Safesurf/Springsurf vir

[F7R]

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Sova on ne 04.09.2016 at 14:14:54,88.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sova\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2016-09-04-111256.log 5873 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Orphaned Tasks deleted from Registry ======================

ESET Windows 10 upgrade - Refresh settings deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox" [25.05.2016 18:55]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eahebamiopdhefndnmappcihfajigkka - https://chrome.google.com/webstore/deta ... ihfajigkka[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IESR02

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RR9DEYZ will be deleted at reboot
C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JV41NSYS will be deleted at reboot
C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XZRAY7I3 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=9 folders=8 6746191 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sova\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Sova\AppData\Local\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RR9DEYZ" deleted
"C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIDYG6EA" not found
"C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XB1EXM1F" not found
"C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HA2K7JX4" not found
"C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JV41NSYS" deleted
"C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RR9DEYZ" not found
"C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JV41NSYS" not found
"C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XZRAY7I3" not found

==== EOF on ne 04.09.2016 at 15:22:19,12 ======================

[F7R]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Professional x86
Ran by Sova (Administrator) on ne 04.09.2016 at 15:28:10,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Failed to delete: C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RR9DEYZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIDYG6EA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Sova\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XB1EXM1F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5RR9DEYZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIDYG6EA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XB1EXM1F (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 04.09.2016 at 15:31:06,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Rudy]

OK. Jak to vypadá nyní?

[F7R]

V IE pořád spouští se strankou safesurf a jinými spamy. V Maxthonu to dělalo taky a pomohla osinstalace a instalace přes revo.

[Rudy]

IE je součást systému a nesnadno se čistí. Zkuste ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

[F7R]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 4.9.2016
Čas skenování: 19:46
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.09.03.03
Databáze rootkitů: v2016.08.15.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Sova

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 349110
Uplynulý čas: 13 hod, 45 min, 9 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
RiskWare.TOR, C:\Users\Sova\Desktop\bin\Tor\tor.exe, , [6f50beafcfcba492c4ab5bdb2ad8f20e],
RiskWare.Tool.HCK, D:\KRT_5.1.0.7.exe, , [9a2572fb7525d363ac008a86ca370ef2],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Rudy]

Nálezy smažte.

[F7R]

Zřejmě už v pořádku.

[Rudy]

To jsem rád.

[F7R]

Ještě jednou díky!

[Rudy]

Rádo se stalo!