Dostal se mi do PC malware - Adaware Secure Search

[DarkWerewolf]

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by DarkWerewolf on p  03.01.2020 at 20:15:06,42.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: E:\Download Firefox\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3.1.2020 20:18:48 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\7-Zip deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\IrfanView deleted successfully
C:\Program Files\Common Files\AV deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\CanonIJScan deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Shared Space deleted successfully
C:\Users\DarkWerewolf\AppData\Roaming\IrfanView deleted successfully
C:\Users\DarkWerewolf\AppData\Roaming\Opera deleted successfully
C:\Users\DarkWerewolf\AppData\Roaming\ts3overlay_hook_win64 deleted successfully
C:\Users\DarkWerewolf\AppData\Local\Opera deleted successfully
C:\Users\DarkWerewolf\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3689603141-1990402863-4256546215-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3689603141-1990402863-4256546215-1000\Software\Mozilla\Firefox\Extensions\acewebextension_unlisted@acestream.org deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/");
user_pref("browser.search.defaultenginename", "Default Search Engine");
user_pref("browser.search.selectedEngine", "Default Search Engine");

Added to C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/");
user_pref("browser.newtab.url", "http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10438__191220");
user_pref("browser.search.defaultenginename", "Default Search Engine");
user_pref("browser.search.selectedEngine", "Default Search Engine");
user_pref("browser.search.suggest.enabled", true);

Added to C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.cz/");

Added to C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"sendToDevice
---- FireFox user.js and prefs.js backups ----

prefs_03.01.2020_2041_.backup

ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814

user.js not found
---- Lines securedsearch removed from prefs.js ----
user_pref("browser.newtabpage.url", "http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10438__191220");
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"sendToDevice
---- FireFox user.js and prefs.js backups ----

prefs_03.01.2020_2041_.backup

ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_03.01.2020_2041_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\7-Zip not found
C:\Users\DarkWerewolf\AppData\Roaming\7DaysToDie deleted
C:\Users\DarkWerewolf\AppData\LocalLow\{590AEAB8-AFF4-FB62-85F7-D4270A615E77} deleted
C:\Users\DarkWerewolf\AppData\LocalLow\{99B80A54-2B29-1BD1-3401-A9E97CF3C478} deleted
C:\Users\DarkWerewolf\AppData\Local\Packages\windows_ie_ac_001\AC\{99B80A54-2B29-1BD1-3401-A9E97CF3C478} deleted
C:\Users\DarkWerewolf\AppData\Roaming\bitlord_log.txt deleted
C:\Users\DarkWerewolf\AppData\Roaming\BitLord deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\DarkWerewolf\AppData\Local\{003ACA6A-C058-424D-B955-A82DE5375C64} deleted
C:\Users\DarkWerewolf\AppData\Local\cache deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\DarkWerewolf\Documents\BitLord deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\searchplugins\yahoo.xml" deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\searchplugins\yahoo.xml" deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\searchplugins\yahoo.xml" deleted
"C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814\searchplugins\yahoo.xml" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
- short_ __MSG_name__ - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
- NASA Night Launch - %ProfilePath%\extensions\nasanightlaunch@example.com.xpi
- __MSG_avastAppShortName__ - %ProfilePath%\extensions\sp@avast.com.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Avast Online Security - %ProfilePath%\extensions\wrc@avast.com.xpi
- theme: images: theme_frame: Brushed_black_o.jpg colors: frame: 808080 tab_background_text: ffffff version: 2.0 Brushed Black manifest_version: 2 description: brushed black white krazer verkrazt schwarz nice modern abstract persona firefox bayern bavaria weiss wei\u00c3\u0178 omg lol wtf - %ProfilePath%\extensions\{a2df062f-8b7e-43ba-a943-bbe8671517fb}.xpi
- short_ __MSG_name__ - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\DARKWE~1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default
- ChatZilla - C:\Users\DarkWerewolf\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\DarkWerewolf\AppData\Roaming\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114
- C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_207.dll - [?]
- C:\Users\DarkWerewolf\AppData\Roaming\ACEStream\player\npace_plugin.dll - [?]
784DBD845E2E2897C9609657CAB74F1D - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
F393B78929B97D9AFBE5A1781B715BC3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67

Profilepath: C:\Users\DarkWerewolf\AppData\Roaming\Mozilla\Firefox\Profiles\papgppha.default-1449397682814
- C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_192.dll - [?]
784DBD845E2E2897C9609657CAB74F1D - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
F393B78929B97D9AFBE5A1781B715BC3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\DarkWerewolf\AppData\Local\Google\Chrome SxS deleted

==== Chromium Look ======================


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
mjbepbhonbojpoaenhckjocchgfiaofo - No path found[]

==== Chromium Startpages ======================

C:\Users\DarkWerewolf\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "https://www.google.com/" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"=""
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"=""
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes "DefaultScope"=""
HKCU\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\DarkWerewolf\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF640D9A-FDEE-24B1-3A56-D124133BF244} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\99ec5e62-9d5e-41e0-9a2e-d7a61d723f05 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VICTORY Gaming Keyboard deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\DarkWerewolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DarkWerewolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\DarkWerewolf\AppData\Local\Mozilla\Firefox\Profiles\8bj152if.default-release-1559671389114\cache2 emptied successfully
C:\Users\DarkWerewolf\AppData\Local\Mozilla\SeaMonkey\Profiles\ebhtf9co.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3408 folders=117 474860148 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\DarkWerewolf\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Oliwka\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\DARKWE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\DarkWerewolf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted

==== EOF on p  03.01.2020 at 22:13:37,09 ======================

[Reklama]

[DarkWerewolf]

Informace o kontroly
Název produktu    :  Zemana AntiMalware
Stav kontroly    :  Dokončena
Datum kontroly    :  3.1.2020 22:25:37
Typ kontroly    :  Inteligentní kontrola
Čas trvání    :  00:00:33
Zkontrolované objekty    :  1446
Zjištěné objekty    :  3
Vyloučené objekty    :  0
Automatické odesílání    :  Ano
Operační systém    :  Windows 7 x64
Procesor    :  4X Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
Režim systému BIOS    :  Legacy
Informace o doméně    :  WORKGROUP,False,NetSetupWorkgroupName
CUID    :  1282F4EAA2BEBB7BACA4A2


Odhalení
MD5    :  
Stav    :  Zkontrolováno
Objekt    :  c:\users\darkwerewolf\appdata\roaming\mozilla\firefox\profiles\papgppha.default-1449397682814\extensions\{a2df062f-8b7e-43ba-a943-bbe8671517fb}.xpi
Vydavatel    :  
Velikost    :  0
Odhalení    :  HijackExt:FirefoxPlugin/{a2df062f-8b7e-43ba-a943-bbe8671517fb}
Akce    :  Vymazat
-----------------------------------------------------------------------
MD5    :  
Stav    :  Zkontrolováno
Objekt    :  default search engine - http://securesearch.org
Vydavatel    :  
Velikost    :  0
Odhalení    :  Hijack:Browser/FirefoxSearch
Akce    :  Vymazat
-----------------------------------------------------------------------
MD5    :  A39B10C55538E7805862A3EDF9CBB52C
Stav    :  Zkontrolováno
Objekt    :  c:\programdata\wargaming.net\gamecenter\wgc.exe
Vydavatel    :  Wargaming.net Limited
Velikost    :  2414456
Odhalení    :  Suspicious:SRC!R
Akce    :  Karanténa
-----------------------------------------------------------------------

[DarkWerewolf]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:07, on 3.1.2020
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe
C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
E:\Download Firefox\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programs\MSOFFI~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programs\MS Office Enterprise 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programs\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Bloody2] "C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe" Minimum
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programs\MSOFFI~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programs\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programs\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MSOFFI~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8077A3B-51E5-4DB0-B9A9-2966F554DCBE}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programs\MSOFFI~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - D:\Programs\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - D:\Programs\Avast\AvastSvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Programs\Comodo firewall\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - D:\Programs\Comodo firewall\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: isesrv - COMODO - C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Users\DarkWerewolf\Desktop\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Wireless Controller Service - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8765 bytes

[DarkWerewolf]

Stále ta mrcha je v prohlížeči (pokud kliknu mimo domovskou stránku).

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programs\Adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

AVAST Software
COMODO Internet Security
2 antiviry??

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.