VIRY.CZ

Už jsem to našel

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 30. 8. 2016
Čas skenování: 22:32
Protokol: Anti malware.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.08.30.11
Databáze rootkitů: v2016.08.15.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: User

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 354324
Uplynulý čas: 11 min, 59 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 2
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy, , [2f147ad75d3d4ee80c21f3b13fc3f20e],
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\58460E2A4C924D94A5BAE7FA22A61A1D, , [2f147ad75d3d4ee80c21f3b13fc3f20e],

Soubory: 1
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\58460E2A4C924D94A5BAE7FA22A61A1D\AVG_PCTuneUp_1314.exe, , [2f147ad75d3d4ee80c21f3b13fc3f20e],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Všechny nálezy smažte.

Nový scan říká 0 hrozeb, ale fb pořád to samé.

Ještě vyčistíme prohlížeče. Udělejte následující skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by User on st 31. 08. 2016 at 19:15:03,08.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31. 8. 2016 19:16:56 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\DsNET Corp deleted successfully
C:\Users\User\AppData\Roaming\Dev-Cpp deleted successfully
C:\Users\User\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\User\AppData\Local\EmieSiteList deleted successfully
C:\Users\User\AppData\Local\EmieUserList deleted successfully
C:\Users\User\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\DsNET Corp not found
C:\Users\Public\Pokki deleted
C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deleted
C:\PROGRA~3\Pokki deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Default User\AppData\Local\Pokki deleted
C:\Users\User\AppData\Local\BTServer.log deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted
C:\F\Ledacosi\SwissManagerUniCodeSetup.exe deleted

==== Orphaned Tasks deleted from Registry ======================

avast Emergency Update deleted
Cyberlink Trigger Task deleted
GoogleUpdateTaskMachineCore deleted
GoogleUpdateTaskMachineUA deleted
Lenovo\StartLenovoMessenger deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [19. 07. 2016 23:15]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [19. 07. 2016 23:15]

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06. 05. 2016 13:15]

Seznam Lištička - Email - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Lištička - Slovník - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
CbV - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnogpkbdogcgciecomlojjoapemfgei
Seznam Lištička - Rychlá volba - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
Chrome Media Router - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=12454"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=12454"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{CE0E361A-27C5-4D65-A083-2E6E12C40620}"
HKLM\SearchScopes\{CE0E361A-27C5-4D65-A083-2E6E12C40620} - http://www.bing.com/search?q={searchTer ... TR&pc=LNJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{CE0E361A-27C5-4D65-A083-2E6E12C40620}"
HKLM\Wow6432Node\SearchScopes\{CE0E361A-27C5-4D65-A083-2E6E12C40620} - http://www.bing.com/search?q={searchTer ... TR&pc=LNJB
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
HKCU\SearchScopes\{5F473DAE-A01D-4FF3-BEB4-740045698054} - http://encyklopedie.seznam.cz/search?q= ... arch_12454
HKCU\SearchScopes\{6CF4E95A-626B-4775-8B4B-0AF902E85FB4} - http://www.mapy.cz/?query={searchTerms} ... arch_12454
HKCU\SearchScopes\{6F3BF307-C878-4488-B6D7-851C6F59D41E} - http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
HKCU\SearchScopes\{A21F809A-A1C2-40CC-943B-5B2F15DC5D6A} - http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
HKCU\SearchScopes\{AB3D1C86-8BBE-4171-8AAE-17C554D18743} - http://search.seznam.cz/?q={searchTerms ... arch_12454
HKCU\SearchScopes\{BAFF78DC-8E31-4236-BE97-943B1C1FC067} - http://www.firmy.cz/?q={searchTerms}&so ... arch_12454
HKCU\SearchScopes\{E0D8AEFE-70B5-4D6A-AD85-E0822DA4C4C6} - http://www.novinky.cz/hledej?w={searchT ... arch_12454
HKCU\SearchScopes\{E7D97217-D658-466F-B2BC-B4FE52DE6705} - http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
HKCU\SearchScopes\{F3A847F4-660C-4343-84B3-1827DFA28303} - http://tv.seznam.cz/hledej?w={searchTer ... arch_12454

==== Reset Google Chrome ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{100A0E84-2F27-4776-BD1F-8105A27DFA56} deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5882 folders=147 281830087 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\User\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on st 31. 08. 2016 at 19:47:18,52 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 8.1 x64
Ran by User (Administrator) on st 31. 08. 2016 at 19:50:55,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage-journal (File)
Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bgjpfhpjcgdppjbgnpnjllokbmcdllig_0.localstorage (File)
Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage-journal (File)
Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_blmojkbhnkkphngknkmgccmlenfaelkd_0.localstorage (File)
Successfully deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_olfeabkoenfaoljndfecamgilllcpiak_0.localstorage (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AB3D1C86-8BBE-4171-8AAE-17C554D18743} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 31. 08. 2016 at 19:53:16,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Změnilo se něco nyní?

FB pořád to samé

V kterém prohlížeči?

Google Chrome, IE v pořádku

Zazálohujte Chrome pomocí ChromeBackup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ . Pak Chrome kompletně odinstalujte vč. jeho profilu (podadresáře Chrome v c:\users\User\appdata\local, c:\users\User\appdata\roaming, c:\users\User\data aplikací, c:\users\User\local settings a v c:\program data musí být smazány). Pak proveďte novou, čistou instalaci Chrome a zpět ze zálohy nakopírujte pouze hesla a záložky.

Některé soubory nešlo smazat z důvodu nedostačné oprávněnost...
Google Chrom jsem stáhl a nainstaloval znova a na fb to samé.

Pokud se nedostanete do adresářů, musíte si ve vlastnostech>zabezpečení ta práva přidat. K tomu musíte mít ale plná práva k profilu. Jinak se stav nezmění. Tento způsob je poslední možnost, jak to opravit.

K adresářům se dostanu, označím je - Soubor - Vlastnosti - a zde je pouze Změna atributů, po odškrtnutí všech, šlo opět něco smazat, ale zdaleka ne vše. Bohužel nevím, co jiného udělat.
Také mi několikrát přestal chodit internet, musel jsem to dát opravit, znovu připojit, nebo se to obnovilo samo - pokaždé pomohlo něco jiného. Také se najednou změnil Commander, font, jazyk (ale to nejmenší).
Omlouvám se, ale asi budu potřebovat podrobnější postup, co dělat.

Ne u souborů, ale u adresářů.