUP.Optional.Search.ShrtCln, HKU\S-1-5-21-1478414814-3749218601-3539646535-1001\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www-searching.com/?pid=s&s=G6Jzc ... prd=set_ie, Dobré: (www.google.com), Špatné: (http://www-searching.com/?pid=s&s=G6Jzc ... prd=set_ie),,[b2e3a05f8316989ebee3580f7391e51b]

Složky: 6
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo, , [a1f412edeeab191df3275a67a959f907],
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate, , [a1f412edeeab191df3275a67a959f907],
PUP.Optional.VBates, C:\Users\Ladik\AppData\LocalLow006C26E8, , [167f59a68c0d191dfd9bdae8e31f9b65],
PUP.Optional.VBates, C:\Users\Ladik\AppData\LocalLow00000098AB9A9A78, , [0d88679898011d19b2e76e54659ddc24],
PUP.Optional.YesSearches, C:\Program Files (x86)\Praosh, , [a0f559a624750c2ab7f530924eb4b050],
PUP.Optional.YesSearches, C:\Program Files (x86)\Reujosestogle, , [bbda01fe14855bdb436ca91903ff9070],

Soubory: 52
PUP.Optional.HohoSearch, C:\Program Files (x86)\Reujosestogle\ReujosestogleCmmS.xhtm5, , [30656d92079263d39ce8be27827f768a],
PUP.Optional.YesSearches, C:\Program Files (x86)\Praosh\PraoshnodifierService.html5, , [3362e31c8d0ca6903027ca1b43be1fe1],
PUP.Optional.OpenCandy, F:\Downloads\GOMPLAYERENSETUP.EXE, , [abeaa15ebddcc96d7801136ebe468080],
Trojan.Dropper, F:\Hry\CS 1.6\SierraUp.exe, , [4e475ba4d2c745f1683d02dbbc453ac6],
PUP.Optional.Tuto4PC, C:\AdwCleaner\FileQuarantine\C\Program Files\Caster\Uninstaller.exe.vir, , [f69fef108d0cdd597b670bdc9e63e020],
PUP.Optional.Tuto4PC, C:\AdwCleaner\FileQuarantine\C\Program Files\Caster\wizzcaster.exe.vir, , [73229e61a6f341f5a84e8f5610f150b0],
PUP.Optional.SearchModule, C:\AdwCleaner\FileQuarantine\C\Program Files\Common Files\Noobzo\GNUpdate\smci32.dll.vir, , [4c495ea195041c1aff9cf2c210f1ca36],
PUP.Optional.Tuto4PC, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Hostify\uninstaller.exe.vir, , [cfc650af3267bb7bbb27bc2bf01114ec],
PUP.Optional.CSDI, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Max Driver Updater\isxdl.dll.vir, , [3c590ff0d8c17cba6f4e0b83a262f60a],
PUP.Optional.Tuto4PC, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Max Driver Updater\uninstaller.exe.vir, , [1e7739c677221a1ca73bda0d7190e719],
PUP.Optional.Tuto4PC, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\Max Driver Updater\wizzcaster.exe.vir, , [5045eb14851463d3966031b41de4b14f],
PUP.Optional.QuickSearch, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\QuickSearch\uninstall.exe.vir, , [801512eda2f742f4f8fe488b05fcad53],
PUP.Optional.Komodia, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\QuickSearch\zdinstaller.exe.vir, , [7c19e41bcecb5dd9a8c1d3cbf30e4ab6],
PUP.Optional.Komodia, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\QuickSearch\zdwfp.sys.vir, , [8114a8572277bb7bfb6ecad4bc45a858],
PUP.Optional.Komodia, C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\QuickSearch\zdwfp64.sys.vir, , [bed7f40ba6f3ea4cafbaa4fac8394bb5],
Rootkit.Agent, C:\AdwCleaner\FileQuarantine\C\Windows\SysNative\drivers\cherimoya.sys.vir, , [870ea35c534696a0b413854611f0867a],
PUP.Optional.Komodia, C:\AdwCleaner\FileQuarantine\C\Windows\SysNative\drivers\zdwfp64.sys.vir, , [286d14eb752493a33534405ed72a26da],
Trojan.FilePatch.DNSApi, C:\AdwCleaner\FileQuarantine\C\Windows\System32\dnsapi.dll.vir, , [dbba2ed15f3a48ee3f4450b09e62669a],
Trojan.FilePatch.DNSApi, C:\AdwCleaner\FileQuarantine\C\Windows\SysWOW64\dnsapi.dll.vir, , [dfb618e769308fa7562ee41c13ed50b0],
PUP.Optional.Tuto4PC, C:\FRST\Quarantine\C\Users\Ladik\AppData\Local\Temp\1JJYX23LJG.exe.xBAD, , [d0c58976abee7abc26bc0ed9a35e8080],
PUP.Optional.WizzCaster, C:\FRST\Quarantine\C\Users\Ladik\AppData\Local\Temp\2Y3VIU1IWX.exe.xBAD, , [771e679885141620b3c25a31dc282bd5],
PUP.Optional.MusicManager, C:\FRST\Quarantine\C\Users\Ladik\AppData\Local\Temp\6woYUAvDaI.exe.xBAD, , [8c09c83750498babe4f17ede2bd5e11f],
PUP.Optional.Tuto4PC, C:\FRST\Quarantine\C\Users\Ladik\AppData\Local\Temp\9sS08BmilE.exe.xBAD, , [a7eeff00e7b2f93d4b977671e02117e9],
PUP.Optional.Tuto4PC, C:\FRST\Quarantine\C\Users\Ladik\AppData\Local\Temp\AMS1WLVMHD.exe.xBAD, , [3a5b639c4158d16538aae502e51cfa06],
PUP.Optional.CSDI, C:\FRST\Quarantine\C\Users\Ladik\AppData\Local\Temp\SQDNZMN6PK.exe.xBAD, , [880df70878212313219c7717bd47cc34],
PUP.Optional.Tuto4PC, C:\FRST\Quarantine\C\Users\Ladik\AppData\Local\Temp\XNR3BT4WA2.exe.xBAD, , [078e807fbfda36008b578f5824dd01ff],
PUP.Optional.SearchModule, C:\Program Files\Common Files\Noobzo\GNUpdate\smci32.dll, , [4550b04f51488ea8ff9c10a4fb0636ca],
PUP.Optional.Tuto4PC, C:\Program Files (x86)\mpck\uninstaller.exe, , [3d586f903960e94d29b918cf768b956b],
PUP.Optional.YesSearches, C:\Program Files (x86)\Praosh\PraoshnodifierTask.exe, , [6d28f50aa5f445f14c0b5e876b9623dd],
PUP.Optional.HohoSearch, C:\Program Files (x86)\Reujosestogle\ReujosestogleCmmTes.exe, , [91044bb437622d093b4992533ac721df],
PUP.Optional.WizzCaster, C:\Users\Ladik\AppData\Roaming\R8hvl\uninstaller.exe, , [a1f4c639b6e35dd97203315a32d231cf],
PUP.Optional.WizzCaster, C:\Users\Ladik\AppData\Roaming\R8hvl\windows screen manager.exe, , [128325da8118999dd2a35c2f60a427d9],
PUP.Optional.YesSearches, C:\Windows\System32\Tasks\Praosh Nodifier, , [2b6ae41bb3e687af3a91329041c1629e],
PUP.Optional.YesSearches, C:\Windows\System32\Tasks\Reujosestogle Community, , [672e996634656ec807c5358db34fc739],
PUP.Optional.FakeIELaunch, C:\Users\Ladik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, , [8015a45b752447ef43f5ae0de41fce32],
PUP.Optional.MyBrowser, C:\Windows\System32\Tasks\IBUpd2, , [c6cfbb4417822f07d914538bc43f7b85],
PUP.Optional.ProntSpooler, C:\Users\Ladik\AppData\Local\Apps\2.0\abril.exe, , [a2f3629d1c7dfd39d6f0ed0458abd729],
PUP.Optional.ProntSpooler, C:\Users\Ladik\AppData\Local\Apps\2.0\abril.InstallLog, , [e1b44ab5e1b8dc5afdc97c755aa904fc],
PUP.Optional.ProntSpooler, C:\Users\Ladik\AppData\Local\Apps\2.0\abril.InstallState, , [c0d57986a8f11b1b20a67a77ef144fb1],
PUP.Optional.ProntSpooler, C:\Users\Ladik\AppData\Local\Apps\2.0\abril.stt, , [2570c6390693d95d35916c8508fb2cd4],
PUP.Optional.GsearchFinder, C:\Users\Ladik\AppData\Roaming\Profiles\yzzfdyu4.default\extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi, , [f2a3d8277920d36320c8bd3958ab8080],
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate\smi32.exe, , [a1f412edeeab191df3275a67a959f907],
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate\smi64.exe, , [a1f412edeeab191df3275a67a959f907],
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys, , [a1f412edeeab191df3275a67a959f907],
PUP.Optional.VBates, C:\Users\Ladik\AppData\LocalLow006C26E8\006BD5E0, , [167f59a68c0d191dfd9bdae8e31f9b65],
PUP.Optional.VBates, C:\Users\Ladik\AppData\LocalLow00000098AB9A9A78\00000098AB9FA5D8, , [0d88679898011d19b2e76e54659ddc24],
PUP.Optional.Linkury.ACMB1, C:\Users\Ladik\AppData\Roaming\InstallationConfiguration.xml, , [abea3bc44356280e1b92266d25dfdb25],
PUP.Optional.HohoSearch, C:\Users\Ladik\AppData\Roaming\Mozilla\Firefox\Profiles\gqhegdhd.default\searchplugins\9q0hqx6s.xml, , [0a8baa55d8c1c96df4589ef6e222cb35],
PUP.Optional.WinYahoo, C:\Users\Ladik\AppData\Roaming\Mozilla\Firefox\Profiles\gqhegdhd.default\searchplugins\yahoo! powered.xml, , [c9cc21de5f3ade585d45a6ec34d0ed13],
PUP.Optional.HohoSearch, C:\Users\Ladik\AppData\Roaming\Profiles\rrmcl73l.default\searchplugins\9q0hqx6s.xml, , [316443bc5a3f9b9ba7a6a6eead5745bb],
PUP.Optional.HohoSearch, C:\Users\Ladik\AppData\Roaming\Profiles\yzzfdyu4.default\searchplugins\9q0hqx6s.xml, , [c3d255aab4e570c6bd90a0f40202e719],
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\depi\oed\fakl.dat, , [14811fe04f4ad660e4b8078916eea65a],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[JaRon]

vsetko najdene nechaj odstranit v MBAM - restart - zopakuj kontrolu