Prosím o kontrolu..

[honzaavc]

Počítač je pomalejší a hází chybu po zapnutí někde v C:\Users\User\AppData\Local\Ozcsics.. přípdně nafotím a pošlu.. ale až se dostanu zase k NTB.. nechám běžet eset online scaner a avg do zítra..

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[honzaavc]

# AdwCleaner v6.047 - Log vytvořen 02/06/2017 v 09:01:36
# Aktualizováno dne 19/05/2017 z Malwarebytes
# Databáze : 2017-05-31.2 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : User - USER-HP
# Spuštěno z : C:\Users\User\Desktop\adwcleaner_6.047.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: vToolbarUpdater40.3.7
[-] Služba smazána: WtuSystemSupport


***** [ Složky ] *****

[-] Složka smazána: C:\Users\User\AppData\Local\avg web tuneup
[-] Složka smazána: C:\Program Files\Common Files\AVG Secure Search
[-] Složka smazána: C:\ProgramData\AVG Secure Search
[-] Složka smazána: C:\ProgramData\avg web tuneup
[-] Složka smazána: C:\Program Files (x86)\avg web tuneup
[-] Složka smazána: C:\Program Files (x86)\Common Files\AVG Secure Search


***** [ Soubory ] *****

[-] Soubor smazán: C:\prefs.js
[-] Soubor smazán: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\53cowy1y.default\extensions\Avg@toolbar.xpi
[-] Soubor smazán: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\53cowy1y.default\searchplugins\avg-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Klíč smazán: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Klíč smazán: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[#] Klíč smazán po restartu: [x64] HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Klíč smazán: HKLM\SOFTWARE\AVG Tuneup
[-] Data obnovena: HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Klíč smazán: HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena: HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data obnovena: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mysearch.avg.com
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mysearch.avg.com
[-] Klíč smazán: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Klíč smazán: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Hodnota smazána: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER [ENABLESHELLEXECUTEHOOKS]


***** [ Prohlížeče ] *****

[-] Firefox předvolby vyčištěny:


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5297 Bajty] - [02/06/2017 09:01:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [5778 Bajty] - [02/06/2017 08:58:29]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5443 Bajty] ##########


A ještě jsem promazal přes eset onlinescaner tohle:
C:\SwSetup\_new\Microsoft OFFICE 2010 Pro Plus PRECRACKED\Microsoft OFFICE 2010 Pro Plus PRECRACKED.iso Win32/TrojanDownloader.VB.QVF trojský kůň
C:\SwSetup\_new\Microsoft Office Proffesional Plus 2010 Corporate Final Full Activated -NoGRp\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso varianta infiltrace MSIL/HackKMS.A potenciálně zneužitelná aplikace
C:\_Run\App\Web\TopStylePortable\App\TopStyle\TopStylePatch.exe varianta infiltrace Win32/HackTool.Patcher.AD potenciálně zneužitelná aplikace
C:\_Run\App\_downloading\Cryptload\CryptLoad.exe Win32/RemoteAdmin.NetCat potenciálně zneužitelná aplikace,je v pořádku
C:\_Run\App\_downloading\Down_Google_Books\Google Books Download.exe varianta infiltrace Win32/HackTool.Patcher.T potenciálně zneužitelná aplikace
C:\_Run\App\_downloading\uTorrentPortable\App\uTorrent\uTorrent.exe varianta infiltrace Win32/Bunndle potenciálně zneužitelná aplikace

[Rudy]

Ta hláška bude patřit nějakému šmejdu. Dejte nový log FRST.

[honzaavc]

V příloze

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\...\MountPoints2: {c1b26919-adfa-11e5-99b2-3c4a92c96546} - H:\HPLauncher.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {DC5F566D-7201-4002-BCCA-928EC1533E1B} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DC5F566D-7201-4002-BCCA-928EC1533E1B} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {DC5F566D-7201-4002-BCCA-928EC1533E1B} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {DC5F566D-7201-4002-BCCA-928EC1533E1B} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1206910885-3778730465-1849945333-1000 -> {DC5F566D-7201-4002-BCCA-928EC1533E1B} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\User\AppData\Local\Temp
Task: {B7C9139D-52EE-484E-AF0C-FF71AC962EE6} - System32\Tasks\{E807EAD3-2C5E-4410-858D-10C2C95D23C0} => pcalua.exe -a F:\assasin\Setup.exe -d F:\assasin
C:\Users\User\AppData\Local\Ozcsics\hrpxujxz.dll

Emptytemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[honzaavc]

Při startu se čertí dropbox..

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by User (07-06-2017 16:59:33) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\...\MountPoints2: {c1b26919-adfa-11e5-99b2-3c4a92c96546} - H:\HPLauncher.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com
SearchScopes: HKLM -> DefaultScope {DC5F566D-7201-4002-BCCA-928EC1533E1B} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {DC5F566D-7201-4002-BCCA-928EC1533E1B} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {DC5F566D-7201-4002-BCCA-928EC1533E1B} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {DC5F566D-7201-4002-BCCA-928EC1533E1B} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1206910885-3778730465-1849945333-1000 -> {DC5F566D-7201-4002-BCCA-928EC1533E1B} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\User\AppData\Local\Temp
Task: {B7C9139D-52EE-484E-AF0C-FF71AC962EE6} - System32\Tasks\{E807EAD3-2C5E-4410-858D-10C2C95D23C0} => pcalua.exe -a F:\assasin\Setup.exe -d F:\assasin
C:\Users\User\AppData\Local\Ozcsics\hrpxujxz.dll

Emptytemp:
End
*****************

HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1b26919-adfa-11e5-99b2-3c4a92c96546} => key removed successfully
HKCR\CLSID\{c1b26919-adfa-11e5-99b2-3c4a92c96546} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC5F566D-7201-4002-BCCA-928EC1533E1B} => key removed successfully
HKCR\CLSID\{DC5F566D-7201-4002-BCCA-928EC1533E1B} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{DC5F566D-7201-4002-BCCA-928EC1533E1B} => key removed successfully
HKCR\Wow6432Node\CLSID\{DC5F566D-7201-4002-BCCA-928EC1533E1B} => key not found.
HKU\S-1-5-21-1206910885-3778730465-1849945333-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC5F566D-7201-4002-BCCA-928EC1533E1B} => key removed successfully
HKCR\CLSID\{DC5F566D-7201-4002-BCCA-928EC1533E1B} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully

"C:\Users\User\AppData\Local\Temp" folder move:

Could not move "C:\Users\User\AppData\Local\Temp" => Scheduled to move on reboot.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7C9139D-52EE-484E-AF0C-FF71AC962EE6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7C9139D-52EE-484E-AF0C-FF71AC962EE6} => key removed successfully
C:\Windows\System32\Tasks\{E807EAD3-2C5E-4410-858D-10C2C95D23C0} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E807EAD3-2C5E-4410-858D-10C2C95D23C0} => key removed successfully
"C:\Users\User\AppData\Local\Ozcsics\hrpxujxz.dll" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 177243995 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 1767781 B
Edge => 0 B
Chrome => 46424869 B
Firefox => 375385277 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 72912 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558479 B
systemprofile32 => 69678 B
LocalService => 66228 B
NetworkService => 0 B
User => 55039887 B

RecycleBin => 86630636 B
EmptyTemp: => 772.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-06-2017 17:01:56)

C:\Users\User\AppData\Local\Temp => moved successfully

==== End of Fixlog 17:02:02 ====

[Rudy]

Ten čistič je po virové stránce OK. Smazáno. Nastala nějaká změna?

[honzaavc]

Příliš změn není. Zdá se že to pořád trošku pomaleji nabíhá.

Dropbox se sám zase spouští a chybu nehází.. v MSconfig jsme ho předtím zakázal kvůli chybě..

[Rudy]

Tak ho znovu zakažte a udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.