Dva logy

[Zikys]

Dobrý den, prosím o zkontrolování těchto dvou logů. První je z RogueKilleru a druhý z AdwCleaneru.

Kód: Vybrat vše

RogueKiller V12.7.5.0 [Oct 31 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Zikys [Práva správce]
Started from : C:\Users\Zikys\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 11/07/2016 12:00:49 (Duration : 00:51:22)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 34 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} (C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll) -> Nalezeno
[PUP] HKEY_CLASSES_ROOT\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043} (C:\Program Files\Yahoo!\Companion\Installs\cpn0\pubmod.dll) -> Nalezeno
[PUP] HKEY_CLASSES_ROOT\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5} (C:\Program Files\Yahoo!\Companion\Installs\cpn0\ypubc.dll) -> Nalezeno
[PUP] HKEY_CLASSES_ROOT\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C} (C:\Program Files\Yahoo!\Companion\Installs\cpn0\ypubc.dll) -> Nalezeno
[PUP] HKEY_CLASSES_ROOT\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1} (C:\Program Files\Yahoo!\Companion\Installs\cpn0\ypubc.dll) -> Nalezeno
[PUP] HKEY_CLASSES_ROOT\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (C:\PROGRA~1\IObit\ADVANC~1\SURFIN~1\BROWER~1\ASCPLU~1.DLL) -> Nalezeno
[PUP] HKEY_CLASSES_ROOT\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC} (C:\Program Files\Yahoo!\Companion\Installs\cpn0\ypubc.dll) -> Nalezeno
[PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Nalezeno
[PUP] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} (C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll) -> Nalezeno
[PUP] HKEY_CLASSES_ROOT\Yahoo.PopupBlockerPlugin -> Nalezeno
[PUP] HKEY_USERS\.DEFAULT\Software\AVG Secure Search -> Nalezeno
[PUP] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\Software\IGearSettings -> Nalezeno
[PUP] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Mail.Ru -> Nalezeno
[PUP] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\Software\SetMyHomepage -> Nalezeno
[PUP] HKEY_USERS\S-1-5-18\Software\AVG Secure Search -> Nalezeno
[PUP] HKEY_USERS\.DEFAULT\Software\AppDataLow\Toolbar -> Nalezeno
[PUP] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\Software\AppDataLow\Toolbar -> Nalezeno
[PUP] HKEY_USERS\S-1-5-18\Software\AppDataLow\Toolbar -> Nalezeno
[PUP] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\Software\AppDataLow\Software\Mail.Ru -> Nalezeno
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion -> Nalezeno
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} (C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll) -> Nalezeno
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} (C:\PROGRA~1\IObit\ADVANC~1\SURFIN~1\BROWER~1\ASCPLU~1.DLL) -> Nalezeno
[PUP] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {EF99BD32-C1FB-11D2-892F-0090271D4F88} :  (C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll)  -> Nalezeno
[PUP] HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} :   -> Nalezeno
[PUP] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} :   -> Nalezeno
[PUP] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {EF99BD32-C1FB-11D2-892F-0090271D4F88} :  (C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll)  -> Nalezeno
[PUP] HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} :   -> Nalezeno
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://isearch.avg.com?cid={137AFC28-A645-4E98-8CEA-ADB295854AA7}&mid=24e693f0d18647d194a43120d393f5c4-ea00e829ffd21ae1a1b06f603638b8956d215046&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.3.0.885&pid=avg&sg=&sap=hp  -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main | Start Page : seznam.cz  -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://isearch.avg.com?cid={137AFC28-A645-4E98-8CEA-ADB295854AA7}&mid=24e693f0d18647d194a43120d393f5c4-ea00e829ffd21ae1a1b06f603638b8956d215046&lang=&ds=&coid=&cmpid=&pr=&d=&v=18.3.0.885&pid=avg&sg=&sap=hp  -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://qip.ru  -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://terra.im/  -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : http://terra.im/  -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : http://search.qip.ru  -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 5 ¤¤¤
[PUP][Složka] C:\Users\Zikys\AppData\Roaming\Enigma -> Nalezeno
[PUP][Složka] C:\Users\Zikys\AppData\Local\PackageAware -> Nalezeno
[PUP][Složka] C:\Program Files\Application Updater -> Nalezeno
[PUP][Složka] C:\Program Files\Conduit -> Nalezeno
[PUP][Složka] C:\Program Files\Yahoo!\Companion -> Nalezeno

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUP][CHROME:Addon] Default : Ads Removal [fopdddcinljmpmioaklghcalngfhbaen] -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-00H2B0 ATA Device +++++
--- User ---
[MBR] 16d99cd833c12a1c0aa88e6165984538
[BSP] b1a197667c952a71de243a9d5ceb3b49 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD Elements 10B8 USB Device +++++
--- User ---
[MBR] 404653f280bddc881b80610be269e9b9
[BSP] 060141710ad51f106af5b3b666b43b68 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476907 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: WD 5000BEV External USB Device +++++
--- User ---
[MBR] 63fe7554c9e0d782ed90cfe1085ae802
[BSP] 970b166c5877f1a51d9189bd896c811c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476939 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Kód: Vybrat vše

# AdwCleaner v6.030 - Log soubor vytvořen 07/11/2016 na 13:35:58
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-07.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X86)
# Uživatelské jméno : Zikys - Zikys-PC
# Beží od : C:\Users\Zikys\Desktop\adwcleaner_6.030.exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.


***** [ Adresáře ] *****

Složka nalezena: C:\Users\Zikys\AppData\Roaming\newSI_23
Složka nalezena: C:\Users\Zikys\AppData\Local\PackageAware
Složka nalezena: C:\Program Files\Application Updater
Složka nalezena: C:\Program Files\Conduit
Složka nalezena: C:\Program Files\IObit Apps Toolbar
Složka nalezena: C:\Program Files\Yahoo!\Companion
Složka nalezena: C:\Program Files\Common Files\freemake shared
Složka nalezena: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater
Složka nalezena: C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search


***** [ Soubory ] *****

Soubor nalezen: C:\user.js
Soubor nalezen: C:\prefs.js


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL soubory.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupce ] *****

Žádné infikovaný zástupce nenalezen.


***** [ Plánovač úloh ] *****

Žádný nebezpečná úloha nenalezena. 


***** [ Registry ] *****

Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ProductUpdater]
Klíč nalezen: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
Klíč nalezen: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
Klíč nalezen: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
Klíč nalezen: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
Klíč nalezen: HKLM\SOFTWARE\Classes\YPUBC.DataStore
Klíč nalezen: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
Klíč nalezen: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
Klíč nalezen: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
Klíč nalezen: HKLM\SOFTWARE\Classes\YPUBC.StringList
Klíč nalezen: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Klíč nalezen: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč nalezen: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Klíč nalezen: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč nalezen: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč nalezen: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Klíč nalezen: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Hodnota nalezena: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Hodnota nalezena: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Hodnota nalezena: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Klíč nalezen: HKU\.DEFAULT\Software\AVG Secure Search
Klíč nalezen: HKU\.DEFAULT\Software\Yahoo\Companion
Klíč nalezen: HKU\.DEFAULT\Software\AppDataLow\Toolbar
Klíč nalezen: HKU\.DEFAULT\Software\AppDataLow\Software\IObit Apps
Klíč nalezen: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\IGearSettings
Klíč nalezen: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\IObit Apps
Klíč nalezen: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\SetMyHomePage
Klíč nalezen: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Yahoo\Companion
Klíč nalezen: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Yahoo\YFriendsBar
Klíč nalezen: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Mail.Ru
Klíč nalezen: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\AppDataLow\Toolbar
Klíč nalezen: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\AppDataLow\Software\IObit Apps
Klíč nalezen: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKU\S-1-5-18\Software\AVG Secure Search
Klíč nalezen: HKU\S-1-5-18\Software\Yahoo\Companion
Klíč nalezen: HKU\S-1-5-18\Software\AppDataLow\Toolbar
Klíč nalezen: HKU\S-1-5-18\Software\AppDataLow\Software\IObit Apps
Klíč nalezen: HKCU\Software\IGearSettings
Klíč nalezen: HKCU\Software\IObit Apps
Klíč nalezen: HKCU\Software\SetMyHomePage
Klíč nalezen: HKCU\Software\Yahoo\Companion
Klíč nalezen: HKCU\Software\Yahoo\YFriendsBar
Klíč nalezen: HKCU\Software\Mail.Ru
Klíč nalezen: HKCU\Software\AppDataLow\Toolbar
Klíč nalezen: HKCU\Software\AppDataLow\Software\IObit Apps
Klíč nalezen: HKCU\Software\AppDataLow\Software\Mail.Ru
Klíč nalezen: HKLM\SOFTWARE\IObit Apps
Klíč nalezen: HKLM\SOFTWARE\Yahoo\Companion
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Data nalezena: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.avg.com?cid={137AFC28-A645-4E98-8CEA-ADB295854AA7}&mid=24e693f0d18647d194a43120d393f5c4-ea00e829ffd21ae1a1b06f60363
Data nalezena: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://isearch.avg.com/?cid={7149999F-7152-4A04-8AE3-8E20743B6FDA}&mid=24e693f0d18
Data nalezena: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.avg.com?cid={137AFC28-A645-4E98-8CEA-ADB295854AA7}&mid=24e693f0d18647d194a43120d393f5c4-ea00e829ffd21ae1a1b06f60363
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://isearch.avg.com/?cid={7149999F-7152-4A04-8AE3-8E20743B6FDA}&mid=24e693f0d18647d194a43120d393f5c4-ea00e829ffd21ae1a1b06f6
Klíč nalezen: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL


***** [ Internetové prohlížeče ] *****

Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox báze.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium báze.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [10845 Bajtů] - [07/11/2016 13:35:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10920 Bajtů] ##########

[Rudy]

Zdravím!
Vše, co nalezl ADW odstraňte kliknutím na mazání. Pokud je nějaký problém, řekněte jaký a dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[Zikys]

Pomocí AdwCleaneru dáno promazání nalezených souborů, následně restart kompu, zobrazil se tento log.

Kód: Vybrat vše

# AdwCleaner v6.030 - Log soubor vytvořen 07/11/2016 na 18:23:34
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-07.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X86)
# Uživatelské jméno : Pavel - PAVEL-PC
# Beží od : C:\Users\Pavel\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Adresáře ] *****

[-] Adresář smazán:C:\Users\Pavel\AppData\Roaming\newSI_23
[-] Adresář smazán:C:\Users\Pavel\AppData\Local\PackageAware
[-] Adresář smazán:C:\Program Files\Application Updater
[-] Adresář smazán:C:\Program Files\Conduit
[-] Adresář smazán:C:\Program Files\IObit Apps Toolbar
[-] Adresář smazán:C:\Program Files\Yahoo!\Companion
[-] Adresář smazán:C:\Program Files\Common Files\freemake shared
[-] Adresář smazán:C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater
[-] Adresář smazán:C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search


***** [ Soubory ] *****

[-] Soubor smazán:C:\user.js
[-] Soubor smazán:C:\prefs.js


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupce ] *****



***** [ Plánovač úloh ] *****



***** [ Registry ] *****

[-] Hodnota smazána:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ProductUpdater]
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Klíč smazán:HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Klíč smazán:HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Klíč smazán:HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Klíč smazán:HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Klíč smazán:HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Klíč smazán:HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Klíč smazán:HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán:HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Klíč smazán:HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Klíč smazán:HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Klíč smazán:HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán:HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Klíč smazán:HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Hodnota smazána:HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Hodnota smazána:HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Hodnota smazána:HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Klíč smazán:HKU\.DEFAULT\Software\AVG Secure Search
[-] Klíč smazán:HKU\.DEFAULT\Software\Yahoo\Companion
[-] Klíč smazán:HKU\.DEFAULT\Software\AppDataLow\Toolbar
[-] Klíč smazán:HKU\.DEFAULT\Software\AppDataLow\Software\IObit Apps
[-] Klíč smazán:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\IGearSettings
[-] Klíč smazán:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\IObit Apps
[-] Klíč smazán:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\SetMyHomePage
[-] Klíč smazán:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Yahoo\Companion
[-] Klíč smazán:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Yahoo\YFriendsBar
[-] Klíč smazán:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Mail.Ru
[-] Klíč smazán:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\AppDataLow\Toolbar
[-] Klíč smazán:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\AppDataLow\Software\IObit Apps
[-] Klíč smazán:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\AppDataLow\Software\Mail.Ru
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\AVG Secure Search
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\Yahoo\Companion
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\AppDataLow\Toolbar
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\AppDataLow\Software\IObit Apps
[#] Klíč smazán po restartování:HKCU\Software\IGearSettings
[#] Klíč smazán po restartování:HKCU\Software\IObit Apps
[#] Klíč smazán po restartování:HKCU\Software\SetMyHomePage
[#] Klíč smazán po restartování:HKCU\Software\Yahoo\Companion
[#] Klíč smazán po restartování:HKCU\Software\Yahoo\YFriendsBar
[#] Klíč smazán po restartování:HKCU\Software\Mail.Ru
[#] Klíč smazán po restartování:HKCU\Software\AppDataLow\Toolbar
[#] Klíč smazán po restartování:HKCU\Software\AppDataLow\Software\IObit Apps
[#] Klíč smazán po restartování:HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Klíč smazán:HKLM\SOFTWARE\IObit Apps
[-] Klíč smazán:HKLM\SOFTWARE\Yahoo\Companion
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Data obnovena:HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data obnovena:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] 
[-] Data obnovena:HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [Start Page] 
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] 
[-] Klíč smazán:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena:HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\isearch.avg.com
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [10731 Bajtů] - [07/11/2016 18:23:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [11001 Bajtů] - [07/11/2016 13:35:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10881 Bajtů] ##########

Stále přetrvává ten problém s Browser Modifier.

Nově proveden další FRST scan, logy ke stažení níže.

[Rudy]

Při otvírání souborů v archivu mi to hodí chybu.

Stále přetrvává ten problém s Browser Modifier.

Nikde se tu o něm nezmiňujete. O co go?

[Zikys]

Jak se stalo několika dalším uživatelům, nejsem ani já výjimkou. Což je také důvod, proč jsem prvně vyzkoušel několik těchto čisticích aplikací na havěť v počítači.

Jde o tento problém. Promiňte.



Otevření logu by již mělo proběhnout v pořádku. Komprimováno ve WinRAR.

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\...\MountPoints2: E - E:\setup.exe
AppInit_DLLs: 4x-xőqÜÉvb => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://terra.im/
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://terra.im/
SearchScopes: HKLM -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3394997470-964147142-4037502327-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={7149999F-7152-4A04-8AE3-8E20743B6FDA}&mid=24e693f0d18647d194a43120d393f5c4-ea00e829ffd21ae1a1b06f603638b8956d215046&lang=cs&ds=AVG&pr=pr&d=2012-07-28 17:11:17&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3394997470-964147142-4037502327-1000 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3394997470-964147142-4037502327-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={7149999F-7152-4A04-8AE3-8E20743B6FDA}&mid=24e693f0d18647d194a43120d393f5c4-ea00e829ffd21ae1a1b06f603638b8956d215046&lang=cs&ds=AVG&pr=pr&d=2012-07-28 17:11:17&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3394997470-964147142-4037502327-1000 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
S3 cpuz135; no ImagePath
S3 TuneUpUtilitiesDrv; no ImagePath
C:\Windows\system32\Drivers\4DB173CE.sys
C:\Windows\system32\Drivers\55496944.sys
C:\Windows\system32\Drivers\7CC11D70.sys
C:\Windows\system32\Drivers\16E40BEC.sys
C:\Windows\system32\Drivers\496A6CD4.sys
C:\Windows\system32\Drivers\4ECF64D4.sys
C:\Windows\system32\Drivers\72D373A6.sys
C:\Windows\system32\Drivers\2C7C39CD.sys
C:\Windows\system32\Drivers\1FD2160F.sys
C:\Windows\system32\Drivers\13D57834.sys
C:\Windows\system32\Drivers\61C15687.sys
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394997470-964147142-4037502327-1000UA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394997470-964147142-4037502327-1000Core.job
C:\ProgramData\mntemp
C:\Users\Pavel\AppData\Local\Temp
Task: {179A630E-BF37-4B5F-B6A0-94CA48C6B0E8} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {89B2219B-EE34-4BC7-B1BF-76F5A1E1F991} - \ASC9_SkipUac_Pavel -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:39413AC3 [127]
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Zikys]

Provedeno, výsledný log.

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Pavel (07-11-2016 21:25:59) Run:1
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel (Available Profiles: Pavel)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\...\MountPoints2: E - E:\setup.exe
AppInit_DLLs: 4x-xőqÜÉvb => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://terra.im/
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://terra.im/
SearchScopes: HKLM -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3394997470-964147142-4037502327-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={7149999F-7152-4A04-8AE3-8E20743B6FDA}&mid=24e693f0d18647d194a43120d393f5c4-ea00e829ffd21ae1a1b06f603638b8956d215046&lang=cs&ds=AVG&pr=pr&d=2012-07-28 17:11:17&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3394997470-964147142-4037502327-1000 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3394997470-964147142-4037502327-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={7149999F-7152-4A04-8AE3-8E20743B6FDA}&mid=24e693f0d18647d194a43120d393f5c4-ea00e829ffd21ae1a1b06f603638b8956d215046&lang=cs&ds=AVG&pr=pr&d=2012-07-28 17:11:17&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3394997470-964147142-4037502327-1000 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
S3 cpuz135; no ImagePath
S3 TuneUpUtilitiesDrv; no ImagePath
C:\Windows\system32\Drivers\4DB173CE.sys
C:\Windows\system32\Drivers\55496944.sys
C:\Windows\system32\Drivers\7CC11D70.sys
C:\Windows\system32\Drivers\16E40BEC.sys
C:\Windows\system32\Drivers\496A6CD4.sys
C:\Windows\system32\Drivers\4ECF64D4.sys
C:\Windows\system32\Drivers\72D373A6.sys
C:\Windows\system32\Drivers\2C7C39CD.sys
C:\Windows\system32\Drivers\1FD2160F.sys
C:\Windows\system32\Drivers\13D57834.sys
C:\Windows\system32\Drivers\61C15687.sys
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394997470-964147142-4037502327-1000UA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394997470-964147142-4037502327-1000Core.job
C:\ProgramData\mntemp
C:\Users\Pavel\AppData\Local\Temp
Task: {179A630E-BF37-4B5F-B6A0-94CA48C6B0E8} - \ASC9_PerformanceMonitor -> No File <==== ATTENTION
Task: {89B2219B-EE34-4BC7-B1BF-76F5A1E1F991} - \ASC9_SkipUac_Pavel -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:39413AC3 [127]
End
*****************

"HKU\S-1-5-21-3394997470-964147142-4037502327-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully.
"4x-xőqÜÉvb" => Value data removed successfully..
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully.
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}" => key removed successfully.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => key not found. 
HKU\S-1-5-21-3394997470-964147142-4037502327-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\S-1-5-21-3394997470-964147142-4037502327-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE}" => key removed successfully.
HKCR\CLSID\{4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} => key not found. 
"HKU\S-1-5-21-3394997470-964147142-4037502327-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found. 
"HKU\S-1-5-21-3394997470-964147142-4037502327-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => key removed successfully.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => key not found. 
cpuz135 => service removed successfully.
TuneUpUtilitiesDrv => service removed successfully.
C:\Windows\system32\Drivers\4DB173CE.sys => moved successfully
C:\Windows\system32\Drivers\55496944.sys => moved successfully
C:\Windows\system32\Drivers\7CC11D70.sys => moved successfully
C:\Windows\system32\Drivers\16E40BEC.sys => moved successfully
C:\Windows\system32\Drivers\496A6CD4.sys => moved successfully
C:\Windows\system32\Drivers\4ECF64D4.sys => moved successfully
C:\Windows\system32\Drivers\72D373A6.sys => moved successfully
C:\Windows\system32\Drivers\2C7C39CD.sys => moved successfully
C:\Windows\system32\Drivers\1FD2160F.sys => moved successfully
C:\Windows\system32\Drivers\13D57834.sys => moved successfully
C:\Windows\system32\Drivers\61C15687.sys => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394997470-964147142-4037502327-1000UA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394997470-964147142-4037502327-1000Core.job => moved successfully
C:\ProgramData\mntemp => moved successfully

"C:\Users\Pavel\AppData\Local\Temp" folder move:

Could not move "C:\Users\Pavel\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{179A630E-BF37-4B5F-B6A0-94CA48C6B0E8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{179A630E-BF37-4B5F-B6A0-94CA48C6B0E8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_PerformanceMonitor" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89B2219B-EE34-4BC7-B1BF-76F5A1E1F991}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89B2219B-EE34-4BC7-B1BF-76F5A1E1F991}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_Pavel" => key removed successfully.
C:\ProgramData\TEMP => ":39413AC3" ADS removed successfully..

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-11-2016 21:32:29)

C:\Users\Pavel\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:32:30 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[Zikys]

Bohužel, problém přetrvává.

[Rudy]

Ještě jednou spustíme FRST tímto sriptem:

Start
c:\Users\Pavel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<.

[Zikys]

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x86) Version: 06-11-2016
Ran by Pavel (07-11-2016 22:47:57) Run:2
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel (Available Profiles: Pavel)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
c:\Users\Pavel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
End
*****************

c:\Users\Pavel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => moved successfully

==== End of Fixlog 22:47:57 ====

Jo, tenhle parametr to prozatím vypnul. Uvidím dál. Momentálně mi to na liště nevyskakuje.

[Rudy]

OK. Nechám to tu zatím otevřené.

[Zikys]

Potíže už odezněly. Díky za pomoc.

[Rudy]

To jsem rád. Nemáte zač!