VIRY.CZ

Dobrý den,
asi před týdnem než sem jel na dovolenou mi avast našel rootkit ,po smazání se objevil znovu. Přikládám log FRST: http://leteckaposta.cz/747843207. Předem děkuji za pomoc.

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Zde log z Adwcleaneru:
# AdwCleaner v4.208 - Log vytvořen 10/08/2015 v 10:39:36
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-08-01.1 [Server]
# Operační system : Windows 10 Home (x64)
# Uživatelské jméno : David - NB_DAVID
# Spuštěno z : C:\Users\David\Desktop\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.10240.16384


-\\ Mozilla Firefox v39.0.3 (x86 cs)


-\\ Google Chrome v44.0.2403.130


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [1150 bytů] - [25/07/2015 18:21:39]
AdwCleaner[R1].txt - [12421 bytů] - [31/07/2015 11:07:03]
AdwCleaner[R2].txt - [1491 bytů] - [10/08/2015 10:34:36]
AdwCleaner[R3].txt - [1280 bytů] - [10/08/2015 10:38:06]
AdwCleaner[S0].txt - [1162 bytů] - [25/07/2015 18:35:17]
AdwCleaner[S1].txt - [9466 bytů] - [31/07/2015 11:07:49]
AdwCleaner[S2].txt - [1550 bytů] - [10/08/2015 10:36:17]
AdwCleaner[S3].txt - [1205 bytů] - [10/08/2015 10:39:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1263 bytů] ##########

Dejte nový log FRST.

Log se nevešel tak je zase na letecký. http://leteckaposta.cz/345739815

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-07-24] (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o4874t2w.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o4874t2w.default\extensions\deskCutv2@gmail.com [not found]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga [2015-08-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\David\AppData\Local\Temp
End

Skript vykonán.
Nový log FRST zde: http://leteckaposta.cz/914455629
A samotný fixlog :


Fix result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by David (2015-08-11 22:22:12) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-07-24] (Tonec Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o4874t2w.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o4874t2w.default\extensions\deskCutv2@gmail.com [not found]
CHR Extension: (No Name) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga [2015-08-10]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-07-24]
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\David\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\! IDM Shell Extension" => key removed successfully
"HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o4874t2w.default\extensions\defsearchp@gmail.com not found.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\o4874t2w.default\extensions\deskCutv2@gmail.com not found.
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key removed successfully
C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx => moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully.

"C:\Users\David\AppData\Local\Temp" folder move:

Could not move "C:\Users\David\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-11 22:24:55)<=

C:\Users\David\AppData\Local\Temp => moved successfully

==== End of Fixlog 22:25:00 ====

Smazáno. Nastala nějaká změna?

Zatím v pořádku, děkuji.

Rádo se stalo!