Urgentní kontrola logu Vyřešeno

[roady]

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : roady [Práva správce]
Mód : Odebrat -- Datum : 09/16/2014 15:01:30

¤¤¤ Škodlivé procesy: : 4 ¤¤¤
[Suspicious.Path] szninstall.exe -- C:\Users\roady\AppData\Roaming\Seznam.cz\szninstall.exe[7] -> SMAZÁNO [TermProc]
[Suspicious.Path] szndesktop.exe -- C:\Users\roady\AppData\Roaming\Seznam.cz\bin\szndesktop.exe[7] -> SMAZÁNO [TermProc]
[Suspicious.Path] listicka-x64.exe -- C:\Users\roady\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe[7] -> SMAZÁNO [TermThr]
[Suspicious.Path] explorer.exe -- C:\Users\roady\AppData\Roaming\Seznam.cz\bin\8799libfoxloader-x64.dll[-] -> ODEBRÁNO

¤¤¤ ¤¤¤ Záznamy Registrů: : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3149046002-180890714-1592814674-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\roady\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x] -> VYMAZÁNO
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3149046002-180890714-1592814674-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\roady\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x] -> VYMAZÁNO
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3149046002-180890714-1592814674-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\roady\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3149046002-180890714-1592814674-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\roady\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> ERROR [2]
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3149046002-180890714-1592814674-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3149046002-180890714-1592814674-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3149046002-180890714-1592814674-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3149046002-180890714-1592814674-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NAHRÁNO) ¤¤¤

¤¤¤ Webové prohlížeče : 27 ¤¤¤
[CHROME:Addon] Default : Google Translate [aapbdbdomjkkjkaonfhkkikfgjllcleb] -> VYMAZÁNO
[CHROME:Addon] Default : Angry Birds [aknpkdffaafgjchaibgeefbgmgeghloj] -> ERROR [2]
[CHROME:Addon] Default : Google Docs [aohghmighlieiainnegkcijnfilokake] -> ERROR [2]
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> ERROR [2]
[CHROME:Addon] Default : Validity [bbicmjjbohdfglopkidebfccilipgeif] -> ERROR [2]
[CHROME:Addon] Default : TV [beobeededemalmllhkmnkinmfembdimh] -> ERROR [2]
[CHROME:Addon] Default : drag2up [bjgjolhpdlgebodaapdafhdnikagbfll] -> ERROR [2]
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
[CHROME:Addon] Default : Guitarist's Reference [cddaabhppoebkmalboinjhgofbhdbcgk] -> ERROR [2]
[CHROME:Addon] Default : Dale Chihuly [cnenonhiffdmndmgiinmldkabciohign] -> ERROR [2]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
[CHROME:Addon] Default : Photo Zoom for Facebook [elioihkkcdgakfbahdoddophfngopipi] -> ERROR [2]
[CHROME:Addon] Default : ClickMovie1-Downloaderv10 [famckgmbgakbiifkgdcjemmpefncdaog] -> ERROR [2]
[CHROME:Addon] Default : fmebanjjkaohcmifehogijfgcoieefnp [fmebanjjkaohcmifehogijfgcoieefnp] -> ERROR [2]
[CHROME:Addon] Default : AdBlock [gighmmpiobklfepjocnamgkkbiglidom] -> ERROR [2]
[CHROME:Addon] Default : avast! Online Security [gomekmidlodglbbmalcneegieacbdmki] -> ERROR [2]
[CHROME:Addon] Default : World Time Buddy [jdhpjomiingppeefgnohkiapmnaeakoj] -> ERROR [2]
[CHROME:Addon] Default : Google +1 Button [jgoepmocgafhnchmokaimcmlojpnlkhp] -> ERROR [2]
[CHROME:Addon] Default : Cargo Bridge [keembkgclppcbilkekfgpobhldjjhpmn] -> ERROR [2]
[CHROME:Addon] Default : Google Maps [lneaknkopdijkpnocmklfnjbeapigfbh] -> ERROR [2]
[CHROME:Addon] Default : Google Mail Checker [mihcahmgecmbnbcchbopgniflfhgnkff] -> ERROR [2]
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : SEO for Chrome [oangcciaeihlfmhppegpdceadpfaoclj] -> ERROR [2]
[CHROME:Addon] Default : My Chrome Theme [oehpjpccmlcalbenfhnacjeocbjdonic] -> ERROR [2]
[CHROME:Addon] Default : Seznam Lištička - Rychlá volba [olfeabkoenfaoljndfecamgilllcpiak] -> ERROR [2]
[CHROME:Addon] Default : Grooveshark No Ads (Premium PLUS) [ophofnjodjgljblicnfogmlaffjobocb] -> ERROR [2]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 2148a229775f731697d306809d4a92c5
[BSP] 2e98d0607f5b07122474589ecd7c15c4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 50000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 102402048 | Size: 426936 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] c79861213f9b92783867a8d7c6eca346
[BSP] 36271b1ed84c1ef95cbbc2991ed4cec3 : Windows Vista/7/8 MBR Code
Partition table:
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_09162014_120322.log - RKreport_SCN_09162014_122022.log - RKreport_SCN_09162014_145231.log

[Reklama]

[roady]

Zoek.exe v5.0.0.0 Updated 14-September-2014
Tool run by roady on Łt 16.09.2014 at 15:04:16,70.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\roady\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16.9.2014 15:05:24 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\Users\roady\AppData\Local\Installer deleted
C:\windows\SysNative\tasks\UNELEVATE_557 deleted
C:\windows\SysNative\tasks\UNELEVATE_8326 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWOW64\AniGIF.ocx deleted

==== Chromium Look ======================


==== Chromium Fix ======================

C:\Users\roady\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully
C:\Users\roady\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\roady\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\roady\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{38C36560-4D6D-4AA2-9BBD-08875EFE4DFE} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415"
{4710B80A-5D4F-4C6C-A8E4-C738B7379185} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
{B66AB71A-27E1-47B4-ACD7-E710E9BE0F23} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
{CCAA38A0-7C46-48D2-A35C-F2D509D8EE97} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_13415"
{CF9C6602-EFF8-435F-88E0-3A4E6320C3D6} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415"
{CFF49C65-2C69-49A7-B25D-ECFD8CA9D542} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_13415"
{DDE708FE-BC8E-4036-BD62-D2983544B890} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415"
{F470D955-441E-4CEE-A571-4F71C8C13317} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_13415"

==== Reset Google Chrome ======================

C:\Users\roady\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\roady\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YouTube Accelerator deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\roady\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\roady\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=35 folders=32 29296792 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\roady\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\roady\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on Łt 16.09.2014 at 15:17:02,69 ======================

[jaro3]

Co problémy?

[roady]

Reklamy zmizely i ty toolbary, takže děkuju.
Jinak prohlížeč se zapíná celkem pomalu, i když to už bude asi stářím pc.

[memphisto]

Ze začátku bude pomalejší, protože nástroje výše vymazaly cache, cookies, apod. takže než si zase "nahrabe" data, tak to pojede pomaleji... Jinak použij ještě tenhle nástroj a dodej log

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

[roady]

# DelFix v10.8 - Logfile created 17/09/2014 at 20:16:11
# Updated 29/07/2014 by Xplode
# Username : roady - ROADY-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\roady\Desktop\JRT.exe
Deleted : C:\Users\roady\Desktop\JRT.txt
Deleted : C:\Users\roady\Desktop\RogueKillerX64.exe
Deleted : C:\Users\roady\Desktop\zoek.exe
Deleted : C:\Users\roady\Downloads\AdwCleaner (1).exe
Deleted : C:\Users\roady\Downloads\AdwCleaner.exe
Deleted : C:\Users\roady\Downloads\JRT.exe
Deleted : C:\Users\roady\Downloads\HijackThis.exe
Deleted : C:\Users\roady\Downloads\hijackthis.log
Deleted : C:\Users\roady\Downloads\RogueKillerX64.exe
Deleted : C:\Users\roady\Downloads\TFC.exe
Deleted : C:\Users\roady\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #88 [Windows Update | 09/02/2014 16:33:32]
Deleted : RP #89 [Windows Update | 09/05/2014 18:30:15]
Deleted : RP #90 [Nainstalováno rozhraní DirectX | 09/06/2014 11:17:18]
Deleted : RP #91 [Windows Update | 09/09/2014 08:34:25]
Deleted : RP #92 [Nainstalováno rozhraní DirectX | 09/10/2014 14:54:20]
Deleted : RP #93 [Windows Update | 09/10/2014 21:04:03]
Deleted : RP #94 [Windows Update | 09/14/2014 10:50:05]
Deleted : RP #95 [Windows Update | 09/15/2014 19:08:52]
Deleted : RP #96 [zoek.exe restore point | 09/16/2014 13:05:05]

New restore point created !

########## - EOF - ##########

[Orcus]

Mělo by to být OK. Pokud nejsou problémy, můžeš téma označit jako vyřešené.

[roady]

Ok tak děkuju