Zabržděný Notebook

[martyxxx]

Zdravím. Prosím o kontrolu logu. Notebook hrozně pomalu pracuje, občas se "kousne" úplně. Děkuji

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:56:51, on 25.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

FIREFOX: 38.0.5 (x86 cs)
Boot mode: Normal

Running processes:
C:\Users\Martin\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
C:\Users\Martin\Desktop\Nová složka (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [SDP] C:\Users\Martin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto
O4 - HKCU\..\Run: [FLV Player] C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6995 bytes

[Reklama]

[jerabina]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[martyxxx]

Zde log z Malwarebytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 25.6.2015
Čas skenování: 20:09:37
Protokol:
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.25.04
Databáze rootkitů: v2015.06.22.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Martin

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 350834
Uplynulý čas: 13 min, 39 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 2
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Local\FilesFrog Update Checker\update_checker.exe, 2952, , [d5131ca2c5c56bcb0d3f2104fe02f907]
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe, 2980, , [38b0dae4bad030069a83b46f3cc808f8]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 6
PUP.Optional.Somoto.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FilesFrog Update Checker, , [02e6992515755fd7087bed56b1508779],
PUP.Optional.WebPlayer.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FLV Player, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.PCPerformer.A, HKLM\SOFTWARE\WOW6432NODE\PERFORMERSOFT\PC Performer, , [7870813d09811c1a163bb4a74eb718e8],
PUP.Optional.Somoto.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\Somoto, , [5e8a546a4c3eb482a8e5110646be53ad],
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\BI, , [98500db10a80f83eeed4ef70d3323cc4],
PUP.Optional.Somoto.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\SOMOTO\SDP, , [ae3a13abcbbffd39c534b1ad28dd9967],

Hodnoty registru: 4
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SDP, C:\Users\Martin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto , , [d5131ca2c5c56bcb0d3f2104fe02f907]
PUP.Optional.WebPlayer.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FLV Player, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe, , [38b0dae4bad030069a83b46f3cc808f8]
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, , [98500db10a80f83eeed4ef70d3323cc4]
PUP.Optional.Somoto.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\SOMOTO\SDP|affid, awcz7zip59818, , [ae3a13abcbbffd39c534b1ad28dd9967]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 9
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\icons, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\web_player, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Local\FilesFrog Update Checker, , [18d0f9c51c6e989e2da300c1be45e21e],
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker, , [db0dfdc1ddad4cea08c91ba608fb35cb],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService, , [e404aa14098180b621330bcc51b21fe1],

Soubory: 28
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Local\FilesFrog Update Checker\update_checker.exe, , [d5131ca2c5c56bcb0d3f2104fe02f907],
Adware.InstallBrain, C:\$Recycle.Bin\S-1-5-21-3909078151-1644892357-517948218-1000\trzCF8E.tmp, , [e40476480d7da5919ab06bd5010002fe],
PUP.Optional.Somoto.A, C:\Users\Martin\AppData\Local\FilesFrog Update Checker\uninstall.exe, , [02e6992515755fd7087bed56b1508779],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\installer.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\common.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\Uninstall.exe, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\icons\main.ico, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\icons\shortcut.ico, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\icons\tray.ico, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\config.xml, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\default_config.json, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\main.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\stub.html, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\event_listener.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\initialize.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\io.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\json.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\jsonstorage.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\storage.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\utils.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\xhr.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\web_player\initialize.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\web_player\web_player.js, , [38b0dae4bad030069a83b46f3cc808f8],
PUP.Optional.SpeedAnalysis2.A, C:\Users\Martin\AppData\Roaming\speedanalysis.ico, , [0edadce23555bc7ab59b7edd010439c7],
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk, , [db0dfdc1ddad4cea08c91ba608fb35cb],
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk, , [db0dfdc1ddad4cea08c91ba608fb35cb],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService\repository.xml, , [e404aa14098180b621330bcc51b21fe1],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Zde z Adw

# AdwCleaner v4.207 - Log vytvořen 25/06/2015 v 19:51:22
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-06-21.1 [Local]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Martin - MARTIN-PC
# Spuštěno z : C:\Users\Martin\Desktop\AdwCleaner.exe
# Nastavení : Sken

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files (x86)\DAEMON Tools Toolbar
Složka Nalezeno : C:\Program Files (x86)\WinZip Registry Optimizer
Složka Nalezeno : C:\ProgramData\Babylon
Složka Nalezeno : C:\ProgramData\IBUpdaterService
Složka Nalezeno : C:\Users\Martin\AppData\Local\FilesFrog Update Checker
Složka Nalezeno : C:\Users\Martin\AppData\Local\webplayer
Složka Nalezeno : C:\Users\Martin\AppData\Roaming\Babylon
Složka Nalezeno : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Složka Nalezeno : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
Soubor Nalezeno : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\w5727g75.default\invalidprefs.js
Soubor Nalezeno : C:\Users\Martin\AppData\Roaming\speedanalysis.ico
Soubor Nalezeno : C:\Windows\System32\roboot64.exe

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****

Zástupce Infikováno : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk

***** [ Registry ] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FLV Player]
Hodnota Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Klíč Nalezeno : HKCU\Software\BI
Klíč Nalezeno : HKCU\Software\dt soft\daemon tools toolbar
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Klíč Nalezeno : HKCU\Software\Somoto
Klíč Nalezeno : HKCU\Software\Webplayer
Klíč Nalezeno : [x64] HKCU\Software\BI
Klíč Nalezeno : [x64] HKCU\Software\dt soft\daemon tools toolbar
Klíč Nalezeno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Klíč Nalezeno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Klíč Nalezeno : [x64] HKCU\Software\Somoto
Klíč Nalezeno : [x64] HKCU\Software\Webplayer
Klíč Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíč Nalezeno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Prod.cap
Klíč Nalezeno : HKLM\SOFTWARE\Classes\SDP
Klíč Nalezeno : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Klíč Nalezeno : HKLM\SOFTWARE\PerformerSoft
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}

***** [ Prohlížeče ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v38.0.5 (x86 cs)


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [3731 bytů] - [25/06/2015 19:51:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3789 bytů] ##########

[Orcus]

- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[martyxxx]

Snad vše provedeno správně. Zde logy

RogueKiller V10.8.6.0 (x64) [Jun 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Martin [Práva správce]
Started from : C:\Users\Martin\Desktop\Nová složka (2)\RogueKillerX64.exe
Mód : Prohledat -- Datum : 06/26/2015 10:51:32

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3909078151-1644892357-517948218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3909078151-1644892357-517948218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\Hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\Hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKT-60V5T1 ATA Device +++++
--- User ---
[MBR] 50d6ba9f9107f17704b87d2b337c1970
[BSP] 47e89f753c98a817a79f412ee11869ba : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

další
# AdwCleaner v4.207 - Log vytvořen 25/06/2015 v 23:24:52
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-06-21.1 [Local]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : Martin - MARTIN-PC
# Spuštěno z : C:\Users\Martin\Desktop\AdwCleaner.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\Babylon
Složka Smazáno : C:\Program Files (x86)\DAEMON Tools Toolbar
Složka Smazáno : C:\Program Files (x86)\WinZip Registry Optimizer
Složka Smazáno : C:\Users\Martin\AppData\Local\FilesFrog Update Checker
Složka Smazáno : C:\Users\Martin\AppData\Local\webplayer
Složka Smazáno : C:\Users\Martin\AppData\Roaming\Babylon
Složka Smazáno : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
Soubor Smazáno : C:\Windows\System32\roboot64.exe
Soubor Smazáno : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\w5727g75.default\invalidprefs.js

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Klíč Smazáno : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\Prod.cap
Klíč Smazáno : HKLM\SOFTWARE\Classes\SDP
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Klíč Smazáno : HKCU\Software\dt soft\daemon tools toolbar
Klíč Smazáno : HKCU\Software\Webplayer
Klíč Smazáno : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Klíč Smazáno : HKLM\SOFTWARE\PerformerSoft
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar

***** [ Prohlížeče ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v38.0.5 (x86 cs)


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [3895 bytů] - [25/06/2015 19:51:22]
AdwCleaner[R1].txt - [3218 bytů] - [25/06/2015 23:22:58]
AdwCleaner[S0].txt - [2651 bytů] - [25/06/2015 23:24:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2709 bytů] ##########
další
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.1.4 (06.25.2015:1)
OS: Windows 7 Professional x64
Ran by Martin on p  26.06.2015 at 0:41:45,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox




~~~ Chrome


[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Martin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  26.06.2015 at 0:48:49,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
další
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 25.6.2015
Čas skenování: 23:01:15
Protokol: Malwarebytes.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.25.06
Databáze rootkitů: v2015.06.22.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Martin

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 350899
Uplynulý čas: 14 min, 15 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 2
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Local\FilesFrog Update Checker\update_checker.exe, 2952, Smazat při restartu, [bc2e9a246d1dc571a7a523029070b749]
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe, 2980, Smazat při restartu, [23c7ac1290fa5ed82664180b58ac6a96]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 6
PUP.Optional.Somoto.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FilesFrog Update Checker, Do karantény, [c2287e40870370c6bcdce75c5ca57888],
PUP.Optional.WebPlayer.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FLV Player, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.PCPerformer.A, HKLM\SOFTWARE\WOW6432NODE\PERFORMERSOFT\PC Performer, Do karantény, [f3f7ad11117952e4437b055628dd7f81],
PUP.Optional.Somoto.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\Somoto, Do karantény, [0fdb7d41cebc48ee4eacf0276f951ae6],
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\BI, Do karantény, [6a805e6096f4ff3749e60b55897cdb25],
PUP.Optional.Somoto.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\SOMOTO\SDP, Do karantény, [04e60bb3c4c6a294095d0758768f7c84],

Hodnoty registru: 4
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SDP, C:\Users\Martin\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto , Do karantény, [bc2e9a246d1dc571a7a523029070b749]
PUP.Optional.WebPlayer.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FLV Player, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96]
PUP.Optional.FilesFrog.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\BI|ui_path_filesfrog, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker, Do karantény, [6a805e6096f4ff3749e60b55897cdb25]
PUP.Optional.Somoto.A, HKU\S-1-5-21-3909078151-1644892357-517948218-1000\SOFTWARE\SOMOTO\SDP|affid, awcz7zip59818, Do karantény, [04e60bb3c4c6a294095d0758768f7c84]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 9
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer, Smazat při restartu, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player, Smazat při restartu, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\icons, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\web_player, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Local\FilesFrog Update Checker, Smazat při restartu, [32b8ebd39eec3cfa2208972bb25151af],
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker, Do karantény, [7476f5c9d7b3dd5958d3d4ee35ce6799],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService, Do karantény, [42a879451476e94d218d56817c8732ce],

Soubory: 28
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Local\FilesFrog Update Checker\update_checker.exe, Smazat při restartu, [bc2e9a246d1dc571a7a523029070b749],
Adware.InstallBrain, C:\$Recycle.Bin\S-1-5-21-3909078151-1644892357-517948218-1000\trzCF8E.tmp, Do karantény, [ffeb0ab483074ceaf36c8eb2e71a2bd5],
PUP.Optional.Somoto.A, C:\Users\Martin\AppData\Local\FilesFrog Update Checker\uninstall.exe, Do karantény, [c2287e40870370c6bcdce75c5ca57888],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\installer.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\common.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\Uninstall.exe, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe, Smazat při restartu, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\icons\main.ico, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\icons\shortcut.ico, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\icons\tray.ico, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\config.xml, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\default_config.json, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\main.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\stub.html, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\event_listener.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\initialize.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\io.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\json.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\jsonstorage.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\storage.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\utils.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\kango\xhr.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\web_player\initialize.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.WebPlayer.A, C:\Users\Martin\AppData\Local\WebPlayer\FLV Player\scripts\web_player\web_player.js, Do karantény, [23c7ac1290fa5ed82664180b58ac6a96],
PUP.Optional.SpeedAnalysis2.A, C:\Users\Martin\AppData\Roaming\speedanalysis.ico, Do karantény, [bd2d229cc0ca58de417c500b768f7987],
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk, Do karantény, [7476f5c9d7b3dd5958d3d4ee35ce6799],
PUP.Optional.FilesFrog.A, C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk, Do karantény, [7476f5c9d7b3dd5958d3d4ee35ce6799],
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService\repository.xml, Do karantény, [42a879451476e94d218d56817c8732ce],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jerabina]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

[martyxxx]

Info o chování Ntb vložím později až uvidím jak se chová při užívání.
Tady zatím logy.

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Martin on p  26.06.2015 at 21:43:34,43.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Martin\Desktop\Nová složka (2)\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

26.6.2015 21:46:43 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\FreeTime deleted successfully
C:\Users\Martin\AppData\Roaming\Nico Mak Computing deleted successfully
C:\Users\Martin\AppData\Roaming\Sony Setup deleted successfully
C:\Users\Martin\AppData\Local\GHISLER deleted successfully
C:\Users\Martin\AppData\Local\ms-drivers deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\w5727g75.default\prefs.js:

Added to C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\w5727g75.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\FreeTime not found
C:\found.000 deleted
C:\found.001 deleted
C:\Users\Martin\AppData\Roaming\pcouffin.log deleted
C:\Users\Martin\Desktop\FLV Player.lnk deleted
"C:\Users\Martin\AppData\Local\{B044BC35-B6B6-4EB4-A2EC-91D3F6B029EE}" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\w5727g75.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [01.11.2014 11:35]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype extension - %AppDir%\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\w5727g75.default
1959AF26718C63AA015D7C4F5C1F538B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll - Shockwave for Director / Shockwave for Director
701F455DE89E110EF05F0413D8E3A4D1 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll - Shockwave Flash
29607B0486C52CB45A5BBC47E3BE6CD2 - C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.130

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[01.11.2014 08:46]

Bookmark Manager - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

==== Chromium Startpages ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences
opes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"w","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072308384177214","lastpingday":"13076751593520271","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"cs","default_locale":"en","description":"Rychlý e-mail s možností vyhledávání a menším množstvím spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"username":""}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"B858F4B2EB917927F4EAEFE1CC12D7EF24CFF44D4116E20DC8544FF50C3E525C"},"default_search_provider":{"keyword":"C51CAC4ABC9080F1750E678BC266AEDF2C296C47C827B42D858C0E9D1514F11D","name":"41D15FD30EF9932BC6E21A6B1FF4AEFF4E8BDB232B51B616328F2210D622D6AA","search_url":"DC0E5AE678B8E0D98EA98A963B18CE36F2A224C8526E4B8C42E71C4B16DD9E4B"},"default_search_provider_data":{"template_url_data":"FE57D08A07365F4D6988E8755353B43260E69FC77B232F1E83F3A8982368DBC7"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"541817EB742839F7CB349AF19D2E99027343B78D3439B2AA5FF4C6384AFFAD9B","bepbmhgboaologfdajaanbcjmnhjmhfn":"AB0760F332F9FF17CFD705DB4D7128869D7D9D620593AFDDA71C3672B34E5645","blpcfgokakmgnkcojhhkbfbldkacnbeo":"F4715F378B7599A819BC91592873623D761E515899CF3C39C46DD995B7A55496","coobgpohoikkiipiblmjeljniedjpjpf":"50479C869F615B98489CCDC3F80EEF051FA2315D91A10806B961C9F541244342","eemcgdkfndhakfknompkggombfjjjeno":"6DF891DFD2A011FA1D5D0A4EBE798896BCE98FF2820FEDDAAF83EB6A592A44E5","ennkphjdgehloodpbhlhldgbnhmacadg":"0B5B3D5501A330BE577E72222BAF1A484AF459A4B3618E5BA03F26B12FACB401","gfdkimpbcpahaombhbimeihdjnejgicl":"C95F79F117BCF16BB2D3564B319DFBF309DF23E494E53ECB5F3D907BB8B8A1B3","gmlllbghnfkpflemihljekbapjopfjik":"86C2A422904135EE6ACFB5930F3B1AE3655CFBBCA16D98EBC093D40667D4723A","kmendfapggjehodndflmmgagdbamhnfd":"F0BDF3F8D0CF9F1B87ABF77ECB91895D6AE5CFAD53ED3D3138320AD83F0AD619","mfehgcgbbipciphmccgaenjidiccnmng":"82C82EE66D78FBC37A7676DD2908A64D3567B61E50F2CB5C82721241EB4738F8","mgndgikekgjfcpckkfioiadnlibdjbkf":"2FC4D8C9366FD4A271F1FF3D992C1B8B594E792728A157A067BD774D84BE2465","mhjfbmdgcfjbbpaeojofohoefgiehjai":"CC9CBF55AB948D1545641221C7FFA589D12D4A474D1533066FC02D58961DC8E6","neajdppkdcdipfabeoofebfddakdcjhd":"03A209911E4625BF6C56AD799B6CCF77443F9297505244FFC409BA6FC3F60301","nkeimhogjdpnpccoofpliimaahmaaome":"1A93726855E1E7A2F5B18EC365F934EEA5BBA5AADF3C327CA550226E153D9E54","nmmhkkegccagdldgiimedpiccmgmieda":"939FA31DD0581231B566515C21A95E4FEAFECEC77CE983F003F7E4AE5671A559","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"632C49CC14C7A1882B2B903E2812AE370D4C8DE38CE0BF39EFD59ECAC6668E4A","pjkljhegncpnkpknbcohdijeoejaedia":"9625BAE1EA520E72D3D28BE15175A33B3174D1BF34EF853743E98A0F6421EFEC"}},"google":{"services":{"last_username":"ACE8F0930DAACE3C905081A1A3249ED52886092CC82E7F6466C62FBF3EF1DD99","username":"7E65A144845DAEF2692CE952990F0DEA219CD3553C4498C45F7782B8239D28C7"}},"homepage":"56DE2638225222F473B4E97CF361B7114F40CAF69B71FCCE801756B90728AB1D","homepage_is_newtabpage":"2059DDA56C4F2F945FF1597F22DB86C1339074207F3A139D7EE716FD12ECEAD9","pinned_tabs":"DA817DB4DDF0CF4CE376A44E21E5737B08B89A23FBC2EBB7F4839A89FCDD8F66","prefs":{"preference_reset_time":"10CEB7242CA5941619DB7E9F7070B5F8246FA4BAA906D0A2FC2E1D65758003C4"},"profile":{"reset_prompt_memento":"7E5B340D3D2EEEB459610CAA86188B9195C1A4526895BECB52786A79304A52C7"},"safebrowsing":{"incidents_sent":"C7FB5D9CE95C3FADC1942814AC3AF861605A68ECFEF7231F15244C56563F25F1"},"search_provider_overrides":"A654B3F624BCEC95BE14C5A59F0C65583A96882A054AE3E5E8B8D2E4D8CA8C0D","session":{"restore_on_startup":"87BA4041A1659B06DAAAF44605534F6BC48A7E42823D3FE55F8CF339EE27C511","startup_urls":"568BAF35E522E7D079F7D37A39BDDFE876739BE2032674550AF0A7108A9EA2CD"},"software_reporter":{"prompt_reason":"43EC9E16F4880544E558636257EE9B2EC8B0B33E2E7D8740ED9A4BBC07113A32","prompt_seed":"89C76256F6D0CC5D92F61532606508215ACFD9030D92534149331C73F087B09D","prompt_version":"9206956052E7C0074C32624457F24E621552B142A377A11292F769A32CD29E54"},"sync":{"remaining_rollback_tries":"7E351EF1B9FAA1C88C96CAD605E8D0633F21A64E602B7022C3CF8E5B3362A40B"}},"super_mac":"9D3338FFF0B5A8F64CC12FEEAF9DF3810D1519D13D091421C1784BF13FE829A5"},"session":{"startup_urls":["http://www.google.com/"]},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Old Start Page"="http://www.msn.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Martin\AppData\Local\Mozilla\Firefox\Profiles\w5727g75.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1537 folders=472 7555332 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Martin\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Martin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on p  26.06.2015 at 22:28:46,48 ======================

RogueKiller V10.8.6.0 (x64) [Jun 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Martin [Práva správce]
Started from : C:\Users\Martin\Desktop\Nová složka (2)\RogueKillerX64.exe
Mód : Smazat -- Datum : 06/26/2015 21:39:59

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3909078151-1644892357-517948218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3909078151-1644892357-517948218-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\Hosts] 127.0.0.1 localhost -> Smazáno
[C:\Windows\System32\drivers\etc\Hosts] ::1 localhost -> Smazáno

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[FIREFX:Addon] w5727g75.default : Avast Online Security [wrc@avast.com] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKT-60V5T1 ATA Device +++++
--- User ---
[MBR] 50d6ba9f9107f17704b87d2b337c1970
[BSP] 47e89f753c98a817a79f412ee11869ba : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06262015_105132.log - RKreport_SCN_06262015_213641.log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:40:51, on 26.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

FIREFOX: 38.0.5 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
C:\Users\Martin\Desktop\Nová složka (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6956 bytes

[Orcus]

V HJT fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Dej vědět co problémy?