VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Podezření na adware

https://forum.viry.cz:443/viewtopic.php?t=143613

Stránka 1 z 2

Podezření na adware

Napsal: 20 bře 2015 22:58
od Pixe
Dobrý den, dnes se mi z ničeho nic vypnul Google Chrome a po jeho opětovném zapnutí se začaly objevovat známky adwaru - Express Find Ads, i přesto, že mám aktivovaný AdBlock.

Screeny:

Obrázek

Obrázek

Prosím o kontrolu logu z RSIT. Protože je log mnohem delší než je povolený počet znaků pro jednu zprávu, a příloha .txt není povolena, ke stažení je zde:

http://s000.tinyupload.com/download.php ... 4050396345


Děkuji.

Re: Podezření na adware

Napsal: 21 bře 2015 05:13
od vyosek
Zdravim :)

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: Podezření na adware

Napsal: 21 bře 2015 10:16
od Pixe
# AdwCleaner v4.112 - Logfile created 21/03/2015 at 10:06:58
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Vojtěch - DWOITTA
# Running from : C:\Users\Vojtěch\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Folder Deleted : C:\Program Files (x86)\DriverToolkit
Folder Deleted : C:\Users\Vojtěch\AppData\Local\DriverToolkit
Folder Deleted : C:\Users\Vojtěch\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
File Deleted : C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\DriverToolkit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v41.0.2272.101

[C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.partnersis.cz/vyhledavani/?query={s ... 3EdoSearch
[C:\Users\Vojtěch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.jsmepartners.cz/cs/vyhledavani/?act ... earchTerms}

*************************

AdwCleaner[R0].txt - [2332 bytes] - [28/09/2014 00:09:59]
AdwCleaner[R1].txt - [2253 bytes] - [21/03/2015 10:05:23]
AdwCleaner[S0].txt - [2384 bytes] - [28/09/2014 00:11:02]
AdwCleaner[S1].txt - [2157 bytes] - [21/03/2015 10:06:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2216 bytes] ##########

Re: Podezření na adware

Napsal: 22 bře 2015 14:38
od Pixe
Co dál? :-)

Re: Podezření na adware

Napsal: 22 bře 2015 17:14
od cernohous13
Zravím a omlouvám se za vstup - aby nebyly prostoje
:arrow: pravděpodobně budeš nucen vypnout na tu chvíli antivir - je to čisté, prověřeno
vyosek píše: :arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
Log bude zde C:\zoek-results.log

Re: Podezření na adware

Napsal: 22 bře 2015 18:15
od Pixe
Po zásahu Zoeku se z Chromu vymazal AdBlock a adware ukázal svou plnou sílu (viz screen: https://www.imageupload.co.uk/images/20 ... znazvu.png)



Log je tady:

Zoek.exe v5.0.0.0 Updated 21-March-2015
Tool run by VojtŘch on ne 22. 03. 2015 at 17:51:17,20.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\VOJTCH~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22. 3. 2015 17:52:58 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Amazon deleted successfully
C:\PROGRA~2\Razer deleted successfully
C:\PROGRA~3\firebird deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\UpdatusUser\AppData\\LocalLow deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Service Mgr ExpressFind deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update Mgr ExpressFind deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\VOJTCH~1\AppData\Roaming\Mozilla\Firefox\Profiles\Tx1cA8GF.default\prefs.js:

Added to C:\Users\VOJTCH~1\AppData\Roaming\Mozilla\Firefox\Profiles\Tx1cA8GF.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Amazon not found
C:\PROGRA~2\Razer not found
C:\PROGRA~3\77790361-426c-4fa2-8cf3-5994543d685d deleted
C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted
C:\PROGRA~2\COMMON~1\77790361-426c-4fa2-8cf3-5994543d685d deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat deleted
C:\windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\Public\Desktop\UmmyVideoDownloader.lnk deleted
C:\Users\VOJTCH~1\AppData\Roaming\Mozilla\Firefox\Profiles\Tx1cA8GF.default\extensions\abs@avira.com deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\VOJTCH~1\AppData\Roaming\Mozilla\Firefox\Profiles\Tx1cA8GF.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [24. 01. 2015 00:22]

==== Firefox Extensions ======================

ProfilePath: C:\Users\VOJTCH~1\AppData\Roaming\Mozilla\Firefox\Profiles\Tx1cA8GF.default
- Undetermined - C:\Users\Vojtěch\AppData\Roaming\Mozilla\Firefox\Profiles\Tx1cA8GF.default\extensions\abs@avira.com

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 41.0.2272.101 (Latest Stable version: 41.0.2272.101)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Angry Birds - VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
RescueTime for Chrome™ & ChromeOS™ - VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdakmnplckeopfghnlpocafcepegjeap
AdBlock - VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Play Books - VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb
deviantART muro - VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei
TypingClub - VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah
Learn Spanish - VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj
Canvas Rider - VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk

==== Chromium Startpages ======================

C:\Users\VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.gymtce.cz/",


==== Chromium Fix ======================

C:\Users\VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage deleted successfully
C:\Users\VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.savefrom.net_0.localstorage-journal deleted successfully
C:\Users\VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.someecards.com_0.localstorage deleted successfully
C:\Users\VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.someecards.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{EC1E37EC-F847-4302-AA90-31B43698D04E} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"

==== Reset Google Chrome ======================

C:\Users\VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\VOJTCH~1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\VOJTCH~1\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\VOJTCH~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\VOJTCH~1\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\VOJTCH~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=193 folders=51 109359142 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\VOJTCH~1\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\VOJTCH~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not deleted

==== EOF on ne 22. 03. 2015 at 18:06:08,24 ======================

Re: Podezření na adware

Napsal: 23 bře 2015 10:03
od vyosek
Poprosim nyni o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Re: Podezření na adware

Napsal: 23 bře 2015 11:26
od Pixe
Vaše zpráva obsahuje 488094 znaků. Maximální povolený počet znaků je 100000.

Log se sem nevejde, tady je ke stažení: http://s000.tinyupload.com/download.php ... 5522523589

Re: Podezření na adware

Napsal: 23 bře 2015 11:43
od Pixe
Můžu si znovu stáhnout AdBlock než se problém vyřeší? Ten adware je na palici :)

Re: Podezření na adware

Napsal: 23 bře 2015 11:49
od vyosek
:arrow: Za chvili bude po nem

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2015-01-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-11] (Geek Software GmbH)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [Spotify Web Helper] => C:\Users\Vojtěch\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-09] (Spotify Ltd)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [Spotify] => C:\Users\Vojtěch\AppData\Roaming\Spotify\Spotify.exe [6611512 2015-03-09] (Spotify Ltd)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\MountPoints2: {7b0a68b6-bde8-11e4-be9f-e006e6bf2c39} - "G:\Startme.exe" 
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\MountPoints2: {ed59d548-44f1-11e4-be87-e006e6bf2c39} - "G:\Startme.exe" 
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} =>  No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} =>  No File

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FF Extension: No Name - C:\Users\Vojtěch\AppData\Roaming\Mozilla\Firefox\Profiles\Tx1cA8GF.default\extensions\abs@avira.com [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

015-03-23 11:14 - 2015-03-23 11:14 - 00023619 _____ () C:\Users\Vojtěch\Desktop\FRST.txt
2015-03-22 18:05 - 2015-03-22 18:05 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-22 18:03 - 2015-03-22 17:51 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-03-22 17:52 - 2015-03-22 18:06 - 00009660 _____ () C:\zoek-results.log
2015-03-22 17:51 - 2015-03-22 18:02 - 00000000 ____D () C:\zoek_backup
2015-03-22 17:50 - 2015-03-22 17:50 - 01305600 _____ () C:\Users\Vojtěch\Desktop\zoek.exe
2015-03-21 10:02 - 2015-03-21 10:02 - 02171392 _____ () C:\Users\Vojtěch\Desktop\adwcleaner_4.112.exe
2015-03-20 22:44 - 2015-03-20 22:45 - 00112640 _____ (forum.viry.cz) C:\Users\Vojtěch\Desktop\FRSTLauncher.exe
2015-03-20 13:39 - 2015-03-20 13:39 - 00000000 ____D () C:\Program Files (x86)\Express Find

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: Podezření na adware

Napsal: 23 bře 2015 12:01
od Pixe
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Vojtěch at 2015-03-23 11:54:28 Run:1
Running from C:\Users\Vojtěch\Desktop
Loaded Profiles: Vojtěch (Available profiles: UpdatusUser & Vojtěch)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2015-01-24] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-11] (Geek Software GmbH)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [Spotify Web Helper] => C:\Users\Vojtěch\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-09] (Spotify Ltd)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\Run: [Spotify] => C:\Users\Vojtěch\AppData\Roaming\Spotify\Spotify.exe [6611512 2015-03-09] (Spotify Ltd)
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\MountPoints2: {7b0a68b6-bde8-11e4-be9f-e006e6bf2c39} - "G:\Startme.exe"
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\...\MountPoints2: {ed59d548-44f1-11e4-be87-e006e6bf2c39} - "G:\Startme.exe"
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)

FF Extension: No Name - C:\Users\Vojtěch\AppData\Roaming\Mozilla\Firefox\Profiles\Tx1cA8GF.default\extensions\abs@avira.com [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

015-03-23 11:14 - 2015-03-23 11:14 - 00023619 _____ () C:\Users\Vojtěch\Desktop\FRST.txt
2015-03-22 18:05 - 2015-03-22 18:05 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-22 18:03 - 2015-03-22 17:51 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-03-22 17:52 - 2015-03-22 18:06 - 00009660 _____ () C:\zoek-results.log
2015-03-22 17:51 - 2015-03-22 18:02 - 00000000 ____D () C:\zoek_backup
2015-03-22 17:50 - 2015-03-22 17:50 - 01305600 _____ () C:\Users\Vojtěch\Desktop\zoek.exe
2015-03-21 10:02 - 2015-03-21 10:02 - 02171392 _____ () C:\Users\Vojtěch\Desktop\adwcleaner_4.112.exe
2015-03-20 22:44 - 2015-03-20 22:45 - 00112640 _____ (forum.viry.cz) C:\Users\Vojtěch\Desktop\FRSTLauncher.exe
2015-03-20 13:39 - 2015-03-20 13:39 - 00000000 ____D () C:\Program Files (x86)\Express Find

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TkBellExe => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RealDownloader => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PDFPrint => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper => value deleted successfully.
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Windows\CurrentVersion\Run\\HP Officejet Pro 8600 (NET) => value deleted successfully.
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Sony PC Companion => value deleted successfully.
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify => value deleted successfully.
"HKU\S-1-5-21-3065073901-2688806363-962121247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b0a68b6-bde8-11e4-be9f-e006e6bf2c39}" => Key deleted successfully.
HKCR\CLSID\{7b0a68b6-bde8-11e4-be9f-e006e6bf2c39} => Key not found.
"HKU\S-1-5-21-3065073901-2688806363-962121247-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed59d548-44f1-11e4-be87-e006e6bf2c39}" => Key deleted successfully.
HKCR\CLSID\{ed59d548-44f1-11e4-be87-e006e6bf2c39} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => Key deleted successfully.
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => Key deleted successfully.
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => Key deleted successfully.
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => Key deleted successfully.
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.
HKU\S-1-5-21-3065073901-2688806363-962121247-1002\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}" => Key deleted successfully.
"HKCR\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}" => Key deleted successfully.
"HKCR\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{553891B7-A0D5-4526-BE18-D3CE461D6310} => value deleted successfully.
"HKCR\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{553891B7-A0D5-4526-BE18-D3CE461D6310} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}" => Key deleted successfully.
C:\Users\Vojtěch\AppData\Roaming\Mozilla\Firefox\Profiles\Tx1cA8GF.default\extensions\abs@avira.com not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
015-03-23 11:14 - 2015-03-23 11:14 - 00023619 _____ () C:\Users\Vojtěch\Desktop\FRST.txt => Error: No automatic fix found for this entry.
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Vojtěch\Desktop\zoek.exe => Moved successfully.
C:\Users\Vojtěch\Desktop\adwcleaner_4.112.exe => Moved successfully.
C:\Users\Vojtěch\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Program Files (x86)\Express Find => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\DriverToolkit Autorun.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 747.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 11:55:21 ====

Re: Podezření na adware

Napsal: 23 bře 2015 12:03
od vyosek
Tak co reklamy??

Re: Podezření na adware

Napsal: 23 bře 2015 12:06
od Pixe
Nic se nezměnilo, pořád vyskakujou, často se stává i to, že když někam kliknu, jsem přesměrován jinam (typicky reklama na kasíno, webovou hru atp.) :-(

Re: Podezření na adware

Napsal: 23 bře 2015 12:08
od vyosek
Problem ve vsech prohlizecich??

Re: Podezření na adware

Napsal: 23 bře 2015 12:12
od Pixe
IE se zdá být v pořádku, problém je jen v Chromu...víc prohlížečů nemám.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz