VIRY.CZ

Dobry den. Prosim o kontrolu logov.

Obdrzal som toto PC na precistenie, ale neviem si rady. Skusil som vsetko mozne aj nemozne vid dole.
AV: hlasi hrozbu JS/TrojanDownloader.FakeAlert.NAK trojan horse
kedykolvek pri navstiveni stranok, facebook, youtube, a niekedy aj google. Ostatne stranky bezia ok.
Pri navsteve tychto stranok, AV vyhodi hrozbu a stranka sa nespusti.
Skusal som na tomto PC nainstalovat rozne antispyware programy a scannery, ale prakticky nic sa nenaslo.

Prebehli testy:
Spyware terminator
Spyware hunter
Microsoft malicious software scanner
NOD32 scanner
eset online scanner
kaspersky online scanner
malwarebytes 2
spybot2
a dalsie.

Logy z vami doporucenych scannerov:
http://pastebin.com/5beE9w58 frst
http://pastebin.com/rcDNc3Kg add

http://pastebin.com/NrvnHhQb rsit
http://pastebin.com/FAWBvkKP dds

Diky

Zdravim

Predpokladam, dle verze Windows, ze se jedna o nejaky pracovni\firemni PC, je tomu tak??

Vy jste nejaky spravce ci IT technik, ktery se ma o PC starat??

Ano software je z firmy, pre ktoru pracuje, pc je vsak domace, cize nema narok na firemny servis. Nie niesom technik, aspon nie plateny inak by som si s tym uz snad poradil. Na pc zas nieje toho tolko nainstalovaneho a problem sa zda relativne banalny. Nieco proste redirektuje pristup na stranky facebook,youtube a google a robi to vo vsetkych prehliadacoch. AV pritom hlasi trojan fake alert. No kedze ho ziadny zo spominanych AV a Antispyware nedokazali najst tak vazne neviem..

Este by stalo za to dodat, ze som skusal vyhladat aj manualne subory, ktore by mali byt pritomne u hrozby JS/TrojanDownloader.FakeAlert.NAK trojan horse, ale ziadny z danych suborov, any beziacich procesov som nenasiel. A kedze ani ziaden AV a AS tiez nic nenasli, je mozne ze ide iba o akusi Fake hrozbu, ktora vsak redirektuje pristup na spominane stranky. Snazi sa redirektovat na nasledujuce stranky: hxxps://static.ak.facebook.com a hxxps://t4.liverail.com

Udelame poradek v bezpecnostnich SW, nebot vice SW zpusobuje jen konflikty. Odinstalujte vse a ponechte pouze ESET NOD32 Antivirus

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

bod 1. Ano to uz som spravil, vsetko odinstalovane cez revo uninstaller.
bod 2. Problem prezatial pretrvava. Tu je log:

Zoek.exe v5.0.0.0 Updated 04-March-2015
Tool run by Darken on Thu 03/05/2015 at 22:06:21.03.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Darken\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3/5/2015 10:07:26 PM Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\DsNET Corp deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\PROGRA~3\DAEMON Tools Lite deleted successfully
C:\PROGRA~3\DAEMON Tools Pro deleted successfully
C:\Users\Darken\AppData\Roaming\WinRAR deleted successfully
C:\Users\Darken\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2099156489-267093865-4274563014-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_USERS\S-1-5-21-2099156489-267093865-4274563014-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Darken\AppData\Roaming\Mozilla\Firefox\Profiles\jbdhequ4.default\prefs.js:

Added to C:\Users\Darken\AppData\Roaming\Mozilla\Firefox\Profiles\jbdhequ4.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Darken\AppData\Roaming\Thunderbird\Profiles\buhbfkye.default\prefs.js:

Added to C:\Users\Darken\AppData\Roaming\Thunderbird\Profiles\buhbfkye.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Darken\AppData\Roaming\Thunderbird\Profiles\divy2ext.default\prefs.js:

Added to C:\Users\Darken\AppData\Roaming\Thunderbird\Profiles\divy2ext.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Darken\AppData\Roaming\Thunderbird\Profiles\vhm219pq.Dark2\prefs.js:

Added to C:\Users\Darken\AppData\Roaming\Thunderbird\Profiles\vhm219pq.Dark2\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\DsNET Corp not found
C:\PROGRA~3\Package Cache deleted
C:\Users\Darken\AppData\Local\BIT6B50.tmp deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Darken\Documents\BitLord deleted
"C:\Users\Darken\AppData\Local\{4F006747-3F78-4117-A420-ED77DEF46536}" deleted
"C:\Users\Darken\AppData\Roaming\BitLord" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Darken\AppData\Roaming\Mozilla\Firefox\Profiles\jbdhequ4.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Darken\AppData\Roaming\Thunderbird\Profiles\buhbfkye.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Darken\AppData\Roaming\Thunderbird\Profiles\divy2ext.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Darken\AppData\Roaming\Thunderbird\Profiles\vhm219pq.Dark2
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Up to date, latest Stable version: 40.0.2214.115)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[07/14/2014 06:22 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bmkckgpgekmanipelfidlhmkfcjicion - No path found[]

Google Voice Search Hotword (Beta) - Darken\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.sk/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.sk/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorShield deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdater deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12GBXA9G will be deleted at reboot
C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3M2NREIY will be deleted at reboot
C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLRZU91R will be deleted at reboot
C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YPBG6SML will be deleted at reboot
C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Darken\AppData\Local\Mozilla\Firefox\Profiles\jbdhequ4.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=178 folders=19 3226477099 bytes)

==== Empty Temp Folders ======================

C:\Users\Darken\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Darken\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12GBXA9G" not found
"C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3M2NREIY" not found
"C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLRZU91R" not found
"C:\Users\Darken\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YPBG6SML" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Thu 03/05/2015 at 22:32:20.48 ======================

Jak je ten PC pripojen do site? Wifi, kabel? Router, modem?? Maji problem i nejake dalsi PC v siti??

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Bod 1. Ano vyborny postreh. Pozeram, ze na mojom PC tiez nejdu tie iste stranky (facebook a youtube). Ziadne virusy, ale AV nehlasia. V tomto pripade Avira. Pripojenie kablovy router.

Bod 2. Scan adwcleanerom, som uz robil cca dva dni dozadu. Teraz som spravil teda dalsi, ale podla logov vsetky ukazuju datum 3.3.2015. cize ich sem dam vsetky tri, kedze neviem ktory je ten najaktualnejsi. Jeden z nich vsak je dnesny. Myslim, ze bud prvy, alebo druhy.

LOG1:
# AdwCleaner v4.111 - Logfile created 03/03/2015 at 10:06:08
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Darken - DARKEN-PC
# Running from : C:\Users\Darken\Downloads\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\ProgramData\ytd video downloader
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
File Deleted : C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [2498 bytes] - [03/03/2015 10:01:48]
AdwCleaner[S0].txt - [2311 bytes] - [03/03/2015 10:06:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2370 bytes] ##########
# AdwCleaner v4.111 - Logfile created 06/03/2015 at 12:29:28
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Darken - DARKEN-PC
# Running from : C:\Users\Darken\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DriverTuner_Init
Key Deleted : HKCU\Software\DriverTuner
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [4165 bytes] - [03/03/2015 10:01:48]
AdwCleaner[R1].txt - [915 bytes] - [03/03/2015 10:32:35]
AdwCleaner[S0].txt - [3863 bytes] - [03/03/2015 10:06:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3922 bytes] ##########




LOG2
# AdwCleaner v4.111 - Logfile created 03/03/2015 at 10:01:48
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Darken - DARKEN-PC
# Running from : C:\Users\Darken\Downloads\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Found : C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
File Found : C:\Users\Darken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Folder Found : C:\ProgramData\ytd video downloader

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DriverTuner
Key Found : HKCU\Software\DriverTuner_Init
Key Found : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DriverTuner
Key Found : [x64] HKCU\Software\DriverTuner_Init
Key Found : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115

*************************

AdwCleaner[R0].txt - [2336 bytes] - [03/03/2015 10:01:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2395 bytes] ##########
# AdwCleaner v4.111 - Logfile created 06/03/2015 at 12:19:24
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Darken - DARKEN-PC
# Running from : C:\Users\Darken\Desktop\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DriverTuner
Key Found : HKCU\Software\DriverTuner_Init
Key Found : HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DriverTuner
Key Found : [x64] HKCU\Software\DriverTuner_Init
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115

*************************

AdwCleaner[R0].txt - [3886 bytes] - [03/03/2015 10:01:48]
AdwCleaner[R1].txt - [915 bytes] - [03/03/2015 10:32:35]
AdwCleaner[S0].txt - [2462 bytes] - [03/03/2015 10:06:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4062 bytes] ##########


LOG3
# AdwCleaner v4.111 - Logfile created 03/03/2015 at 10:32:35
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Darken - DARKEN-PC
# Running from : C:\Users\Darken\Downloads\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.115

*************************

AdwCleaner[R0].txt - [2498 bytes] - [03/03/2015 10:01:48]
AdwCleaner[R1].txt - [720 bytes] - [03/03/2015 10:32:35]
AdwCleaner[S0].txt - [2462 bytes] - [03/03/2015 10:06:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [837 bytes] ##########

Jelikoz je napadeny i Vas PC, tak v prve rade to bude chtit reset routeru\modemu, jelikoz mrcha bude primo v nem

Soft reset som uz vyskusal (odpojenie z el. siete), problem nachvilu zmizol, ale po chvili sa znova objavil..

To jste udelal restart, my potrebujem reset = vetsinou nekde vzadu je maly cudlicek, kterym jej uvedete do tovarniho nastavani

Tak som spravil aj tvrdy reset. A zda sa ze problem sa stratil. Otakza znie, ako sa to dostalo do mojho routeru. Musel byt hadam nejako fyzicky infikovany aj ten PC? Je mozne ze v tej zaplave scanov a cleanov co som porobil sa povodny subor uz niekde zmazal. Kedze predpokladam logy ho neukazali.

Jaky pouzivate router?? Nektere routery TP-Link mely chybu ve firmware, ktere umela havet zneuzit a infikovat jej

Udelejte novy log z FRST a mrknem na nejake zbytky

1. Router kablovy edimax.
2. log: http://pastebin.com/0iahuafC

Ako to vyzera?

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remote disinfection tools
• Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse