Prosím, kontrola logu

[MembeR]

Dobrý den,
dostal se ke mně počítač s Windows Vista. Pokaždé, co přejdu na facebook tak se mi neustále načítá bílá obrazovka a někdy se mi načte polovina hlavní stránky. Před dvouma týdnama to ještě fungovalo.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:04:15, on 18.7.2017
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16871)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\MembeR\Downloads\hijackthis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A8409AF-4E1E-44AA-B619-F2AF51456255}: NameServer = 46.16.120.2,46.16.122.2
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files\IObit\IObit Uninstaller\IUService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4767 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.adlice.com/downloadprogress/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako C:\AdwCleaner [C?].txt ), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
-Pokud není program aktuální , klikni na možnost „Aktualizovat nyní“ či „Opravit nyní“.
- bude nalezena aktualizace a nainstaluje se.
- poté klikni na Skenovat nyní
- po proběhnutí programu se ti objeví hláška vpravo dole, tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log. Nebo klikni na „Textový soubor ( .txt)“ a log si ulož.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Dokončit, a program zavři křížkem vpravo nahoře.
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.

[MembeR]

# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 18 21:05:57 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows Vista (TM) Home Premium (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\MembeR\AppData\LocalLow\IObit\Advanced SystemCare
Deleted: C:\Users\MembeR\AppData\Roaming\IObit\Advanced SystemCare
Deleted: C:\Users\Admin\AppData\Local\DriverToolkit
Deleted: C:\Users\MembeR\AppData\Local\DriverToolkit
Deleted: C:\Users\Admin\AppData\Local\slimware utilities inc
Deleted: C:\Users\MembeR\AppData\Local\slimware utilities inc
Deleted: C:\Users\All Users\Documents\Downloaded Installers
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\Users\Admin\AppData\Local\SlimWare Utilities Inc
Deleted: C:\Users\MembeR\AppData\Local\SlimWare Utilities Inc


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: Driver Booster Scheduler


***** [ Registry ] *****

Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2F6ACDC6-2C21-4791-B4C9-EAEFFC861A79}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{ABB9F2B3-1E95-4EF5-ABD2-DA9B13E40403}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2F8F6E93-8F17-47C5-9EE2-7AD3C6AD402B}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{6EE11049-B711-44A8-8179-BB12AD8B816C}C:\program files\premieropinion\pmropn.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{7AB6175E-7500-4B31-8EB5-649C8A876B6A}C:\program files\premieropinion\pmropn.exe
Deleted: [Key] - HKU\S-1-5-21-2633899633-3912273087-861613451-1001\Software\DriverToolkit
Deleted: [Key] - HKCU\Software\DriverToolkit
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-2633899633-3912273087-861613451-1001\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-2633899633-3912273087-861613451-1001\Software\INSTALLPATH\STATUS
Deleted: [Key] - HKCU\Software\INSTALLPATH\STATUS
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{6EE11049-B711-44A8-8179-BB12AD8B816C}C:\program files\premieropinion\pmropn.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{7AB6175E-7500-4B31-8EB5-649C8A876B6A}C:\program files\premieropinion\pmropn.exe
Deleted: [Key] - HKU\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Smart Driver Updater_is1
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Smart Driver Updater_is1


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

SearchProvider deleted: WebSearch - websearch
SearchProvider deleted: mystartsearch - mystartsearch
SearchProvider deleted: mystartsearch - mystartsearch
SearchProvider deleted: mystartsearch - mystartsearch
SearchProvider deleted: mystartsearch - mystartsearch
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72
Startpage deleted: http://www.seznam.cz/
Startpage deleted: http://www.mystartsearch.com/?type=hp&t ... 9057890578
Startpage deleted: http://websearch.searchoholic.info/?pid ... O&unqvl=72


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [5693 B] - [2017/7/18 21:5:34]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

[MembeR]

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 18.07.17
Čas skenování: 23:12
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.103
Aktualizovat verzi balíku komponent: 1.0.2394
Licence: Bezplatný

-Systémová informace-
OS: Windows Vista Service Pack 2
CPU: x86
Systém souborů: NTFS
Uživatel: PC\MembeR

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 334548
Uplynulý čas: 12 min, 44 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[jaro3]

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.adlice.com/download/roguekil ... HlwZT14ODY
64bit.:
http://www.adlice.com/download/roguekil ... HlwZT14NjQ
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7,8,10 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“
- Program skenuje procesy PC. Po proskenování klikni na „Open Report “ , v okně pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

http://www.adlice.com/download/roguekiller/

[MembeR]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows Vista (TM) Home Premium x86
Ran by MembeR (Administrator) on st 19.07.2017 at 15:24:30,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 21

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\MembeR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder)
Successfully deleted: C:\Windows\System32\Tasks\Driver Booster SkipUAC (MembeR) (Task)
Successfully deleted: C:\Windows\System32\Tasks\Uninstaller_SkipUac_MembeR (Task)
Successfully deleted: C:\Windows\Tasks\DriverToolkit Autorun.job (Task)
Successfully deleted: C:\Users\MembeR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23NCU4LM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MembeR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9N86PP3G (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MembeR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UWRYLLQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MembeR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BE61IVJR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MembeR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKI19JXI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MembeR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCAFBWRR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MembeR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ5ZF44S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MembeR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUQ931YE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23NCU4LM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9N86PP3G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9UWRYLLQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BE61IVJR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HKI19JXI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCAFBWRR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ5ZF44S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RUQ931YE (Temporary Internet Files Folder)



Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 19.07.2017 at 15:27:23,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[MembeR]

RogueKiller V12.11.7.0 [Jul 17 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : MembeR [Práva správce]
Started from : C:\Users\MembeR\Desktop\RogueKiller_portable32.exe
Mód : Prohledat -- Datum : 07/19/2017 17:06:44 (Duration : 00:25:38)

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 47 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{0173E9B3-19C1-4A25-995B-4B19EBD68025} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{0776E95A-34E3-4488-886E-094BA16BB6BD} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{0A402C88-0CEB-42C6-A15B-32AA45052706} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{0FFF4843-4EAD-447C-8AA4-2D3BF639F5FC} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{252A24E7-067F-4875-8510-7533F8B6915E} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{29467682-1CFC-46EA-B64D-EB31A56B321D} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{2C4C2DB5-61C5-4D45-A66F-2071EC069328} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{342148B3-7F11-4F39-A287-6829F83FABDA} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{38E8C317-D7A1-49EE-8437-8DFE91462B1E} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{3B942793-EEB0-41B8-BF12-4CD3EDDC9205} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{3ED0372B-4117-4CA3-A638-EF9BF3720248} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{4A1AAA95-FD08-449B-BD16-E87083D8F087} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{4E120188-0CAC-468C-B2D9-9D1F079EBC25} (C:\Users\MembeR\AppData\Local\Temp\HYDE20D.tmp.1483716451\HTA\3rdparty\FS.ocx) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{4E1AD8B6-39B6-4802-90EF-B5D86774D815} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{6120A3D1-AD55-41F9-ADB0-7266E2623364} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{76D50904-6780-4c8b-8986-1A7EE0B1716D} (C:\Users\MembeR\AppData\Local\Roblox\Versions\version-c2285b6f3d724119\RobloxProxy.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{80C997CD-A676-4028-8860-BB5F2F8278F6} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{8235D6A5-AAFD-4D39-BFE8-EF1641AB9257} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{88937009-2404-483D-B6A7-49AA184426B9} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{8CFEBA94-3FC2-45CA-B9A5-9EDACF704F66} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{8F054D20-354E-4A4D-92E4-10CDBA47D848} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{9A6E2BE0-96E4-4985-87AF-BDC668EA15A5} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{9BE3E5B2-BBC3-40BB-AAFE-C94DDA631D32} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{A5BFDB31-5D80-4496-AF9C-79549E2F7BEC} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{B331653F-522E-4FBD-BEA2-D47ED26DA8CC} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{BA8BAB06-715C-49F5-A94F-3E70B1CE38C6} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{C13EDD32-5280-4F40-B002-A21F05219371} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{C17BDE3A-CDBD-45E0-9BCF-FD286A344EE8} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{DC691F49-FD32-4E17-8C5F-F7C31F46FDF5} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{DEA6399C-EA9F-4864-BABB-0F6720A92CE1} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3} (C:\Users\MembeR\AppData\Local\Roblox\Versions\version-c2285b6f3d724119\RobloxProxy64.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{E17FE5B0-C2BC-4C97-8EBF-8EF2F763FCA8} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{F2455538-58A0-45FF-B16C-5F5DBA8D811C} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{F6751CB0-4CE6-4033-A489-5CC2D8C9D716} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{FFB760AB-4ACA-4070-99D5-194D9272B47D} (C:\Users\MembeR\AppData\Local\Temp\Rar$EXa0.759\Unpark-CPU-App\LogParser.dll) -> Nalezeno
[PUP.Gen1] HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1000\Software\DriverToolkit -> Nalezeno
[PUP.Gen1] HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1000\Software\SlimWare Utilities Inc -> Nalezeno
[PUP.Gen1] HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\IM -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Nalezeno
[PUM.Proxy] HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigURL : 192.168.1.1 -> Nalezeno
[PUM.Proxy] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0192.168.1.1 -> Nalezeno
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Bar : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6A8409AF-4E1E-44AA-B619-F2AF51456255} | NameServer : 46.16.120.2,46.16.122.2 ([-][Czechia]) -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {19FAF0F7-168C-4B28-BBDF-AC3E395670C3} : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\MembeR\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe|Name=TeamSpeak 3 Client|Edge=FALSE| [x] -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {467CF1F8-5D71-4F6B-AA92-0AEA23FFEF07} : v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\MembeR\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe|Name=TeamSpeak 3 Client|Edge=FALSE| [x] -> Nalezeno

¤¤¤ Úlohy : 1 ¤¤¤
[Hj.Shortcut] \{C005AB81-5385-485D-ADCF-87F9EF72BE72} -- "c:\program files\google\chrome\application\chrome.exe" (http://www.skype.com/go/downloading?sou ... stError=-3) -> Nalezeno

¤¤¤ Soubory : 4 ¤¤¤
[Hidden.ADS][Stream] C:\Users\MembeR\AppData\Roaming:NT -> Nalezeno
[Hidden.ADS][Stream] C:\Users\MembeR\AppData\Roaming:NT2 -> Nalezeno
[Hidden.ADS][Stream] C:\ProgramData:NT -> Nalezeno
[Hidden.ADS][Stream] C:\ProgramData:NT2 -> Nalezeno

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 5 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.seznam.cz/] -> Nalezeno
[PUP.Gen1][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.mystartsearch.com/?type=hp&ts=1414914151&from=epom2&uid=WDCXWD2500AVJS-63TBA0_WD-WCAPZ379057890578|http://websearch.searchoholic.info/?pid=1539&r=2014/12/21&hid=8524572253021071909&lg=EN&cc=RO&unqvl=72|https://www.duckduckgo.com] -> Nalezeno
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [duckduckgo] -> Nalezeno
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://duckduckgo.com/?q={searchTerms}] -> Nalezeno
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://ac.duckduckgo.com/ac/?q={searchTerms}&type=list] -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-22MFCA0 ATA Device +++++
--- User ---
[MBR] d07645822d3eef77b22b940165451b96
[BSP] d61aaf068bb4a6ea3f2bf5c589dab5b5 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[MembeR]

To je vše ale problém stále přetrvává

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.


Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe
klik nahoře vpravo na .rar-file a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[MembeR]

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by MembeR on st 19.07.2017 at 21:26:11,12.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\MembeR\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19.7.2017 21:27:39 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\BlueStacksSetup deleted successfully
C:\PROGRA~2\Orbit deleted successfully
C:\PROGRA~2\ProductData deleted successfully
C:\PROGRA~2\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} deleted successfully
C:\Users\Admin\AppData\Roaming\Publish Providers deleted successfully
C:\Users\MembeR\AppData\Roaming\GHISLER deleted successfully
C:\Users\MembeR\AppData\Roaming\IrfanView deleted successfully
C:\Users\MembeR\AppData\Roaming\Publish Providers deleted successfully
C:\Users\MembeR\AppData\Local\GHISLER deleted successfully
C:\Users\MembeR\AppData\Local\Troubleshooter deleted successfully
C:\Users\MembeR\AppData\Local\Ubisoft Game Launcher deleted successfully
C:\Users\MembeR\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{06B49EF5-9721-4CB6-8F45-713EAB95B35D} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{072E838B-228D-4A8D-8053-96A65328FA0E} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D99D3FE-0247-4AA7-BFD6-ABBC3726BE92} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AC5C76E-E427-4C62-9C21-A752CDC91536} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DB93D95-A585-4E7E-81C2-43CE93DDBD97} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22DB49C1-D959-4460-AD66-02F495F14A97} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{24705CB0-9405-44E0-A1F2-E804E49F8D68} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{25D7B803-6AA7-407E-8344-408D79EC00B8} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C460959-F20F-4C52-9A3E-A9E68440FA38} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D54DA0D-503E-4AD0-92CB-E4F48CDF178A} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{318AA77F-6E40-4AB2-A168-EB13B271C198} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{34B93EB7-7756-429E-A58C-C795C0EEE4FB} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38D77106-5949-4CA0-A15E-3E2E067614B0} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D646CE6-6609-45BD-8F79-EC36169ECFBE} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DA8DAAA-30E8-470C-85C3-5581229F8219} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40A440E0-223C-4F10-A846-444B4F4E8749} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40B40C94-BC6D-4A0E-8D66-0EC6483F0993} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42840A31-CF35-4B4A-BDA9-E11C419897EB} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49B2BE4C-2647-47E6-A84B-79E3D758CEDE} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DA1A42E-18B2-4537-A738-638FB9A5FE58} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EE8B4A1-CE93-4DCD-92C7-4B5F45DD9257} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52DA93EF-BA0A-475B-BBBB-09084E9587E7} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBA7D35-1349-4437-9C8B-1B2AE8BE34F7} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6D4E5D16-48CB-4357-B5CD-9AAA427FF089} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FD8499E-A781-406C-81BD-05DEC397EE63} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E1D2E88-5FF9-4128-B351-82760B04CB8A} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89589269-4163-4894-8C65-DE1E83C26B32} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{895C3D40-08C3-4CBF-AD21-CD722079DB84} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C7C0111-D04D-4C89-A5E8-2275AACBF510} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CDAD93B-2BA5-4154-8292-FF58C6477F82} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92A86312-9288-4729-93F5-ECD666EB696B} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96B1C9ED-AEA8-4226-A203-622A7EC5952C} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9E4A659B-C58C-46AA-BA45-7F1F741AE615} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A03C9CD0-8528-4AA5-BB59-8DD814859CAA} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD6153A6-1A1F-46C5-BB3B-F9FACFDFEC91} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAE804F1-E4F8-40D8-9842-48BA51FCED72} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB152AEF-8874-4E95-8FB6-D43BEAC04984} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCC99132-776C-4F8B-981A-1C4F619CD351} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BED2EC0D-1149-4830-B199-0A0C616CE82E} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFF1FF83-D72B-46DC-AC26-DEE8D1BD8B3F} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C620D718-7967-485C-A24F-2D86E72BC033} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9212CB8-9AC5-4B35-8F72-F257589E0F78} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE53B338-031A-4182-8C48-059500730FF7} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0F38896-997B-41E5-8830-F32911C28FDE} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3DFC994-4BCE-4F0F-9853-6E2427EF933A} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D8FFDEF6-C165-4BD6-9969-CDF4F28EE85F} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCD40301-8FEF-4A58-8B6D-5B1B553221CA} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD1B5D84-1FD5-4C56-9504-B9F06AAB6757} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF20593D-3A24-4CEC-B874-076FAAAA8D52} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E682B72F-4934-46C7-883E-4EF3DC83364B} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0CE1575-B7E2-4C76-A4DF-CB6E33288381} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7BBD522-9FB3-4379-8CF9-D2F864DF0229} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F984F659-00BD-4A73-A8B9-E53E274A11F7} deleted successfully
HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9950188-FBDD-472A-A4DD-C7B3F0048CE7} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McComponentHostService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Razer Game Scanner Service deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xyfit0bc.default\prefs.js:

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xyfit0bc.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\MembeR\AppData\Roaming\Mozilla\Firefox\Profiles\92lf1n4v.default\prefs.js:

Added to C:\Users\MembeR\AppData\Roaming\Mozilla\Firefox\Profiles\92lf1n4v.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} not found
C:\Users\MembeR\AppData\Roaming\.technic deleted
C:\PROGRA~2\DivX deleted
C:\Users\Admin\.android deleted
C:\Users\MembeR\.android deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\AppData\Local\CrashRpt deleted
C:\Users\MembeR\AppData\LocalLow\Unity deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Windows\System32\Hotspot Shield deleted
"C:\Users\MembeR\AppData\Local\LumaEmu" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xyfit0bc.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\MembeR\AppData\Roaming\Mozilla\Firefox\Profiles\92lf1n4v.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xyfit0bc.default
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi

ProfilePath: C:\Users\MembeR\AppData\Roaming\Mozilla\Firefox\Profiles\92lf1n4v.default
- HTTP - %ProfilePath%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
- Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi
- Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\MembeR\AppData\Roaming\Mozilla\Firefox\Profiles\92lf1n4v.default
B7CA365E7F1BECCE849FF6D390F16DCE - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
2D45A8274592D965EDFB62ACCB1150B1 - C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll - Google Update
80320392DCC61B22F0BB23DD5AD7D341 - C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll - Shockwave Flash


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]

Seznam Lištička - Email - MembeR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Tampermonkey - MembeR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
TastyPlug - MembeR\AppData\Local\Google\Chrome\User Data\Default\Extensions\faccgibalfdoihmenknhpfhldkmgaang
Avast Online Security - MembeR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
MSI Gaming Series Dragon - MembeR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknoiboaofdhfmocdjchadchhdcijndj

==== Chromium Fix ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_auta.trovit.cz_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_auta.trovit.cz_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.user-red.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.user-red.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.user-red.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.user-red.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apkfind.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apkfind.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\MembeR\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\MembeR\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\MembeR\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\MembeR\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\MembeR\AppData\Roaming\Opera Software\Opera Stable\Preferences.bad was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully
C:\Users\MembeR\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\MembeR\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\MembeR\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\MembeR\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonQuickMenu deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cracked Steam Service deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberGhost deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eblueMouseRun deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GSplay.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlimCleaner Plus deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tvncontrol deleted successfully

==== Empty IE Cache ======================

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MembeR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\MembeR\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\MembeR\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2117 folders=600 830318247 bytes)

==== Empty Temp Folders ======================

C:\Users\Admin\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\MembeR\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\MembeR\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\MembeR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on st 19.07.2017 at 21:49:57,89 ======================

[MembeR]

ComboFix 17-07-07.01 - MembeR 19.07.2017 22:03:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3486.1660 [GMT 2:00]
Spuštěný z: c:\users\MembeR\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-06-19 do 2017-07-19 )))))))))))))))))))))))))))))))
.
.
2017-07-19 20:13 . 2017-07-19 20:15 -------- d-----w- c:\users\MembeR\AppData\Local\temp
2017-07-19 20:13 . 2017-07-19 20:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2017-07-19 19:47 . 2017-07-19 19:26 24064 ----a-w- c:\windows\zoek-delete.exe
2017-07-19 19:26 . 2017-07-19 19:45 -------- d-----w- C:\zoek_backup
2017-07-19 15:00 . 2017-07-19 15:06 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-07-19 14:59 . 2017-07-19 15:05 -------- d-----w- c:\programdata\RogueKiller
2017-07-19 13:33 . 2017-07-19 13:33 -------- d-----w- c:\programdata\Sophos
2017-07-19 13:32 . 2017-07-19 13:32 -------- d-----w- c:\program files\Sophos
2017-07-19 06:15 . 2017-07-19 06:15 -------- d-----w- c:\users\Admin\AppData\Local\CEF
2017-07-18 21:19 . 2017-07-18 21:19 -------- d-----w- c:\users\MembeR\AppData\Local\CEF
2017-07-18 21:03 . 2017-07-18 21:05 -------- d-----w- C:\AdwCleaner
2017-07-18 15:17 . 2017-07-18 15:18 -------- d-----w- c:\program files\Opera
2017-07-18 14:38 . 2017-07-18 14:37 303280 ----a-w- c:\windows\system32\aswBoot.exe
2017-07-18 13:09 . 2013-09-16 10:17 16344 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2017-07-18 13:07 . 2013-09-16 10:17 56280 ----a-w- c:\windows\system32\drivers\HECI.sys
2017-07-18 12:17 . 2017-07-18 13:07 -------- d-----w- C:\install
2017-07-08 20:50 . 2017-07-08 20:50 -------- d-----w- c:\users\Admin\AppData\Local\Microsoft Help
2017-07-08 20:37 . 2017-07-08 20:37 -------- d-----w- c:\users\Admin\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-07-18 21:12 . 2017-04-09 21:11 220088 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-18 14:39 . 2016-05-24 04:10 123928 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2017-07-18 14:37 . 2017-03-04 12:02 50384 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-07-18 14:37 . 2017-03-04 12:02 276736 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-07-18 14:37 . 2017-03-04 12:02 157416 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-07-18 14:37 . 2017-03-04 12:02 267008 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-07-08 21:05 . 2006-11-02 06:37 11973 ----a-w- c:\windows\system32\drivers\secdrv.sys
2017-07-06 07:03 . 2016-05-24 04:10 296312 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-07-06 07:03 . 2016-05-24 04:10 202688 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2017-07-06 07:03 . 2016-05-24 04:10 496976 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-07-06 07:03 . 2016-05-24 04:10 70840 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-07-06 07:03 . 2016-05-24 04:10 70088 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2017-07-06 07:03 . 2016-05-24 04:10 42824 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-07-06 07:02 . 2016-05-24 13:39 39752 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-07-06 07:02 . 2016-05-24 04:10 774288 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-07-06 07:02 . 2017-03-04 12:24 339952 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2017-06-04 08:42 . 2017-05-16 14:31 3354976 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2017-06-04 08:42 . 2017-05-16 14:31 3213824 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1029\ResourceCache.dll
2017-05-26 13:21 . 2016-06-14 21:05 803320 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-05-26 13:21 . 2016-06-14 21:05 144888 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-05-16 14:31 . 2017-05-16 14:31 28672 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2017-05-11 14:46 . 2017-05-11 14:46 233888 ----a-w- c:\windows\system32\DreamScene.dll
2017-05-05 15:17 . 2017-04-21 16:17 64288 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-05-05 13:01 . 2017-04-21 16:13 161216 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-05-05 13:00 . 2017-04-21 16:09 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-04-21 16:26 . 2017-04-09 21:10 59904 ----a-w- c:\windows\system32\drivers\mbae.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-07-18 14:37 1210312 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-07-18 213832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C12A253A.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes TrayApp]
2017-01-20 06:57 2780112 ----a-w- c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2017-02-20 16:23 15009280 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 13:18 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2017-07-18 00:33 3062560 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\World of Tanks]
2017-02-28 10:17 3135752 ----a-w- c:\games\World_of_Tanks\WargamingGameUpdater.exe
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-07-26 18:18 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{6A8409AF-4E1E-44AA-B619-F2AF51456255}: NameServer = 46.16.120.2,46.16.122.2
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Microsoft SQL Server 10 - c:\program files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe
AddRemove-{b480f6cc-fa56-482b-b0a3-49d69a32db6d} - c:\programdata\Package Cache\{b480f6cc-fa56-482b-b0a3-49d69a32db6d}\Intel Driver Update Utility Installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-07-19 22:17
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:35,25,67,2b,ca,21,24,63,65,6f,2b,28,ca,72,f5,47,b0,5a,b6,32,b5,86,85,
ba,ca,24,b4,92,ee,5e,95,e1,b4,07,24,7a,5c,43,9d,8e,75,ba,eb,6b,f7,71,05,6c,\
"??"=hex:5f,7b,08,ef,00,2f,6f,7a,66,26,4c,dd,8d,01,0d,e0
.
[HKEY_USERS\S-1-5-21-2633899633-3912273087-861613451-1001\Software\SecuROM\License information*]
"datasecu"=hex:bd,cb,69,ac,e4,6b,11,e9,b3,3f,b0,65,d0,0c,31,fc,3d,7d,1a,47,28,
96,27,46,7e,7a,50,f1,a1,c3,03,e6,ba,f2,1b,8b,9a,12,a4,03,1d,88,0c,e0,03,e4,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\AVAST Software\Avast\afwServ.exe
c:\program files\Intel\iCLS Client\HeciServer.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\conime.exe
c:\program files\AVAST Software\Avast\AvastUI.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\AVAST Software\SZBrowser\launcher.exe
c:\program files\AVAST Software\SZBrowser\1.48.2066.120_3\SZBrowser_autoupdate.exe
.
**************************************************************************
.
Celkový čas: 2017-07-19 22:20:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2017-07-19 20:20
.
Před spuštěním: Volných bajtů: 727 455 379 456
Po spuštění: Volných bajtů: 727 294 676 992
.
- - End Of File - - 7A737E89D54EB60970373B36A07F53C0
5C616939100B85E558DA92B899A0FC36

[MembeR]

Nevidím zatím žádné změny, dokonce se mi zdá, že je systém a načítání stránek pomalejší