Prosil bych o kontrolu logu

Lemmure · Příspěvekod **Lemmure** » 01 zář 2015 23:42

Zdravíčko,

prosím o kontrolu tohoto logu, předem děkuji :)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:29:38, on 1.9.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\WGA Remover\wgaremover.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\Haba Baba\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\IObit\Driver Booster\DriverBooster.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Users\Haba Baba\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5278
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.myhoome.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhoome.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [WGA Remover] "C:\Program Files\WGA Remover\wgaremover.exe" -silent
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Haba Baba\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 5428 bytes

Reklama

Příspěvekod **Orcus** » 02 zář 2015 09:15

Problémy?

===================================================

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Lemmure · Příspěvekod **Lemmure** » 03 zář 2015 13:25

Problémy, no ... nějak mi podezřele mizí a zase se objevují gigabajty z disků. A přes USB porty nepřipojím žádný externí úložiště. Už je tomu rok či dva, ale už mě to dost omezuje. Ozve se zvuk, že se něco připojilo, ale PC to vůbec nenačte. Ale jen zařízení od určitého data (který přesně nevím). Zařízení, který sem už připojoval před tím datem to skousne. Zařízení poté už nebere.

LOGY:
----------------------------------------------------------------------------------------------------------------------

ADW:

# AdwCleaner v5.005 - Logfile created 03/09/2015 at 13:03:38
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Haba Baba - HABABABA-PC
# Running from : C:\Users\Haba Baba\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : APNMCP

***** [ Folders ] *****

Folder Found : C:\rei
Folder Found : C:\Program Files\AskPartnerNetwork
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\Program Files\SpeedItup Free
Folder Found : C:\Program Files\SpeedItup Free
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\DSearchLink
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\ProgramData\Reimage Protector
Folder Found : C:\ProgramData\{563b4f72-6fbb-036c-563b-b4f726fb3dc9}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
Folder Found : C:\Users\Haba Baba\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Haba Baba\AppData\Roaming\DriverCure
Folder Found : C:\Users\Haba Baba\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\Haba Baba\AppData\Roaming\YourFileDownloader
Folder Found : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\OneClickDownloader@OneClickDownloader.com.xpi

***** [ Files ] *****

File Found : C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_acfoobbgoakpihljnfedbcfaipcdlfhk_0.localstorage
File Found : C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcillohgikpecbmgioknapdpcjofaafl_0.localstorage
File Found : C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jplinpmadfkdgipabgcdchbdikologlh_0.localstorage
File Found : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\0\searchplugins\yahoo.xml
File Found : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\0\searchplugins\yahoo.xml
File Found : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\buenosearch.xml
File Found : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js
File Found : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yahoo.xml
File Found : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yahoo.xml
File Found : C:\Windows\Reimage.ini

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : RDReminder
Task Found : YourFile DownloaderUpdate
Task Found : YourFile DownloaderUpdate

***** [ Registry ] *****

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\zona
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\YourFileDownloader
Key Found : HKLM\SOFTWARE\Reimage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1D00}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DE0EC626-DD23-47B9-A552-950105EDE4D0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0D100
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\D2A425F405350054677A7A857BC0D100
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0D100
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Data Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5278
Data Found : HKU\S-1-5-21-4117245281-1480158384-2095474572-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5278
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-4117245281-1480158384-2095474572-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

***** [ Web browsers ] *****

[C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : aaaaaiabcopkplhgaedhbloeejhhankf

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [6109 bytes] ##########

----------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 3.9.2015
Čas skenování: 13:07
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.09.03.04
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Haba Baba

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 329001
Uplynulý čas: 17 min, 43 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 2
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, 4016, , [ea96d655d3b857df3dc54cd70df613ed]
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe, 1864, , [e8982ffc3952290d659ec85bb54ec739]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 10
PUP.Optional.Babylon, HKU\S-1-5-21-4117245281-1480158384-2095474572-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [037da289b7d43105897431a443bf4cb4],
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\AskPartnerNetwork, , [99e7dc4f5d2eb4821ce561c2f013b749],
PUP.Optional.SearchApp, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, , [0c745bd02863092dafc02a805aaadb25],
PUP.Optional.Bandoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A19AA84B-B608-418E-960F-E928F661D0FE}, , [562a1c0f325995a1d246e6944eb6738d],
Trojan.JobX, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Windows Update Check - 0x11440374, , [ec941d0e7e0d94a2720834eebe45bf41],
PUP.Optional.YourFileDownloader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\YourFile DownloaderUpdate, , [136db47798f3a1953dab4972db2912ee],
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1D00}, , [e19fd3587e0dc2740db26ab8a75c9b65],
PUP.Optional.APNToolBar.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\APNMCP, , [e8982ffc3952290d659ec85bb54ec739],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, , [a4dc3deebecdc67050b0f72c36cd9070],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-4117245281-1480158384-2095474572-1000\SOFTWARE\AskPartnerNetwork, , [daa665c6f497e84ecf31869d7e854fb1],

Hodnoty registru: 4
PUP.Optional.AskPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf|path, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx, , [3947b873652666d0820a35444fb52cd4]
PUP.Optional.Bandoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A19AA84B-B608-418E-960F-E928F661D0FE}|AppPath, C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar, , [562a1c0f325995a1d246e6944eb6738d]
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ApnTBMon, "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe", , [ea96d655d3b857df3dc54cd70df613ed]
PUP.Optional.AskAPN.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F524A2D-5350-4500-76A7-A758B70C1D00}|InstallSource, C:\ProgramData\APN\APN-Stub\ORJ-SPE\, , [e19fd3587e0dc2740db26ab8a75c9b65]

Data registru: 4
PUP.Optional.MyHoome, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.myhoome.com/, Dobré: (www.google.com), Špatné: (http://www.myhoome.com/),,[d3ad54d7e1aaa3933ab7a0c1bd48ca36]
PUP.Optional.MyHoome, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.myhoome.com/, Dobré: (www.google.com), Špatné: (http://www.myhoome.com/),,[27596cbf2467cf679e532d3405003cc4]
Hijack.StartPage, HKU\S-1-5-21-4117245281-1480158384-2095474572-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5278, Dobré: (www.google.com), Špatné: (http://www.buenosearch.com/?babsrc=HP_s ... l&tsp=5278),,[c5bb44e72e5dbb7b41fd1f408481cb35]
PUP.Optional.MyHoome, HKU\S-1-5-21-4117245281-1480158384-2095474572-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.myhoome.com/, Dobré: (www.google.com), Špatné: (http://www.myhoome.com/),,[c0c095966f1ce5518070a2bf09fcf808]

Složky: 48
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\bitstreams, , [b8c87eadcebd38fe6c57f5f9639fac54],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, , [7b05ee3d781385b11596758028da29d7],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\Users\Haba Baba\AppData\Local\AskPartnerNetwork, , [81ffc269d1bac0762b8217dee91922de],
PUP.Optional.APNToolBar.Gen, C:\Users\Haba Baba\AppData\Local\AskPartnerNetwork\Toolbar, , [81ffc269d1bac0762b8217dee91922de],
PUP.Optional.APNToolBar.Gen, C:\Users\Haba Baba\AppData\Local\AskPartnerNetwork\Toolbar\Updater, , [81ffc269d1bac0762b8217dee91922de],
PUP.Optional.APNToolBar.Gen, C:\Users\Haba Baba\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC, , [81ffc269d1bac0762b8217dee91922de],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\ChromeUtils, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla\Firefox, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla\Firefox\Profiles, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\Shared, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\Updater, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\Updater\ORJ-SPE, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.DSearchLink, C:\ProgramData\DSearchLink, , [a0e070bb335870c60ed3f0170cf76898],
PUP.Optional.MyPCBackup, C:\Program Files\MyPC Backup, , [2c549a91ff8c84b2b382c44f20e35fa1],
PUP.Optional.ShieldPlus, C:\Users\Haba Baba\AppData\Local\ShieldPlus\spprt, , [7010e3481972f2446b2b7f9a63a0b24e],

Soubory: 114
PUP.Optional.Delta.ShrtCln, C:\ProgramData\DSearchLink\DSearchLink.exe, , [86faa9821c6fe3535ca5bb46ee17d927],
Trojan.JobX, C:\Windows\System32\Tasks\Windows Update Check - 0x11440374, , [c6ba34f790fbfe388d214fe58e756b95],
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\buenosearch.xml, , [e19f16150f7c90a6ec89047a986c4bb5],
PUP.Optional.Claro, C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcillohgikpecbmgioknapdpcjofaafl_0.localstorage, , [d4ac0526dab1a4924d191070f3113fc1],
PUP.Optional.YourFileDownloader, C:\Windows\System32\Tasks\YourFile DownloaderUpdate, , [295746e50b806ccac1253586c83c6997],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, , [ea96d655d3b857df3dc54cd70df613ed],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe, , [e8982ffc3952290d659ec85bb54ec739],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\diablo130302.cl, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\diakgcn121016.cl, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\libcurl.dll, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\libeay32.dll, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\libidn-11.dll, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\librtmp.dll, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\libssh2.dll, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\libusb-1.0.dll, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\mnchbcpkw.exe, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\phatk121016.cl, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\poclbm130302.cl, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\scrypt130511.cl, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\ssleay32.dll, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\zlib1.dll, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\bitstreams\ztex_ufm1_15b1.bit, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\bitstreams\ztex_ufm1_15d1.bit, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\bitstreams\ztex_ufm1_15d3.bit, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\bitstreams\ztex_ufm1_15d4.bin, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\bitstreams\ztex_ufm1_15d4.bit, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\bitstreams\ztex_ufm1_15y1.bin, , [b8c87eadcebd38fe6c57f5f9639fac54],
Trojan.Agent.BCM, C:\Windows\inf\mnchbcpkw\bitstreams\ztex_ufm1_15y1.bit, , [b8c87eadcebd38fe6c57f5f9639fac54],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.15.1.0-5.xml, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.18.0.0-5.xml, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.19.1.0-5.xml, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config\Config.31.20.0.0-5.xml, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.20.0.0-23.xml, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response\Response.31.20.0.0-24.xml, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx, , [0b7502290d7e69cd7f2d81746e94cc34],
PUP.Optional.APNToolBar.Gen, C:\Users\Haba Baba\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, , [81ffc269d1bac0762b8217dee91922de],
PUP.Optional.APNToolBar.Gen, C:\Users\Haba Baba\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, , [81ffc269d1bac0762b8217dee91922de],
PUP.Optional.APNToolBar.Gen, C:\Users\Haba Baba\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, , [81ffc269d1bac0762b8217dee91922de],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf.json, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1031.mst, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1033.mst, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1034.mst, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1036.mst, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1040.mst, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1041.mst, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1043.mst, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1045.mst, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\1049.mst, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\2070.mst, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\AskToolbarInstaller-12.24.1_ORJ-SPE.msi, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\AskToolbarInstaller-12.27.0_ORJ-SPE.msi, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\AskToolbarInstaller-12.28.1_ORJ-SPE.msi, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\AskToolbarInstaller-12.29.0_ORJ-SPE.msi, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_ORJ-SPE@apn.ask.com.xpi, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaaiabcopkplhgaedhbloeejhhankf.json, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\content.zip, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntsrv.dll, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.APNToolBar.Gen, C:\Program Files\AskPartnerNetwork\Toolbar\Updater\ORJ-SPE\config.xml, , [a1dffe2d4a4196a00ba327ce2fd38977],
PUP.Optional.DSearchLink, C:\ProgramData\DSearchLink\Search.lnk, , [a0e070bb335870c60ed3f0170cf76898],
PUP.Optional.MyPCBackup, C:\Program Files\MyPC Backup\DEL_UnRegisterExtensions.exe, , [2c549a91ff8c84b2b382c44f20e35fa1],
PUP.Optional.ShieldPlus, C:\Users\Haba Baba\AppData\Local\ShieldPlus\spprt\Data, , [7010e3481972f2446b2b7f9a63a0b24e],
PUP.Optional.ShieldPlus, C:\Users\Haba Baba\AppData\Local\ShieldPlus\spprt\spprt.exe, , [7010e3481972f2446b2b7f9a63a0b24e],
PUP.Optional.ShieldPlus, C:\Users\Haba Baba\AppData\Local\ShieldPlus\spprt\spsvc.exe, , [7010e3481972f2446b2b7f9a63a0b24e],
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=367D0018E40734E1&affID=128235&tt=120614_shldpol&tsp=5278");), ,[2b553cefe3a8cb6b33d83167c1441ce4]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (35&tt=120614_shldpol&tsp=5278");
user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=367D0018E40734E1&affID=12), ,[a6dad05bb0db310503083c5ce5206f91]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (=128235&tt=120614_shldpol&tsp=5278");
user_pref("extensions.buenosearch.tb), ,[50302cff771479bd9675d9bfea1b54ac]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (rl", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=367D0018E40734), ,[f8889d8ef4973df91ceffe9a04014db3]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (p://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&), ,[c4bc42e9cdbef3437b901e7ac93c52ae]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (buenosearch.tlbrSrchUrl", "http://www.buenosearch.com), ,[e7990922c8c385b1f5167820f31218e8]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com), ,[a5dbb17a335885b1ab60465213f202fe]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searc), ,[215f8ba0e9a2f83ec14ab2e67e87c63a]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (ch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTerm), ,[4e32a685b5d650e695766137ac59e61a]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (search.tlbrSrchUrl", "http://www.buenosearch.com/?q={sear), ,[463afd2e602bb6800803b8e01ce9ca36]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (nosearch.tlbrSrchUrl", "http://www.buenosearch.com/), ,[8cf4b378e5a63cfa18f3dabeea1bfa06]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (ns.buenosearch.tlbrSrchUrl", "http://www.buenosearch), ,[9ee23eed5a31c76fcb401e7a7095dc24]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (s.buenosearch.tlbrSrchUrl", "http://www.buenosearch), ,[eb95c56693f8033382893d5b13f229d7]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (s.buenosearch.tlbrSrchUrl", "http://www.buenosearc), ,[760a1f0c9fec48ee6c9f7d1b48bdc739]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (ons.buenosearch.tlbrSrchUrl", "http://www.buenosear), ,[d2ae1714e4a7ab8b6c9fc2d654b13ac6]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (ns.buenosearch.tlbrSrchUrl", "http://www.buenosearch.c), ,[ceb21d0e117a56e0f2194652f70e18e8]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (buenosearch.tlbrSrchUrl", "http://www.buenosearch), ,[95eb38f387043402e3286335dd28d12f]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (ions.buenosearch.tlbrSrchUrl", "http://www.buenosearch), ,[e19f959658330c2a56b56533f31254ac]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (buenosearch.tlbrSrchUrl", "http://www.buenosearch.), ,[8ff14ae18704d363719ab3e56f9610f0]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (ons.buenosearch.tlbrSrchUrl", "http://www.buenosea), ,[e0a0f932aedda294b9529bfd976ea759]
PUP.Optional.BuenoSearch, C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js, Dobré: (), Špatné: (c=TB_ss&mntrId=367D0018E40734E1&affID=128235&tt=120614_shldpol&tsp=5278");
user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTerms}&bab), ,[dba5af7ca8e346f01e51acec2dd8f10f]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jaro3** » 03 zář 2015 17:09

nelegální systém...

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Lemmure · Příspěvekod **Lemmure** » 03 zář 2015 21:11

Takže ten USB problém má za vinu nelegální Win?

LOGY:
----------------------------------------------------------------------------------------------------------------------

ADW:

# AdwCleaner v5.005 - Logfile created 03/09/2015 at 17:36:56
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Haba Baba - HABABABA-PC
# Running from : C:\Users\Haba Baba\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : APNMCP

***** [ Folders ] *****

[-] Folder Deleted : C:\rei
[#] Folder Deleted : C:\Program Files\AskPartnerNetwork
[-] Folder Deleted : C:\Program Files\MyPC Backup
[-] Folder Deleted : C:\Program Files\SpeedItup Free
[!] Folder Not Deleted : C:\Program Files\SpeedItup Free
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\AskPartnerNetwork
[-] Folder Deleted : C:\ProgramData\DSearchLink
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\ProgramData\PC Optimizer Pro
[-] Folder Deleted : C:\ProgramData\Reimage Protector
[-] Folder Deleted : C:\ProgramData\{563b4f72-6fbb-036c-563b-b4f726fb3dc9}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
[-] Folder Deleted : C:\Users\Haba Baba\AppData\Local\AskPartnerNetwork
[-] Folder Deleted : C:\Users\Haba Baba\AppData\Roaming\DriverCure
[-] Folder Deleted : C:\Users\Haba Baba\AppData\Roaming\ParetoLogic
[-] Folder Deleted : C:\Users\Haba Baba\AppData\Roaming\YourFileDownloader
[#] Folder Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\OneClickDownloader@OneClickDownloader.com.xpi

***** [ Files ] *****

[-] File Deleted : C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_acfoobbgoakpihljnfedbcfaipcdlfhk_0.localstorage
[-] File Deleted : C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dcillohgikpecbmgioknapdpcjofaafl_0.localstorage
[-] File Deleted : C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jplinpmadfkdgipabgcdchbdikologlh_0.localstorage
[-] File Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\0\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\0\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\buenosearch.xml
[-] File Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js
[-] File Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Haba Baba\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yahoo.xml
[-] File Deleted : C:\Windows\Reimage.ini

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : RDReminder
[-] Task Deleted : YourFile DownloaderUpdate
[-] Task Deleted : YourFile DownloaderUpdate

***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKCU\Software\AskPartnerNetwork
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\pc optimizer pro
[-] Key Deleted : HKCU\Software\zona
[-] Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\YourFileDownloader
[-] Key Deleted : HKLM\SOFTWARE\Reimage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1D00}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DE0EC626-DD23-47B9-A552-950105EDE4D0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0D100
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\D2A425F405350054677A7A857BC0D100
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0D100
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-4117245281-1480158384-2095474572-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[!] Key Not Deleted : HKU\S-1-5-21-4117245281-1480158384-2095474572-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

***** [ Web browsers ] *****

[-] [C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaaiabcopkplhgaedhbloeejhhankf

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6389 bytes] ##########
----------------------------------------------------------------------------------------------------------------------

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Ultimate x86
Ran by Haba Baba on źt 03.09.2015 at 19:03:52,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\System32\tasks\DLL-files.com Fixer
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster SkipUAC (Haba Baba)
Successfully deleted: [Task] C:\Windows\System32\tasks\Driver Booster Update
Successfully deleted: [Task] C:\Windows\System32\tasks\Uninstaller_SkipUac_Haba_Baba

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81FA428925F22ACB3A965
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09F45BAFAAE1D7546ED4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050B2E46B9C4B67A8F59577
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606D43BB064BD63CBD87E
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28C944FBC7579CF4949414
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3DC1468548785DC856EDA
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8D249B526503432F99D4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4BA46856BF57969F6A36
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56C49B56F6B83E293C15
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927C4E9B7BC1D3FD1E49F
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327DC64C9A8B641A9E89646
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

~~~ Files

Successfully deleted: [File] C:\Users\Haba Baba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\dll-files fixer.lnk

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Haba Baba\AppData\Roaming\dll-files.com
Successfully deleted: [Folder] C:\Users\Haba Baba\AppData\Roaming\iobit\driver booster
Successfully deleted: [Folder] C:\Users\Haba Baba\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\ProgramData\Downlooad keeperr

~~~ Chrome

[C:\Users\Haba Baba\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Haba Baba\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Haba Baba\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Haba Baba\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 03.09.2015 at 19:06:49,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 3.9.2015
Čas skenování: 19:51
Protokol: gjgh.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.09.03.06
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Haba Baba

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 329389
Uplynulý čas: 19 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

----------------------------------------------------------------------------------------------------------------------

RogueKiller:

RogueKiller V10.10.3.0 [Aug 31 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Haba Baba [Práva správce]
Started from : C:\Users\Haba Baba\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 09/03/2015 20:53:42

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Avgfwfd (system32\DRIVERS\avgfwd6x.sys) -> Nalezeno
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001Core.job -- C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe (/c /nocrashserver) -> Nalezeno
[Suspicious.Path] %WINDIR%\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001UA.job -- C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe (/ua /installsource scheduler) -> Nalezeno
[Suspicious.Path] \FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001Core -- C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe (/c /nocrashserver) -> Nalezeno
[Suspicious.Path] \FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001UA -- C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe (/ua /installsource scheduler) -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.com

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CREATE[0] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_POWER[22] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_PNP[27] : Unknown @ 0x41e0a8fa3f000000

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] f7735ab828df7a934b51a0903f350a96
[BSP] 90e143fe70ee61493de4af3da50f8fed : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 39997 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 81915435 | Size: 265237 MB
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **jaro3** » 04 zář 2015 09:21

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Lemmure · Příspěvekod **Lemmure** » 06 zář 2015 15:38

ComboFix sem musel spouštet v nouzáku a pořád mi hlásí, že mám zaplej antivir. I když sem ho vypnul .. i když sem ho posléze odinstaloval. :huh:

LOGY:
----------------------------------------------------------------------------------------------------------------------
RK:

RogueKiller V10.10.3.0 [Aug 31 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Haba Baba [Práva správce]
Started from : C:\Users\Haba Baba\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 09/06/2015 13:42:02

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Avgfwfd (system32\DRIVERS\avgfwd6x.sys) -> Smazáno
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)

¤¤¤ Úlohy : 4 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001Core.job -- C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe (/c /nocrashserver) -> Smazáno
[Suspicious.Path] %WINDIR%\Tasks\FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001UA.job -- C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe (/ua /installsource scheduler) -> Smazáno
[Suspicious.Path] \FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001Core -- C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe (/c /nocrashserver) -> Smazáno
[Suspicious.Path] \FacebookUpdateTaskUserS-1-5-21-4117245281-1480158384-2095474572-1001UA -- C:\Users\dida\AppData\Local\Facebook\Update\FacebookUpdate.exe (/ua /installsource scheduler) -> ERROR [0]

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhostSmazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.comSmazáno

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CREATE[0] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_POWER[22] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x41e0a8fa3f000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\winhv.sys - IRP_MJ_PNP[27] : Unknown @ 0x41e0a8fa3f000000

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] f7735ab828df7a934b51a0903f350a96
[BSP] 90e143fe70ee61493de4af3da50f8fed : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 39997 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 81915435 | Size: 265237 MB
User = LL1 ... OK
User = LL2 ... OK
----------------------------------------------------------------------------------------------------------------------

ZOEK:

Zoek.exe v5.0.0.0 Updated 04-September-2015
Tool run by Haba Baba on ne 06.09.2015 at 13:53:19,92.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Haba Baba\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6.9.2015 13:56:30 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\AGEIA Technologies deleted successfully
C:\Program Files\AnalogX deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\VideoLAN deleted successfully
C:\PROGRA~2\AMD deleted successfully
C:\PROGRA~2\blacksilver0 deleted successfully
C:\PROGRA~2\IDM deleted successfully
C:\PROGRA~2\Ubisoft deleted successfully
C:\PROGRA~2\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully
C:\Users\Haba Baba\AppData\Roaming\DMCache deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Haba Baba\AppData\Roaming\QipGuard deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Vso deleted successfully
C:\Users\Haba Baba\AppData\Local\Atari deleted successfully
C:\Users\Haba Baba\AppData\Local\ShieldPlus deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\HABABA~1\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", );

Added to C:\Users\HABABA~1\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\HABABA~1\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:

Added to C:\Users\HABABA~1\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command]
@="C:\\Program Files\\Opera\\Opera.exe"

==== Deleting Files \ Folders ======================

C:\Program Files\AGEIA Technologies not found
C:\Program Files\AnalogX not found
C:\Program Files\VideoLAN not found
C:\PROGRA~2\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found
C:\Users\Haba Baba\.android deleted
C:\Program Files\BitLord deleted
C:\BlueSoleil.exe deleted
C:\found.000 deleted
C:\Users\Haba Baba\AppData\Roaming\cdr.ini deleted
C:\Users\Haba Baba\AppData\Roaming\ProductData deleted
C:\PROGRA~2\spds90.txt deleted
C:\PROGRA~2\ProductData deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Witch Remote Control deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord deleted
C:\Users\Haba Baba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
"C:\Users\Haba Baba\AppData\Roaming\Yandex\ui" deleted
"C:\Users\Haba Baba\AppData\Roaming\Yandex" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\HABABA~1\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\HABABA~1\AppData\Roaming\Mozilla\Firefox\Profiles\0
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27.01.2015 20:49]

==== Firefox Extensions ======================

ProfilePath: C:\Users\HABABA~1\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\iobitascsurfingprotection@iobit.com

ProfilePath: C:\Users\HABABA~1\AppData\Roaming\Mozilla\Firefox\Profiles\0
- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\iobitascsurfingprotection@iobit.com

==== Firefox Plugins ======================

==== Chromium Look ======================

Google Chrome Version: 45.0.2454.85

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30.11.2014 01:50]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01.05.2015 11:17]

Last.fm Scrobbler - Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm
Last.fm Scrobbler - Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Extensions\nkeleodkblflbdhjiikdkhekapgnfkdc

==== Chromium Fix ======================

C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_ilyrics.eu_0.localstorage deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.darklyrics.com_0.localstorage deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.hiplyrics.com_0.localstorage deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.lyrics.com_0.localstorage deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.lyricsmode.com_0.localstorage deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.plyrics.com_0.localstorage deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.plyrics.com_0.localstorage-journal deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.songlyrics.com_0.localstorage deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.moddb.com_0.localstorage deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_static.moddb.com_0.localstorage-journal deleted successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\https_static.olark.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{399a1442-7377-49e7-8d77-6dc9ed5968c1} Zbozi Url="http://www.zbozi.cz/?q={searchTerms}&sourceid=quicksearch_6826"
{5cf5d387-d87c-4408-9a6b-301b0713d62a} Mapy Url="http://www.mapy.cz/?query={searchTerms}&sourceid=quicksearch_6826"
{8172f457-818d-46db-941f-2bbe53e156af} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{eb97f7df-1773-4916-aae6-5af74da8c69d} Firmy Url="http://www.firmy.cz/phr/{searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Haba Baba\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{42C8B77A-EFB1-03C4-8563-1123EB202927} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF007CA0-F3D8-5DF2-8EF1-73425A96F222} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Mobile Witch Remote Control deleted successfully

==== Empty IE Cache ======================

C:\Users\Haba Baba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Haba Baba\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Haba Baba\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=185 folders=34 21375665 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Haba Baba\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\HABABA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ne 06.09.2015 at 14:27:32,65 ======================

Příspěvekod **Orcus** » 06 zář 2015 19:26

OK, ještě Combofix.

Prosil bych o kontrolu logu

Prosil bych o kontrolu logu

Re: Prosil bych o kontrolu logu

Re: Prosil bych o kontrolu logu

Re: Prosil bych o kontrolu logu

Re: Prosil bych o kontrolu logu

Re: Prosil bych o kontrolu logu

Re: Prosil bych o kontrolu logu

Re: Prosil bych o kontrolu logu

Kdo je online