Pomalý ntb

CZechBoY · Příspěvekod **CZechBoY** » 20 čer 2015 16:41

Zdravím,
můžete se někdo prosím kouknout na log z pomalýho ntb?
Dík

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:41:19, on 20.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera_crashreporter.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Danca\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_188_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7235 bytes

Reklama

Příspěvekod **Orcus** » 20 čer 2015 17:17

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

CZechBoY · Příspěvekod **CZechBoY** » 20 čer 2015 19:12

Orcus: chybí ti otevírací hranatá závorka u "Kopírovat do schránky" v sekci mbam :-)

# AdwCleaner v4.206 - Log vytvořen 20/06/2015 v 18:06:14
# Aktualizováno 01/06/2015 by Xplode
# Databáze : 2015-06-17.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x86)
# Uživatelské jméno : Danca - LATITUDE
# Spuštěno z : C:\Users\Danca\Downloads\AdwCleaner.exe
# Nastavení : Sken

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Soubor Nalezeno : C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Nalezeno : C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
Soubor Nalezeno : C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Nalezeno : C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Klíč Nalezeno : HKCU\Software\AppDataLow\Software\simplytech
Klíč Nalezeno : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Klíč Nalezeno : HKCU\Software\simplytech

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.124

[C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Homepage] : management","searchProvider","startupPages"],"explicit_host":["hxxp://*.bing.com/*","hxxp://g.ceipmsn.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":1,"events":[],"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_parameter":"UP97","install_time":"13067895839554000","lastpingday":"13079257204711000","location":6,"manifest":{"background":{"persistent":false,"scripts":["background.js"]},"chrome_settings_overrides":{"homepage":"hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us","search_provider":{"encoding":"UTF-8","favicon_url":"hxxp://www.bing.com/favicon.ico","is_default":true,"keyword":"bing.com","name":"Bing","search_url":"hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}"},"startup_pages":["hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us"]},"current_locale":"cs","default_locale":"en","description":"MSN Homepage & Bing Search Engine","icons":{"128":"Logo_128.ico","16":"Logo.png","48":"Logo_48.ico"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JA3sXSSGLZfdufL1gcnN5sgZ7Upqkq0FF8aaRTf8v/banM0MIX3o6XqEV+ireOgQZIz1GcNKMEJ1BpeaheabEGRn3ZqQrO+gwpbeJDhuNcT8MD3npRoColMqG6rPG/b+GxM60gS0bBrELyNB6EeNj1j5hVvZA/VG92sW4Ld/Yqea6iKrs/Vfh99utT6V7CmTPMXLAvY40yufxWHEqpgsqU2gNn1FY94BB0UbWE40t5DHmC6y67F26uBRodQu//TZTd2BxcuGEUohU8jDTAs+dl8wCHGP19xBzWkEnI+RRTtUyZ1IeRY3x7W+Xbe60wz/UeoYQMmCdzdq1WDo8kgtwIDAQAB","manifest_version":2,"name":"MSN Homepage & Bing Search Engine","permissions":["hxxp://g.ceipmsn.com/*","hxxp://*.bing.com/*","cookies","management"],"short_name":"MSN Homepage & Bing Search Engine","update_url":"hxxps://clients2.google.com/service/update2/crx","version":"0.0.0.6"},"path":"fcfenmboojpjinhpgggodefccipikbpd\\0.0.0.6_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false},"gfdkimpbcpahaombhbimeihdjnejgicl":{"active_permissions":{"api":["feedbackPrivate"],"explicit_host":["chrome://resources/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["feedbackPrivate.onFeedbackRequested","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13034724726183534","location":5,"manifest":{"app":{"background":{"scripts":["js/event_handler.js"]},"content_security_policy":"default-src 'none'; script-src 'self' chrome://resources; style-src 'unsafe-inline' *; img-src *; media-src 'self'"},"description":"User feedback extension","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"32":"images/icon32.png","64":"images/icon64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMZElzFX2J1g1nRQ/8S3rg/1CjFyDltWOxQg+9M8aVgNVxbutEWFQz+oQzIP9BB67mJifULgiv12ToFKsae4NpEUR8sPZjiKDIHumc6pUdixOm8SJ5Rs16SMR6+VYxFUjlVW+5CA3IILptmNBxgpfyqoK0qRpBDIhGk1KDEZ4zqQIDAQAB","manifest_version":2,"name":"Feedback","permissions":["feedbackPrivate","chrome://resources/"],"version":"1.0"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\32.0.1700.76\\resources\\feedback","running":false,"was_installed_by_default":false},"gomekmidlodglbbmalcneegieacbdmki":{"ack_external":true,"active_permissions":{"api":["cookies","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["*://*.avast.com/*","hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["*://*.avast.com/*"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13070652201730000","install_warning_on_enable":false,"lastpingday":"13079257204711000","location":3,"manifest":{"author":"Avast","background":{"scripts":["common/libs/q.js","common/libs/eventemitter2.js","common/libs/protobuf.js","common/libs/lodash.js","scripts/abek.bl.crx.js","common/scripts/gpb.js","common/scripts/query.js","common/scripts/avastwrc.js","common/scripts/bal.js","scripts/aos.bl.js","scripts/bs.crx.js","scripts/bs.aos.crx.js"]},"browser_action":{"default_icon":"common/ui/icons/status-none.png","default_popup":"common/ui/aos.panel.html","default_title":"Avast Online Security"},"content_scripts":[{"js":["common/scripts/ava_connector.js"],"matches":["*://*.avast.com/*"]}],"content_security_policy":"script-src 'self' hxxps://ssl.google-analytics.com; object-src 'self'","current_locale":"cs","default_locale":"en","description":"Avast Browser Security and Web Reputation Plugin.","icons":{"128":"common/skin/img/icon128.png","16":"common/skin/img/icon16.png","256":"common/skin/img/icon256.png","32":"common/skin/img/icon32.png","48":"common/skin/img/icon48.png","64":"common/skin/img/icon64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWStseB5KE8Vqukt6RkFc3NirSBRmBTKvNolNhsOo5Q/kUlJs1pajaMckUR5rJXlpzvxfvesfNlASR/QnHKdlGBxPlyi5dxN+nohCclJYf5dXVq2ndj2ykgd++rs1qD35tw3R2v5BaeTmLgP2G/Jd53BaJXDNTGIusbkGEhvZ2rQIDAQAB","manifest_version":2,"name":"Avast Online Security","options_page":"options.html","permissions":["cookies","*://*.avast.com/*","hxxp://*/*","hxxps://*/*","tabs","webNavigation","webRequest","webRequestBlocking"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"10.2.0.190","web_accessible_resources":["common/skin/*","common/skin/img/*","common/skin/css/*","common/mocks/*","common/ui/icons/*","common/ui/bgs/*"]},"path":"gomekmidlodglbbmalcneegieacbdmki\\10.2.0.190_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"kmendfapggjehodndflmmgagdbamhnfd":{"active_permissions":{"api":["cryptotokenPrivate","externally_connectable.all_urls","hid","tabs","u2fDevices","usb",{"usbDevices":[{"interfaceId":-1,"productId":529,"vendorId":4176}]},"webConnectable"],"explicit_host":["hxxp://*/*","hxxps://*/*","hxxps://www.gstatic.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076957088996980","location":5,"manifest":{"background":{"persistent":false,"scripts":["util.js","b64.js","sha256.js","countdown.js","countdowntimer.js","devicestatuscodes.js","approvedorigins.js","errorcodes.js","gnubbycodetypes.js","webrequest.js","gnubbymsgtypes.js","messagetypes.js","factoryregistry.js","closeable.js","requesthelper.js","webrequestsender.js","enroller.js","requestqueue.js","signer.js","origincheck.js","textfetcher.js","appid.js","watchdog.js","cryptotokenorigincheck.js","cryptotokenapprovedorigins.js","gnubbydevice.js","hidgnubbydevice.js","usbgnubbydevice.js","gnubbies.js","gnubby.js","gnubby-u2f.js","gnubbyfactory.js","singlesigner.js","multiplesigner.js","generichelper.js","inherits.js","individualattest.js","devicefactoryregistry.js","usbhelper.js","usbenrollhandler.js","usbsignhandler.js","usbgnubbyfactory.js","googlecorpindividualattest.js","cryptotokenbackground.js"]},"description":"CryptoToken Component Extension","externally_connectable":{"accepts_tls_channel_id":true,"ids":["fjajfjhkeibgmiggdfehjplbhmfkialk"],"matches":["\u003Call_urls>"]},"incognito":"split","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7zRobvA+AVlvNqkHSSVhh1sEWsHSqz4oR/XptkDe/Cz3+gW9ZGumZ20NCHjaac8j1iiesdigp8B1LJsd/2WWv2Dbnto4f8GrQ5MVphKyQ9WJHwejEHN2K4vzrTcwaXqv5BSTXwxlxS/mXCmXskTfryKTLuYrcHEWK8fCHb+0gvr8b/kvsi75A1aMmb6nUnFJvETmCkOCPNX5CHTdy634Ts/x0fLhRuPlahk63rdf7agxQv5viVjQFk+tbgv6aa9kdSd11Js/RZ9yZjrFgHOBWgP4jTBqud4+HUglrzu8qynFipyNRLCZsaxhm+NItTyNgesxLdxZcwOz56KD1Q4IQIDAQAB","manifest_version":2,"name":"CryptoTokenExtension","permissions":["hid","u2fDevices","usb","cryptotokenPrivate","externally_connectable.all_urls","tabs","hxxps://*/*","hxxp://*/*",{"usbDevices":[{"productId":529,"vendorId":4176}]}],"version":"0.9.22"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\43.0.2357.65\\resources\\cryptotoken","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"lifbcibllhkdhoafpjfnlhfpfgnpldfl":{"ack_external":true,"active_permissions":{"api":["tabs"],"explicit_host":["hxxps://c2c-directory-dev.trafficmanager.net/*","hxxps://c2c-directory-pre.trafficmanager.net/*","hxxps://c2c-directory-qa.trafficmanager.net/*","hxxps://localhost:26143/*","hxxps://pnrws.skype.com/*"],"manifest_permissions":[],"scriptable_host":["file:///*","hxxp://*/*","hxxps://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076449104960807","lastpingday":"13079257204711000","location":3,"manifest":{"background":{"page":"background.html"},"browser_action":{"default_icon":{"19":"c2c_48x48.png"},"default_popup":"c2c_options_menu.html","default_title":"Skype Click to Call"},"content_scripts":[{"all_frames":true,"css":["number_highlighting.css","number_highlighting_chrome.css"],"js":["jquery-2.1.0.min.js","mutation-summary.js","localization.js","browserSpecificScript.js","number_highlighting_builder.js","pnr.js","fpnr.js","contentscript.js"],"matches":["hxxp://*/*","hxxps://*/*","file://*/*"],"run_at":"document_end"}],"description":"Skype Click to Call","icons":{"128":"c2c_128x128.png","16":"c2c_16x16.png","48":"c2c_48x48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMxFysW3wPKWRPPe3xuJQz3m1ZDLX1hN8EYdP37tRPf7lp8vIhG4xirlXHGK748qcLPc4Lm8WsHDhvS5okN54Kwcnw4T2tBXSCZJxMmlu14HZ5yc/t969QLTPLIbAsasq4NVo40YuP2B7umxV9BlcxZEB9TEKPEQq8DRoKhj9jBQIDAQAB","manifest_version":2,"name":"Skype Click to Call","permissions":["tabs","hxxps://pnrws.skype.com/","hxxps://c2c-directory-dev.trafficmanager.net/","hxxps://c2c-directory-pre.trafficmanager.net/","hxxps://c2c-directory-qa.trafficmanager.net/","hxxps://localhost:26143/"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"7.4.0.9058","web_accessible_resources":["call_skype_logo.png","call_icon.png","menu_handler.js","telemetry.js"]},"path":"lifbcibllhkdhoafpjfnlhfpfgnpldfl\\7.4.0.9058_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13034724726168534","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://www.google.com/cloudprint"},"urls":["hxxps://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\32.0.1700.76\\resources\\cloud_print","was_installed_by_default":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"n","commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13034724726183534","location":5,"manifest":{"app":{"launch":{"web_url":"hxxp://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files\\Google\\Chrome\\Application\\32.0.1700.76\\resources\\chrome_app","was_installed_by_default":false},"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":[],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["chrome://print/*"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13074272981189224","location":5,"manifest":{"content_scripts":[{"js":["content_script.js"],"matches":["chrome://print/*"]}],"content_security_policy":"script-src 'self' chrome://resources; object-src *; plugin-types application/x-google-chrome-pdf","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"mime_types_handler":"index.html","name":"Chrome PDF Viewer","offline_enabled":true,"permissions":["\u003Call_urls>"],"version":"1","web_accessible_resources":["index.html","index.html"]},"path":"C:\\Program Files\\Google\\Chrome\\Application\\42.0.2311.90\\resources\\pdf","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"neajdppkdcdipfabeoofebfddakdcjhd":{"active_permissions":{"api":["systemPrivate","ttsEngine"],"explicit_host":["hxxps://www.google.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["ttsEngine.onPause","ttsEngine.onResume","ttsEngine.onSpeak","ttsEngine.onStop"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13037652422925631","location":5,"manifest":{"background":{"persistent":false,"scripts":["tts_extension.js"]},"description":"Component extension providing speech via the Google network text-to-speech service.","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GSbNUMGygqQTNDMFGIjZNcwXsHLzkNkHjWbuY37PbNdSDZ4VqlVjzbWqODSe+MjELdv5Keb51IdytnoGYXBMyqKmWpUrg+RnKvQ5ibWr4MW9pyIceOIdp9GrzC1WZGgTmZismYR3AjaIpufZ7xDdQQv+XrghPWCkdVqLN+qZDA1HU+DURznkMICiDDSH2sU0egm9UbWfS218bZqzKeQDiC3OnTPlaxcbJtKUuupIm5knjze3Wo9Ae9poTDMzKgchg0VlFCv3uqox+wlD8sjXBoyBCCK9HpImdVAF1a7jpdgiUHpPeV/26oYzM9/grltwNR3bzECQgSpyXp0eyoegwIDAQAB","manifest_version":2,"name":"Google Network Speech","permissions":["systemPrivate","ttsEngine","hxxps://www.google.com/"],"tts_engine":{"voices":[{"event_types":["start","end","error"],"gender":"female","lang":"en-US","remote":true,"voice_name":"Google US English"},{"event_types":["start","end","error"],"gender":"male","lang":"en-GB","remote":true,"voice_name":"Google UK English Male"},{"event_types":["start","end","error"],"gender":"female","lang":"en-GB","remote":true,"voice_name":"Google UK English Female"},{"event_types":["start","end","error"],"gender":"female","lang":"es-ES","remote":true,"voice_name":"Google Espanol"},{"event_types":["start","end","error"],"gender":"female","lang":"fr-FR","remote":true,"voice_name":"Google Français"},{"event_types":["start","end","error"],"gender":"female","lang":"it-IT","remote":true,"voice_name":"Google Italiano"},{"event_types":["start","end","error"],"gender":"female","lang":"de-DE","remote":true,"voice_name":"Google Deutsch"},{"event_types":["start","end","error"],"gender":"female","lang":"ja-JP","remote":true,"voice_name":"Google ???"},{"event_types":["start","end","error"],"gender":"female","lang":"ko-KR","remote":true,"voice_name":"Google ???"},{"event_types":["start","end","error"],"gender":"female","lang":"zh-CN","remote":true,"voice_name":"Google ???"}]},"version":"1.0"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\33.0.1750.117\\resources\\network_speech_synthesis","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["alarms","desktopCapture","processes","webConnectable","webrtcAudioPrivate","webrtcLoggingPrivate","system.cpu"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["alarms.onAlarm","runtime.onConnectExternal","runtime.onMessageExternal","runtime.onStartup"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13034724726183534","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["hxxps://*.google.com/hangouts*","*://localhost/*"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Hangout Services","permissions":["desktopCapture","system.cpu","webrtcAudioPrivate","webrtcLoggingPrivate"],"version":"1.0"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\32.0.1700.76\\resources\\hangout_services","was_installed_by_default":false},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webview"],"explicit_host":["hxxps://wallet-web.sandbox.google.com/*","hxxps://wallet.google.com/*","hxxps://www.google.com/*","hxxps://www.googleapis.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["hxxps://wallet-web.sandbox.google.com/*","hxxps://wallet.google.com/*","hxxps://www.google.com/*","hxxps://www.googleapis.com/*"],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076353352193000","lastpingday":"13079257204711000","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"cs","default_locale":"en","description":"Peněženka Google pro digitální zboží","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Peněženka Google","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["hxxps://www.googleapis.com/auth/sierra","hxxps://www.googleapis.com/auth/sierrasandbox","hxxps://www.googleapis.com/auth/chromewebstore","hxxps://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","hxxps://wallet.google.com/","hxxps://wallet-web.sandbox.google.com/","hxxps://www.google.com/","hxxps://www.googleapis.com/*"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","hxxps://*.googleapis.com/*","hxxps://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13047764439313308","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["hxxps://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pfhldcakmgpmglboaclpfdedehjblalp":{"active_permissions":{"api":["plugin"],"manifest_permissions":[]},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["plugin"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13049664989794341","lastpingday":"13079257204711000","location":1,"manifest":{"description":"3D Viewer from 20-20 Technologies Inc","homepage_url":"hxxp://www.2020technologies.com","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDsoJcTR3yWDS5eWYvV1bNL128o/2Vd5GgGTKVF2kZmTcM8qhFexFoazFXg1NUHfLYRSJ5G6QPzQJbyIARe7PJGzXWgYPE6rdmapRj31SOUplYYmRn9TM9ElN+Xrb+tX27QvHyBjwqN8IqcAjleLOgmj8uXY5UhIpcvttgZVRw6nwIDAQAB","manifest_version":2,"minimum_chrome_version":"15.0","name":"20-20 3D Viewer for IKEA","plugins":[{"path":"NP_2020Player_IKEA.dll","public":true},{"path":"tbb.dll"},{"path":"tbbmalloc.dll"},{"path":"NP_2020Player_IKEA.plugin","public":true}],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"5.0.94.1"},"path":"pfhldcakmgpmglboaclpfdedehjblalp\\5.0.94.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"yn","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072033062531000","lastpingday":"13079257204711000","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"cs","default_locale":"en","description":"Rychlý e-mail s možností vyhledávání a menším množstvím spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"homepage":"hxxp://isearch.zoo.com/ofaz1/search/home?sid=77522&tid=20935&bd=1401121622477&ver=6.1&guid=77522-20935-1401121622477-B1A9CBF4806E89BF427FC4620CB0179F

-\\ Opera v30.0.1835.59

*************************

AdwCleaner[R0].txt - [26483 bytů] - [20/06/2015 18:06:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [26542 bytů] ##########

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 20.6.2015
Čas skenování: 18:09:08
Protokol:
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.20.03
Databáze rootkitů: v2015.06.15.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Danca

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 299580
Uplynulý čas: 10 min, 12 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 1
PUP.Optional.SimplyTech.A, HKU\S-1-5-21-212836205-1075554111-3934830867-1001\SOFTWARE\APPDATALOW\SOFTWARE\SIMPLYTECH\Toolbar, , [53a0c9f3d6b47bbb8abaae7e11f33ac6],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.OneFloorApp, C:\Users\Danca\Downloads\PDF_Creator.exe, , [ab48506cb3d747efb6a466a51fe7e41c],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jaro3** » 20 čer 2015 20:23

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

CZechBoY · Příspěvekod **CZechBoY** » 20 čer 2015 21:32

RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Danca [Práva správce]
Started from : C:\Users\Danca\Downloads\RogueKiller.exe
Mód : Prohledat -- Datum : 06/20/2015 21:26:08

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48E1B3-B0F3-4F44-86CC-5FBDDD077D72} | DhcpNameServer : 131.233.110.53 10.1.17.102 10.1.17.103 10.49.17.104 [UNITED STATES (US)][-][-][-] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DC48E1B3-B0F3-4F44-86CC-5FBDDD077D72} | DhcpNameServer : 131.233.110.53 10.1.17.102 10.1.17.103 10.49.17.104 [UNITED STATES (US)][-][-][-] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DC48E1B3-B0F3-4F44-86CC-5FBDDD077D72} | DhcpNameServer : 131.233.110.53 10.1.17.102 10.1.17.103 10.49.17.104 [UNITED STATES (US)][-][-][-] -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-212836205-1075554111-3934830867-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS722080K9A300 ATA Device +++++
--- User ---
[MBR] 0d5278c087b9f854af0b1b4182c3e951
[BSP] be7e757e5ed1f1479d04536fbd800706 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.3 (06.19.2015:1)
OS: Windows 7 Professional x86
Ran by Danca on so 20.06.2015 at 20:45:07,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Users\Danca\appdata\local\google\chrome\user data\default\local storage\hxxps_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\Danca\appdata\local\google\chrome\user data\default\local storage\hxxps_static.olark.com_0.localstorage-journal

~~~ Folders

~~~ Chrome

[C:\Users\Danca\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Danca\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Danca\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Danca\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 20.06.2015 at 20:48:17,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 20.6.2015
Čas skenování: 20:50:28
Protokol:
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.20.03
Databáze rootkitů: v2015.06.15.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Danca

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 299081
Uplynulý čas: 10 min, 34 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.OneFloorApp, C:\Users\Danca\Downloads\PDF_Creator.exe, Do karantény, [70838a32abdf8babd9815cafac5a49b7],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

# AdwCleaner v4.206 - Log vytvořen 20/06/2015 v 20:32:17
# Aktualizováno 01/06/2015 by Xplode
# Databáze : 2015-06-17.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x86)
# Uživatelské jméno : Danca - LATITUDE
# Spuštěno z : C:\Users\Danca\Downloads\AdwCleaner.exe
# Nastavení : Čištění

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Soubor Smazáno : C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
Soubor Smazáno : C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Klíč Smazáno : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Klíč Smazáno : HKCU\Software\simplytech
Klíč Smazáno : HKCU\Software\AppDataLow\Software\simplytech

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.124

[C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] :

-\\ Opera v30.0.1835.59

*************************

AdwCleaner[R0].txt - [26621 bytů] - [20/06/2015 18:06:14]
AdwCleaner[R1].txt - [26680 bytů] - [20/06/2015 20:28:40]
AdwCleaner[S0].txt - [1716 bytů] - [20/06/2015 20:32:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1774 bytů] ##########

Příspěvekod **Orcus** » 21 čer 2015 10:48

Aj, díky za tu závorku. :-)

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Co problémy? + nový log z HJT

CZechBoY · Příspěvekod **CZechBoY** » 21 čer 2015 15:59

RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Danca [Práva správce]
Started from : C:\Users\Danca\Downloads\RogueKiller.exe
Mód : Smazat -- Datum : 06/21/2015 15:44:20

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DC48E1B3-B0F3-4F44-86CC-5FBDDD077D72} | DhcpNameServer : 131.233.110.53 10.1.17.102 10.1.17.103 10.49.17.104 [UNITED STATES (US)][-][-][-] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DC48E1B3-B0F3-4F44-86CC-5FBDDD077D72} | DhcpNameServer : 131.233.110.53 10.1.17.102 10.1.17.103 10.49.17.104 [UNITED STATES (US)][-][-][-] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DC48E1B3-B0F3-4F44-86CC-5FBDDD077D72} | DhcpNameServer : 131.233.110.53 10.1.17.102 10.1.17.103 10.49.17.104 [UNITED STATES (US)][-][-][-] -> Nahrazeno ()
[PUM.StartMenu] HKEY_USERS\S-1-5-21-212836205-1075554111-3934830867-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS722080K9A300 ATA Device +++++
--- User ---
[MBR] 0d5278c087b9f854af0b1b4182c3e951
[BSP] be7e757e5ed1f1479d04536fbd800706 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_06202015_212608.log - RKreport_SCN_06212015_153355.log - RKreport_SCN_06212015_153935.log

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Danca on ne 21.06.2015 at 15:59:04,72.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Danca\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21.6.2015 16:00:53 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Oracle deleted successfully
C:\Users\Danca\AppData\Roaming\DropboxMaster deleted successfully
C:\Users\Danca\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Program Files\Alawar.cs deleted
C:\PROGRA~2\AlawarWrapper deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\Public\Documents\AlawarWrapper deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03.04.2015 11:34]

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03.04.2015 11:33]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01.05.2015 11:17]

Avast Online Security - Danca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype Click to Call - Danca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
20-20 3D Viewer for IKEA - Danca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp

==== Chromium Startpages ======================

C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Preferences
1D9C77BAD62533E1D75EAADB1B7F668E38E0A830F1020356258D28","search_url":"D5AA0C82FD5AE34BF889FC058378DCBFF41A285F1036F2F68456BCCF4392658C"},"default_search_provider_data":{"template_url_data":"58FAF86A69CDAD151F85DC34A96D93334CDB7886D5D2EFFAF663ACE3CCB337EC"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"623081802C79E7A76B5514E4F6D9C2CE9282A72F82D642E6B09E40EEC9D1F336","aohghmighlieiainnegkcijnfilokake":"59BA8995EA687254AE5D381D4FC217E892086C89C374602ACC305392228E3367","apdfllckaahabafndbhieahigkjlhalf":"036AEA735299E1886A22E8AC2DD76AC81D777D8A0D16A1470FD0C812B3B9ED9C","bepbmhgboaologfdajaanbcjmnhjmhfn":"1683D9AC07315035EE16EA489C771EF265009C4F61DBF77CDE902ECFFE77A1B4","blpcfgokakmgnkcojhhkbfbldkacnbeo":"749362F486D3B7E2AB345EB9F37F686FB4FE587DC59D5BCA6DEBB0C660335934","coobgpohoikkiipiblmjeljniedjpjpf":"8544A89B1C242F6550B4A6C21AF6B9CA96738A2B1DF9BD62C62D48B9B602E253","eemcgdkfndhakfknompkggombfjjjeno":"D4B363DE81089CED354D69E974F9524198F30B824E42455BB95AA21E95747A90","ennkphjdgehloodpbhlhldgbnhmacadg":"72BAD4897C8A7A9BD6B2B096B90C0F4AD61DE1499BDD659323A178BF67011B02","gfdkimpbcpahaombhbimeihdjnejgicl":"0B7EFD3652A53B306C4CB6F271C91D7032A64885C7C02E3DF172443BBF4C29E2","gomekmidlodglbbmalcneegieacbdmki":"7AFEC43AFF758D7BA3825CD919E932A1E9BCCC42C05286B029ABEF0A1C566166","kmendfapggjehodndflmmgagdbamhnfd":"EF7DC2073B3286CC46A5737D5320C70765ED18AFBA6E170F7A7F329C7FEA0203","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"89279D4FF4D30CAB35F81850A63F332575FBD44FED25658FD3A904C9FAFAF809","mfehgcgbbipciphmccgaenjidiccnmng":"0ADC106CDA206E8DD0DC0C6F28FD3BC0C20EFB79500D7F165EED8205500C8642","mgndgikekgjfcpckkfioiadnlibdjbkf":"9A927A80B29B31825212305F4035852415A94C4FEA1531E07C84117B453742F7","mhjfbmdgcfjbbpaeojofohoefgiehjai":"DF35FEB4D34EB649936D434834DF51C3BC6D37904A78EF61368B8D7FB363590C","neajdppkdcdipfabeoofebfddakdcjhd":"3E0532E1F56990118FA680F51475693FA030D7AB094D14354BAC8B077EC9BE79","nkeimhogjdpnpccoofpliimaahmaaome":"CD4CB7988DAA10C13084CBC91660D894B2DB0F072FFCC90F0291892CF69C41D6","nmmhkkegccagdldgiimedpiccmgmieda":"615F739CE865C6D4709BBF75EC2868821097AB3305FE6BDBCE6E0BC284A0D7EE","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"B0D1C62C20787EC6F00A97CEEC817FEF54B39702C461E3F4F59329EE2C0FE018","pfhldcakmgpmglboaclpfdedehjblalp":"980C1C72ADA72DA77A5090BF1465B01EB93AD7C01ABF027957F60251F06AFF31","pjkljhegncpnkpknbcohdijeoejaedia":"77A4350B222A408267181E09B7F937C3E1FA2CA552350A28A1C40DEFD0F2F046"}},"google":{"services":{"last_username":"730E2859D2987ADB864EDCC0118A64BE042C340D3D2CD66ADE687920F47814B8","username":"E6CADB880A2BCEBEC91C84C29FF7752F5A34CDAEEAA11B6A32EB6AC653C33842"}},"homepage":"C6995D56E84DD49E72D7FBA0B4C656DC7047380ED0A486BB877DD5EA7B8C5370","homepage_is_newtabpage":"7FEEF1F5F8AB78E61C3C1DDBAC45920718EE4FAFB09E7F4889027202BDE22269","pinned_tabs":"7CA24B14A8A2CFD3974AEB270E3D3FB1B87F496B0558F1FC41F7A08D0710D4AD","prefs":{"preference_reset_time":"6529BF00C725093230950274BA2323A84D4E3EB904AA5599C93FE55680090E18"},"profile":{"reset_prompt_memento":"DED26EBC26CB01FF050D96489228B7B55B240F0E2ED0A63965BB2530EC71618F"},"safebrowsing":{"incidents_sent":"8B9C759F2C7B842103E9AA83CF5D0E3C3E80B864D5F89ABF6E4ED652006B3DFA"},"search_provider_overrides":"6EA6681A3FD2F9D4436377F477BCB9EB6ED0E773F8A678085F5BBF2B029625B8","session":{"restore_on_startup":"7251D31D4B7900C4AF4291B173AF159882BCCFD8873856797528387319872570","startup_urls":"358EC6A64D5C7A5F74BD46759FADDD84DEF6746AD1E44133F38B5B00439150CD"},"software_reporter":{"prompt_reason":"C41E765463D405A8FE11F2443DD519FF05C1025FAB69B6E68792F6DF93BA6B2D","prompt_seed":"810874ABC011BBA3815688DBA6988FE9426505438A38CB11430CEB3E31D4EB6D","prompt_version":"254B682F0082E077CD665D97EC57554B5D10DE360C9441D71BE38E6E55EDACAD"},"sync":{"remaining_rollback_tries":"EAC9D79BDE37A653C477A09D2F35EE84A71617D5B3FE7AA316D274EA94CF02D5"}},"super_mac":"AAD7AD458E247B7B0A07E1000416813AD00D3E76065B7CFD0AA204AD516E9455"},"session":{"restore_on_startup":4,"startup_urls":["https://www.seznam.cz/?clid=22668"]},"sync":{"remaining_rollback_tries":0}}

==== Chromium Fix ======================

C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hairfinder.com_0.localstorage deleted successfully
C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hairfinder.com_0.localstorage-journal deleted successfully
C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.abradio.cz_0.localstorage deleted successfully
C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.abradio.cz_0.localstorage-journal deleted successfully
C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/en-us/?pc=UP97&ocid=UP97DHP"
"Old Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/en-us/?pc=UP97&ocid=UP97DHP"
"Old Start Page"="http://www.msn.com/en-us/?pc=UP97&ocid=UP97DHP"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Web Data will be reset at reboot
C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal will be reset at reboot

==== Empty IE Cache ======================

C:\Users\Danca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Danca\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot
C:\Users\Danca\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3627 folders=211 65999660 bytes)

==== Empty Temp Folders ======================

C:\Users\Danca\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Danca\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Web Data" not found
"C:\Users\Danca\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal" not found
"C:\Users\Danca\AppData\Local\Opera Software\Opera Stable\Cache\data_0" deleted
"C:\Users\Danca\AppData\Local\Opera Software\Opera Stable\Cache\data_1" deleted
"C:\Users\Danca\AppData\Local\Opera Software\Opera Stable\Cache\data_2" deleted
"C:\Users\Danca\AppData\Local\Opera Software\Opera Stable\Cache\data_3" deleted
"C:\Users\Danca\AppData\Local\Opera Software\Opera Stable\Cache\index" deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ne 21.06.2015 at 16:30:24,78 ======================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:41:55, on 21.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)

Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera_crashreporter.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Program Files\Opera\30.0.1835.59\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Danca\Downloads\HijackThis.exe
C:\Windows\system32\taskeng.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7297 bytes

Chování mi přijde pořád stejný

asi tomu nic nebylo a je to jen ntb s pomalým diskem a málo ramky.. :)

Příspěvekod **Orcus** » 21 čer 2015 20:48

Ještě to dočistíme. Skype by nemusel startovat při zapnutí kompu, to taky dost pomůže. :-)

V HJT fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.

Pomalý ntb

Pomalý ntb

Re: Pomalý ntb

Re: Pomalý ntb

Re: Pomalý ntb

Re: Pomalý ntb

Re: Pomalý ntb

Re: Pomalý ntb

Re: Pomalý ntb

Kdo je online