Kontrola logu + problémy s prohlížeči

[asphyxia]

RogueKiller V10.1.2.0 (x64) [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Aduš [Práva správce]
Mód : Smazat -- Datum : 01/12/2015 14:30:57

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WindowsMangerProtect -> Smazáno
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B903DCBD-16E7-4B31-90D9-814C828842DD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B903DCBD-16E7-4B31-90D9-814C828842DD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B903DCBD-16E7-4B31-90D9-814C828842DD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547564A9E384 ATA Device +++++
--- User ---
[MBR] b83bd3c75d10d3cb2a7dc12b6d2df943
[BSP] 7ad93314db0007bbac2689e6bcc97239 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99900 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 510477 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_08052014_125150.log - RKreport_SCN_01102015_170602.log - RKreport_SCN_08042014_224743.log - RKreport_SCN_08052014_124939.log
RKreport_SCN_01122015_142856.log

[Reklama]

[asphyxia]

Zoek.exe v5.0.0.0 Updated 09-January-2015
Tool run by Aduç on po 12.01.2015 at 14:33:05,77.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ADU~1\Downloads\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12.1.2015 14:35:41 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\#1 Free Minesweeper deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Sony Ericsson deleted successfully
C:\PROGRA~3\Nokia deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Sony Ericsson deleted successfully
C:\Users\ADU~1\AppData\Local\CrashDumps deleted successfully
C:\Users\ADU~1\AppData\Local\GHISLER deleted successfully
C:\Users\ADU~1\AppData\Local\PokerStars deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2541502201-1689814716-1813449491-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully
HKEY_USERS\S-1-5-21-2541502201-1689814716-1813449491-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8E2C600-0756-488D-AE81-665DE72C97C4} deleted successfully
HKEY_USERS\S-1-5-21-2541502201-1689814716-1813449491-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7D020E2-DCF6-4161-B80E-11296015A847} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2541502201-1689814716-1813449491-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{31264a33-a653-46c4-af49-1232c59a7da5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{31264a33-a653-46c4-af49-1232c59a7da5} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IHProtect Service deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IHProtect Service deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\ADU~1\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default\prefs.js:
user_pref("browser.search.defaulturl", "https://www.google.com/search");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\ADU~1\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\ADU~1\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default

user.js not found
---- Lines extensions.1qrtZLj7QD removed from prefs.js ----
user_pref("extensions.1qrtZLj7QD.epoch", "1");
user_pref("extensions.1qrtZLj7QD.scode", "void(0);");
user_pref("extensions.1qrtZLj7QD.url", "http://syncjpionline.co.il/sync/?q=hfZ9oeV8hfa7tNbPhd9EtMqLDe49CNU0exYMCMlNhd9Fqda6rdsGrjs6rjgMAe4UojCHrHg9rHg
---- Lines extensions.80l removed from prefs.js ----
user_pref("extensions.80l.epoch", "1389274405");
user_pref("extensions.80l.url", "http://extsync.info/sync2/?q=hfZ9ofhTgShEAen0rchTB6lKDzt4okqAtNtVh7n0rjrFrTrErdrGpdw4tMFHhd9FqdaFrdYFrHrGqjkMDMlGojUM
---- Lines extensions.9g76 removed from prefs.js ----
user_pref("extensions.9g76.epoch", "1395699281");
user_pref("extensions.9g76.url", "http://toolkitsetusa.info/sync2/?q=hfZ9ofl4DchEAen0rchTB6lKDzt4okqAtNtVh7n0rjnErTs5rjrFqHr7tMFHhd9FqdaHrTrGrTw9rHYMD
---- Lines extensions.AUHPxhEBx removed from prefs.js ----
user_pref("extensions.AUHPxhEBx.epoch", "1");
user_pref("extensions.AUHPxhEBx.scode", "void(0);");
user_pref("extensions.AUHPxhEBx.url", "http://filecontroller.co.il/sync/?q=hfZ9oeFEAHnMCyVUojaMg708BNmGWj8gechGheDUojw9rdgFrHa5rHaFrShPBMn0rjg9pdsFrTU
---- Lines extensions.N24hqw removed from prefs.js ----
user_pref("extensions.N24hqw.epoch", "1");
user_pref("extensions.N24hqw.scode", "void(0);");
user_pref("extensions.N24hqw.url", "http://filesgetitnow.com/sync/?q=hfZ9oeFEAHnMCyVUojaMg708BNmGWj8deShGheDUojw9rdkGqTw9rdwEpihPBMn0qTwFrTY7pja8rGhHC
---- Lines extensions.dfz8 removed from prefs.js ----
user_pref("extensions.dfz8.epoch", "1");
user_pref("extensions.dfz8.scode", "void(0);");
user_pref("extensions.dfz8.url", "http://allstarcoupon.eu/sync/?q=hfZ9ofbLDGhEAen0rchTB6lKDzt4okqAtNtVh7n0rjnEqjs9rja9rja7tMVKhd9Hpjs5rdg7pdwFtNqHhd95
---- Lines extensions.s0D9W2AVkuZ removed from prefs.js ----
user_pref("extensions.s0D9W2AVkuZ.epoch", "1389274405");
user_pref("extensions.s0D9W2AVkuZ.url", "http://getsrv.info/sync2/?q=hfZ9ofbLAfkMCyVUojaMg708BNmGWj8deShGheDUojwHrjsHrdaHrTYEqGhIC7n0rjnErja5rjrHrTk7t
---- Lines extensions.s277OxUS5no removed from prefs.js ----
user_pref("extensions.s277OxUS5no.epoch", "1395699281");
user_pref("extensions.s277OxUS5no.url", "http://discountgetdirect.ru/sync2/?q=hfZ9oemHpjYGtNbPhd9EtMqLDe49CNU0n8OMCMlNhd9FqdaFrHaGrjrGrjwMBzqUojw9rdrG
---- FireFox user.js and prefs.js backups ----

prefs_12.01.2015_1458_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\hakhammgomkmcigjedipokfpmopfjipe deleted
C:\Users\ADU~1\AppData\LocalLow\{04E527FD-7D1A-91DD-EB3E-4042C09EFC1A} deleted
C:\Users\ADU~1\AppData\LocalLow\{19B61B3F-2099-657F-9AE8-F3C583DDFA0B} deleted
C:\Users\ADU~1\AppData\LocalLow\{6EB9A4B7-CF64-1E36-70C2-C12FC51CB3F3} deleted
C:\Users\ADU~1\AppData\LocalLow\{7D22265F-88FB-5C5C-FDFB-32DC1345EF93} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{30D331C7-AFF4-7A45-B5C1-0738415E3F69} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{6EB9A4B7-CF64-1E36-70C2-C12FC51CB3F3} deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\{7A8F1DAF-6D92-5F89-5E04-3CEFEB0343FA} deleted
C:\Users\ADU~1\AppData\Local\Packages\windows_ie_ac_001\AC\{04E527FD-7D1A-91DD-EB3E-4042C09EFC1A} deleted
C:\Users\ADU~1\AppData\Local\Packages\windows_ie_ac_001\AC\{19B61B3F-2099-657F-9AE8-F3C583DDFA0B} deleted
C:\Users\ADU~1\AppData\Local\Packages\windows_ie_ac_001\AC\{7D22265F-88FB-5C5C-FDFB-32DC1345EF93} deleted
C:\Users\ADU~1\AppData\Local\Packages\windows_ie_ac_001\AC\{DDBC49CC-1D0E-C358-D823-A5A92AC67715} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{30D331C7-AFF4-7A45-B5C1-0738415E3F69} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{6EB9A4B7-CF64-1E36-70C2-C12FC51CB3F3} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{7A8F1DAF-6D92-5F89-5E04-3CEFEB0343FA} deleted
C:\PROGRA~3\3c2873b3447ec8e0 deleted
C:\Users\ADU~1\AppData\LocalLow\BS_Player_ControlBar_B deleted
C:\Users\ADU~1\.android deleted
C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\omiga-plus.xml deleted
C:\PROGRA~2\STab deleted
C:\blocem54.exe deleted
C:\PhotoZoom_Pro_5.1.0.exe deleted
C:\PROGRA~3\IHProtectUpDate deleted
C:\PROGRA~3\InstallMate deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\ADU~1\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default\jetpack deleted
C:\Users\ADU~1\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default\CT2786678 deleted
C:\Users\ADU~1\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default\CT3329621 deleted
C:\Users\ADU~1\bsplayer258.1058.exe deleted
C:\Users\ADU~1\Defogger.exe deleted
C:\Users\ADU~1\InpaintSetup.exe deleted
C:\Users\ADU~1\jxpiinstall.exe deleted
C:\Users\ADU~1\PokerStarsInstall.exe deleted
C:\Users\ADU~1\setup.exe deleted
C:\Users\ADU~1\SpotifySetup.exe deleted
C:\Users\ADU~1\UnityWebPlayer.exe deleted
C:\Users\ADU~1\utorrent.exe deleted
C:\Users\ADU~1\UVT-416-version1-eduroamcuni.exe deleted
C:\Users\ADU~1\vlc-2.1.5-win32.exe deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\ADU~1\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [15.05.2014 20:31]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ADU~1\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default
- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - wrc@avast.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 31.0.1650.63 (Possible outdated, latest Stable version: 39.0.2171.95)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eagclgphdjhodhooppndhjcahgmfejdg - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home698\ch\MediaWatchV1home698.crx[]

Seznam Li\u0161ti\u010Dka - Email - ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Li\u0161ti\u010Dka - Slovn\u00EDk - ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
Thor Lego Adventures - ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\chomoaoihbpongmkmnldppkllcfhggda
FiNNdBeistDeal - ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhibgkmpfgaajecncpaemjmejnkbdoeo
Hao123 Speed Dial - ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgknaemoiakmnafpgmbglmkdfagljpd
DiGiCoUupon - ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibkhocedkcimkeigdpgeobpeienmcng
DiggiSaAvveero - ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejnfhdnahdblgjinephmepbijnldppc
Craigslist - ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplmlaidpjpkjoanahipnjndbdafkfb
50COupaons - ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcklngbblcdpfpgfgpmopliohkhpnlm
Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba - ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak

==== Chromium Startpages ======================

C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.google.cz/",
"startup_urls": [ "https://www.seznam.cz/?clid=22668" ],
"urls_to_restore_on_startup": [ "https://www.google.cz/?gws_rd=ssl", "http://isearch.omiga?type=hppppppppppppp" ]


==== Chromium Fix ======================

C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal deleted successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.yourfiledownloader.buenosearch.com_0.localstorage-journal deleted successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmgknaemoiakmnafpgmbglmkdfagljpd deleted successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhibgkmpfgaajecncpaemjmejnkbdoeo deleted successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\chomoaoihbpongmkmnldppkllcfhggda deleted successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gibkhocedkcimkeigdpgeobpeienmcng deleted successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jejnfhdnahdblgjinephmepbijnldppc deleted successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmplmlaidpjpkjoanahipnjndbdafkfb deleted successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcklngbblcdpfpgfgpmopliohkhpnlm deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{24B0B6BE-A5F1-4505-874B-92BA3422DB4F} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_13415"
{5BD89EE1-2ADA-4112-B786-B1EF076B9BA3} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_13415"
{62024BA0-E3A1-4C9E-890F-7DF8B5C0A296} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz="
{70078F63-6A72-DF9E-F5DB-614968A9B375} Unknown Url="Not_Found"
{8E7756D9-9532-48D7-9B01-8085885A689F} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415"
{8F79D360-41FB-42F1-BAE2-1B100C03CF84} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415"
{941CC11F-25F5-4E85-871A-4BE82A372CD7} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
{AC0689BC-B0A3-449D-AA00-CF9251A9762A} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_13415"
{BEE8D105-7527-4580-A6D6-683FCB65D881} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415"

==== Reset Google Chrome ======================

C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2541502201-1689814716-1813449491-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70078F63-6A72-DF9E-F5DB-614968A9B375} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{840C917B-0AB1-8509-67E2-42935FEFB38D} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BC131F5E-C73E-451E-87BA-9BE3329F021D} deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eagclgphdjhodhooppndhjcahgmfejdg deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ADU~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DR6T1LBH will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\ADU~1\AppData\Local\Mozilla\Firefox\Profiles\75ca2718.default\cache2 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\tpaojo2h.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\ADU~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=244 folders=76 136483521 bytes)

==== Empty Temp Folders ======================

C:\Users\Adua\AppData\Local\temp emptied successfully
C:\Users\AppData\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\ADU~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ADU~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\ADU~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DR6T1LBH" not found

==== EOF on po 12.01.2015 at 15:09:02,17 ======================

[Orcus]

Co problémy?

[asphyxia]

no, mozilla zatím nepadá, ale videa přes chrome se stále sekaj, ač míň..

[Orcus]

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.

[asphyxia]

ComboFix 15-01-18.01 - Aduš 20.01.2015 17:42:14.16.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3552.2297 [GMT 1:00]
Spuštěný z: c:\users\AduÜ\Downloads\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-20 do 2015-01-20 )))))))))))))))))))))))))))))))
.
.
2015-01-16 13:53 . 2015-01-16 13:53 -------- d-----w- c:\users\Aduš\AppData\Local\CrashDumps
2015-01-14 15:03 . 2015-01-14 15:03 5013680 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-14 12:13 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 12:13 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 12:13 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 12:13 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-14 12:13 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-14 12:13 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 12:13 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 12:12 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 12:12 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 12:12 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 12:12 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 12:12 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-14 12:12 . 2014-12-12 05:07 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-01-12 14:04 . 2015-01-20 17:29 -------- d-----w- c:\users\Aduš\AppData\Local\Temp
2015-01-12 14:04 . 2015-01-12 13:32 24064 ----a-w- c:\windows\zoek-delete.exe
2015-01-12 13:32 . 2015-01-12 14:01 -------- d-----w- C:\zoek_backup
2015-01-11 22:11 . 2015-01-11 22:11 6370 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-16 13:51 . 2011-10-15 11:07 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-14 15:03 . 2012-04-04 09:43 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 15:03 . 2011-10-15 18:56 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-12 13:23 . 2014-08-04 20:36 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-10 02:09 . 2014-08-04 11:49 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-06 03:36 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-17 02:02 . 2014-12-17 01:55 1027080672 ----a-w- C:\Photoshop_12_LS1.zip
2014-12-17 01:17 . 2014-12-17 01:17 21441594 ----a-w- C:\PhotoZoomPro5.zip
2014-12-13 05:09 . 2014-12-18 08:35 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 08:35 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-10 23:55 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 23:55 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 23:55 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 23:55 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 23:55 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 23:55 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 23:55 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 23:55 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 23:55 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 23:54 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 23:55 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 23:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 23:55 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 23:54 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 23:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 23:55 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 23:54 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 23:54 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 23:55 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 23:54 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 23:55 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 23:54 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 23:54 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 23:55 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 23:54 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 23:55 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 23:55 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 23:54 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 23:54 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 23:55 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 23:55 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 23:55 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 23:54 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 23:55 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 23:55 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 23:55 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 23:55 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 23:54 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 23:55 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 23:54 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 23:55 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 23:55 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 23:54 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 23:55 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 23:55 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 23:55 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 23:55 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 23:55 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 05:14 . 2014-08-04 11:49 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 05:14 . 2014-08-04 11:49 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 05:14 . 2014-08-04 11:49 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-19 03:26 . 2014-11-19 03:26 1614504 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 03:09 . 2014-12-10 23:55 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 15:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 15:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 23:55 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 15:08 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 15:08 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 23:55 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 23:53 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 23:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-10 23:53 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 23:53 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 23:23 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 23:23 67584 ----a-w- c:\windows\SysWow64\packager.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-10-15 468192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Spotify"="c:\users\Aduš\AppData\Roaming\Spotify\Spotify.exe" [2014-12-13 6737976]
"Spotify Web Helper"="c:\users\Aduš\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-13 1676344]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-08 3890208]
"seznam-listicka-distribuce"="c:\program files (x86)\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=0 (0x0)
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 18:04 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-15 19:31 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-12-17 500208]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Aduš\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
Celkový čas: 2015-01-20 18:31:32
ComboFix-quarantined-files.txt 2015-01-20 17:31
.
Před spuštěním: Volných bajtů: 35 657 461 760
Po spuštění: Volných bajtů: 35 764 436 992
.
- - End Of File - - 13053CEBCC1920C2F4FA49E61E8B1D75
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vlož nový log z HJT + info o problémech.

[asphyxia]

Jsem asi pitomec, ale nevím si rady s odinstalací combofixu. spustit znamená co? :) Díky.

[Orcus]

Menu start -> spustit.

[asphyxia]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-01-26 01:17:40
-----------------------------
01:17:40.711 OS Version: Windows x64 6.1.7601 Service Pack 1
01:17:40.711 Number of processors: 2 586 0x100
01:17:40.711 ComputerName: ADUŠ-PC UserName: Aduš
01:17:41.538 Initialize success
01:17:41.554 VM: initialized successfully
01:17:41.554 VM: outdated driver version !
01:17:45.142 AVAST engine defs: 15012501
01:17:49.759 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:17:49.775 Disk 0 Vendor: Hitachi_HTS547564A9E384 JEDOA50A Size: 610480MB BusType: 11
01:17:49.931 Disk 0 MBR read successfully
01:17:49.931 Disk 0 MBR scan
01:17:49.931 Disk 0 Windows 7 default MBR code
01:17:49.947 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:17:49.962 Disk 0 default boot code
01:17:49.978 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
01:17:49.993 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 510477 MB offset 204802048
01:17:50.118 Disk 0 scanning C:\Windows\system32\drivers
01:18:03.019 Service scanning
01:18:49.523 Modules scanning
01:18:49.523 Disk 0 trace - called modules:
01:18:49.539 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
01:18:49.554 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f83790]
01:18:49.554 3 CLASSPNP.SYS[fffff880018f443f] -> nt!IofCallDriver -> [0xfffffa8004f83040]
01:18:49.554 5 hpdskflt.sys[fffff880013f6189] -> nt!IofCallDriver -> [0xfffffa8004dff520]
01:18:49.570 7 ACPI.sys[fffff88000eeb7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004dfd680]
01:18:50.022 AVAST engine scan C:\Windows
01:18:51.879 AVAST engine scan C:\Windows\system32
01:21:50.265 AVAST engine scan C:\Windows\system32\drivers
01:22:04.055 AVAST engine scan C:\Users\Aduš
01:22:23.025 Disk 0 MBR has been saved successfully to "C:\Users\Aduš\Downloads\Desktop\MBR.dat"
01:22:23.041 The log file has been saved successfully to "C:\Users\Aduš\Downloads\Desktop\aswMBR.txt"

[jaro3]

Vlož nový log z HJT + info o problémech.

[asphyxia]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:50:47, on 26.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\Aduš\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Aduš\Downloads\Desktop\Programy\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spotify] "C:\Users\Aduš\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Aduš\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7796 bytes