Preventivka - upozornění na vir

[KLiMson]

Plocha vyčištěna, měl jsem tam teď celkem dost odpadu...

Zde fixlog...

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Petr at 2015-07-06 15:36:14 Run:1
Running from C:\Users\Petr\Desktop
Loaded Profiles: Petr (Available Profiles: Petr & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1836572399-2179033429-1503521060-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_190_Plugin.exe [927920 2015-06-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-1836572399-2179033429-1503521060-1000\...\Policies\Explorer: []

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1836572399-2179033429-1503521060-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1836572399-2179033429-1503521060-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-1836572399-2179033429-1503521060-1000 -> URL http://search.conduit.com/Results.aspx? ... EC31FF8&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1836572399-2179033429-1503521060-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... hx?prefix={searchTerms}
BHO-x32: Great Find -> {1cc2bb80-20ab-43e5-b958-432d72b546ca} -> C:\Program Files (x86)\Great Find\Extensions\1cc2bb80-20ab-43e5-b958-432d72b546ca.dll No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

CHR HKLM-x32\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [Not Found]

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1836572399-2179033429-1503521060-1000Core.job => C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1836572399-2179033429-1503521060-1000UA.job => C:\Users\Petr\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-06-12 82112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24 268464]

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyLogger" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMClock" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSleepSrv" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent" /f

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1836572399-2179033429-1503521060-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => value removed successfully
HKU\S-1-5-21-1836572399-2179033429-1503521060-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1836572399-2179033429-1503521060-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-1836572399-2179033429-1503521060-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1836572399-2179033429-1503521060-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.aspx? ... => value not found.
HKU\S-1-5-21-1836572399-2179033429-1503521060-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON http://suggest.search.conduit.com/CSugg ... => value not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1cc2bb80-20ab-43e5-b958-432d72b546ca}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{1cc2bb80-20ab-43e5-b958-432d72b546ca}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\palpbfjgianahgbbeodmcohjdmaelbeo" => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1836572399-2179033429-1503521060-1000Core.job => moved successfully.
C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1836572399-2179033429-1503521060-1000UA.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
AdobeARMservice => Service removed successfully
AdobeFlashPlayerUpdateSvc => Service removed successfully

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeyLogger" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMClock" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSleepSrv" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 2.6 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 15:37:08 ====

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

[KLiMson]

Konečně defragmentace proběhla. už jsem myslel, že je vše v pořádku, ale včera mi google opět vyhodil hlášku ve stylu: Omluváme se Vám, ale považujeme Vás za robota odesílajícího neudtále dotazy na google, proto Vás budeme blokovat.
Dnes už funguje normálně.

Může se jednat o problém nebo ne?

Díky

[Márty84]

Dela to google jako stranka ve vsech prohlizecich? Nebo google jako prohlizec chrome? A blokne se cely prohlizec? Nebo jen vyhledavani googlem?

[KLiMson]

Dělá to google vyhledávač ve všech prohlížečích, zablokuje vyhledávání. Chrome i Opera. Prohlížeč jinak funguje.

[Márty84]

Jake mate pripojeni, kabel, nebo wifi? IP adresu mate pevnou? Kdyz je to zrovna bloknute, funguje to na jinem stroji pripojenem na stejne siti?

[KLiMson]

Mám wifi s pevnou IP adresou. Nemůžu to tvrdit na 100 %, ale když jsem se ve stejnou dobu připojil přes mobil na domácí wifi, tak google nereagoval vůbec. Když jsem šel v mobilu na přes mobilní internet, tak vše fungovalo.

[Márty84]

Resetujte router a zmente heslo.

[KLiMson]

Hotovo, snad bude vše už v pořádku.

Díky moc za pomoc.

[Márty84]

Na havet je nyni pocitac cisty. Tak to snad bude OK. Taky je moznost, ze se nekdo pripojuje na vasi wifi a dela neplechu, nebo byl napadeny primo router, pripadne neco dale na trase. Tezko takhle hadat. Snad to pobezi bez problemu

Nemate zac!

Mejte se a treba zase nekdy