kontrola logu po viru baidu Vyřešeno

[shearer79]

Dobrý den,
prosím o kontrolu notebooku, stáhl se mi vir baidu, nějak se mi ho podařilo odstranit, ale stále zpomalený,
Jaký log je potřeba zaslat?
Předem děkuji

[Reklama]

[jaro3]

Vlož log z HJT:
viewtopic.php?f=70&t=5119

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[shearer79]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:21:48, on 28.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\iolo\System Mechanic\SMTrayNotify.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\KAJA\Downloads\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\KAJA\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BDKVRTP Service (BDKVRTP) - Unknown owner - C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe (file missing)
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 5874 bytes

[shearer79]

log adwcleaner
po vymazání a novém spuštění opět najde stejné soubory baidu

AdwCleaner v4.207 - Log vytvořen 28/06/2015 v 23:37:40
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-06-23.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x64)
# Uživatelské jméno : KAJA - KAJA-PC
# Spuštěno z : C:\Users\KAJA\Desktop\AdwCleaner.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : BDMWrench_x64

***** [ Soubory / Složky ] *****

Soubor Smazáno : C:\Windows\System32\drivers\BDDefense.sys
Soubor Smazáno : C:\Windows\System32\drivers\bd0001.sys
Soubor Smazáno : C:\Windows\System32\drivers\bd0002.sys
Soubor Smazáno : C:\Windows\System32\drivers\bd0003.sys
Soubor Smazáno : C:\Windows\System32\drivers\BDArKit.SYS
Soubor Smazáno : C:\Windows\System32\drivers\BDMWrench_x64.sys

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [3531 bytů] - [07/02/2015 10:22:19]
AdwCleaner[R1].txt - [8434 bytů] - [21/06/2015 21:02:48]
AdwCleaner[R2].txt - [2256 bytů] - [21/06/2015 22:11:41]
AdwCleaner[R3].txt - [1752 bytů] - [21/06/2015 22:35:59]
AdwCleaner[R4].txt - [2464 bytů] - [22/06/2015 04:08:18]
AdwCleaner[R5].txt - [1893 bytů] - [22/06/2015 19:01:59]
AdwCleaner[R6].txt - [1956 bytů] - [23/06/2015 18:31:18]
AdwCleaner[R7].txt - [2065 bytů] - [28/06/2015 23:35:17]
AdwCleaner[S0].txt - [4057 bytů] - [07/02/2015 12:20:03]
AdwCleaner[S1].txt - [7667 bytů] - [21/06/2015 21:18:21]
AdwCleaner[S2].txt - [2122 bytů] - [21/06/2015 22:28:23]
AdwCleaner[S3].txt - [1708 bytů] - [21/06/2015 22:42:10]
AdwCleaner[S4].txt - [2360 bytů] - [22/06/2015 09:26:41]
AdwCleaner[S5].txt - [1850 bytů] - [22/06/2015 20:34:49]
AdwCleaner[S6].txt - [1907 bytů] - [23/06/2015 19:44:10]
AdwCleaner[S7].txt - [1879 bytů] - [28/06/2015 23:37:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1937 bytů] ##########

[shearer79]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 28.6.2015
Čas skenování: 23:49:15
Protokol: mam.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.28.04
Databáze rootkitů: v2015.06.26.01
Licence: Premium
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: KAJA

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 380321
Uplynulý čas: 1 hod, 3 min, 16 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jaro3]

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

[shearer79]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.1 (06.28.2015:2)
OS: Windows 7 Professional x64
Ran by KAJA on po 29.06.2015 at 23:54:33,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to delete: [Service] baiduhips
Failed to delete: [Service] bd0001
Failed to delete: [Service] bd0002
Failed to delete: [Service] bdkvrtp
Failed to delete: [Service] bdmwrench_x64
Failed to delete: [Service] bdsandbox
Successfully deleted: [Service] tsskx64



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\system32\drivers\taoaccelerator64.sys
Successfully deleted: [File] C:\Windows\system32\drivers\taokernel64.sys
Successfully deleted: [File] C:\Windows\system32\drivers\tfsfltx64.sys



~~~ Folders



~~~ Chrome


[C:\Users\KAJA\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\KAJA\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\KAJA\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\KAJA\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on út 30.06.2015 at 0:16:13,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[shearer79]

RogueKiller V10.8.7.0 (x64) [Jun 29 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : KAJA [Práva správce]
Started from : C:\Users\KAJA\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 06/30/2015 00:37:27

¤¤¤ Procesy : 26 ¤¤¤
[Proc.Injected] smss.exe(344) -- C:\Windows\System32\smss.exe[x] -> [NoKill]
[Proc.Injected] csrss.exe(448) -- C:\Windows\System32\csrss.exe[x] -> [NoKill]
[Proc.Injected] wininit.exe(500) -- C:\Windows\System32\wininit.exe[x] -> [NoKill]
[Proc.Injected] csrss.exe(512) -- C:\Windows\System32\csrss.exe[x] -> [NoKill]
[Proc.Injected] winlogon.exe(568) -- C:\Windows\System32\winlogon.exe[x] -> [NoKill]
[Proc.Injected] services.exe(604) -- C:\Windows\System32\services.exe[x] -> [NoKill]
[Proc.Injected] lsass.exe(620) -- C:\Windows\System32\lsass.exe[x] -> [NoKill]
[Proc.Injected] lsm.exe(628) -- C:\Windows\System32\lsm.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(736) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(812) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] MsMpEng.exe(860) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe[7] -> Zastaveno [TermThr]
[Proc.Injected] svchost.exe(992) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(416) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(452) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(676) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(1196) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] dwm.exe(1364) -- C:\Windows\System32\dwm.exe[x] -> [NoKill]
[Proc.Injected] explorer.exe(1380) -- C:\Windows\explorer.exe[7] -> Zastaveno [TermProc]
[Proc.Injected] svchost.exe(1460) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(1292) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(1808) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] svchost.exe(2292) -- C:\Windows\System32\svchost.exe[x] -> [NoKill]
[Proc.Injected] TrustedInstaller.exe(1564) -- C:\Windows\servicing\TrustedInstaller.exe[7] -> Zastaveno [TermProc]
[Proc.Injected] spoolsv.exe(2120) -- C:\Windows\System32\spoolsv.exe[x] -> [NoKill]
[Proc.Injected] wuauclt.exe(5076) -- C:\Windows\System32\wuauclt.exe[7] -> Zastaveno [TermProc]
[Proc.Injected] dllhost.exe(4216) -- C:\Windows\System32\dllhost.exe[7] -> Zastaveno [TermProc]

¤¤¤ Registry : 20 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BDKVRTP ("C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe" -r) -> Nalezeno
[PUP|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Live Malware Protection (C:\Windows\mlwps.exe) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BDKVRTP ("C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe" -r) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BDKVRTP ("C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe" -r) -> Nalezeno
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{67FD0E4B-25EA-428A-BDA5-C35A2C867BD1} | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][-] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{CD1E0146-513D-4B4F-82E0-20DCCD4C516D} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3987399166-679275742-319485661-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 910021828ca74b5f397a84def8ec3525
[BSP] 87b1c455795cf148ceb5af642eb58b8c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 304842 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[shearer79]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by KAJA on út 30.06.2015 at 0:41:07,54.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\KAJA\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

30.6.2015 0:43:44 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\07ec9398-53b1-4f44-91cf-e27b9b1ab977 deleted successfully
C:\PROGRA~2\3d57b5e2-70a3-41a9-83f5-e6248cbc9b55 deleted successfully
C:\PROGRA~2\f3af8154-34e5-4ea8-b899-a5811b3c76cf deleted successfully
C:\PROGRA~2\Lingea deleted successfully
C:\PROGRA~2\Seznam.cz deleted successfully
C:\PROGRA~2\Softland deleted successfully
C:\Program Files\office.tmp deleted successfully
C:\PROGRA~3\ioloGovernor deleted successfully
C:\PROGRA~3\Kaspersky Lab deleted successfully
C:\Users\KAJA\AppData\Roaming\Smart PC Solutions deleted successfully
C:\Users\KAJA\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\07ec9398-53b1-4f44-91cf-e27b9b1ab977 not found
C:\PROGRA~2\3d57b5e2-70a3-41a9-83f5-e6248cbc9b55 not found
C:\PROGRA~2\f3af8154-34e5-4ea8-b899-a5811b3c76cf not found
C:\PROGRA~2\Lingea not found
C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~2\Softland not found
C:\PROGRA~2\revouninstaller deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\KAJA\AppData\Local\{92CCA7C6-43F6-47EF-85C2-39315782ACEA}" deleted
"C:\Users\KAJA\AppData\Local\{EB5AC34B-F121-4953-A64F-66A49259D061}" deleted

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.130



==== Chromium Startpages ======================

C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Preferences
:true},"www.googletagmanager.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":32039}},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":29618},"supports_spdy":true},"www.googletagservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":23046}},"www.gstatic.com:443":{"network_stats":{"srtt":18521},"supports_spdy":true},"www.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":15500}},"www.kupi.cz:443":{"supports_spdy":true},"www.slevomat.cz:443":{"supports_spdy":true},"www.tumblr.com:443":{"supports_spdy":true},"www.virustotal.com:443":{"supports_spdy":true},"www.youtube-nocookie.com:443":{"network_stats":{"srtt":13385},"supports_spdy":true},"www.youtube.com:443":{"network_stats":{"srtt":16191},"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":17716}},"xhamster.com:443":{"supports_spdy":true},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":190519},"supports_spdy":true}},"supports_quic":{"address":"192.168.100.2","used_quic":true},"version":3}},"ntp":{"app_page_names":["Aplikace"]},"partition":{"per_host_zoom_levels":{"2166136261":{"eu1.badoo.com":0.5227586988632231,"my-amateur-cumshots.com":-0.5778829311823857,"onlinefilmyzdarma.eu":-0.5778829311823857,"otomoto.cz":0.5227586988632231,"search.seznam.cz":-0.5778829311823857,"spojeni.dpp.cz":0.5227586988632231,"www.bigasoft.com":0.5227586988632231,"www.caraplasma.cz":0.5227586988632231,"www.centrio.cz":0.5227586988632231,"www.lide.cz":-0.5778829311823857,"www.securitas.com":0.5227586988632231,"www.vodafone.cz":-0.5778829311823857}}},"password_bubble":{"nopes":1},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true,"show_details":true},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{"[*.]isearch.omiga-plus.com,*":{"setting":4},"[*.]omiga-plus.com,*":{"setting":2}},"fullscreen":{"[*.]exashare.com,*":{"setting":1},"[*.]stream-a-ams1xx2sfcdnvideo5269.cz,*":{"setting":1},"[*.]www.milujemefilmy.eu,*":{"setting":1},"[*.]www.milujemeserialy.eu,*":{"setting":1},"https://openload.io:443,http://www.milujemefilmy.eu:80":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"*,*":{"per_resource":{"adobe-flash-player":1}}},"popups":{"[*.]www.shell.cz,*":{"setting":1}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"*,*":{"per_plugin":{"adobe-flash-player":1}},"[*.]exashare.com,*":{"fullscreen":1},"[*.]isearch.omiga-plus.com,*":{"cookies":4},"[*.]omiga-plus.com,*":{"cookies":2},"[*.]stream-a-ams1xx2sfcdnvideo5269.cz,*":{"fullscreen":1},"[*.]www.milujemefilmy.eu,*":{"fullscreen":1},"[*.]www.milujemeserialy.eu,*":{"fullscreen":1},"[*.]www.shell.cz,*":{"popups":1},"https://openload.io:443,http://www.milujemefilmy.eu:80":{"fullscreen":1}},"plugin_whitelist":{"adobe-flash-player":true},"pref_version":1},"default_content_settings":{},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"První uživatel","per_host_zoom_levels":{}},"protection":{"macs":{"extensions":null}},"savefile":{"default_directory":"C:\\Users\\KAJA\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\KAJA\\Dropbox\\Camera Uploads\\Já"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13061934202839591"},"translate_accepted_count":{"en":18,"pl":1},"translate_blocked_languages":["cs"],"translate_denied_count":{"en":0,"pl":0},"translate_last_denied_time":1.417463e+12,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
n0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\36.0.1985.125\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072141473497803","lastpingday":"13079948398785405","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"cs","default_locale":"en","description":"Rychlý e-mail s možností vyhledávání a menším množstvím spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"homepage":"http://google.cz/","homepage_changed":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"32DB98A0B6A2301F2BB751E289EF7DF62330A3EE81D549916D43B561C07D148E"},"default_search_provider":{"keyword":"5507AE018AA6779369D70F39792401BC935E3E20761CF4B230D68096BD148581","name":"2815C3EF9D9755A35F1CEEC67C19A15C94C77CA2E469B1E2E921A5B434B0BA82","search_url":"75D739EAC2034313AA7947BC11BBE3BFA3D71BEFA1F9E3DDB95A423BDB8D8441"},"default_search_provider_data":{"template_url_data":"2120F1AAF47B59A841C93B05573B10C4F805ED71CED0A1E366463C3AE1307A34"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"A55946E957441F7A7C56AD3E8922CB5F376FC732BE9C44259BC91B12E2BB6E6D","aohghmighlieiainnegkcijnfilokake":"D015D95E33D3DD930F81BE02BCC73727B605ED64D0EAB678A1A61FDBF68685A2","apdfllckaahabafndbhieahigkjlhalf":"9A9B876EBC6C41413CC5441BA058DF60725D10477CD83118D7C27341928A1A06","bepbmhgboaologfdajaanbcjmnhjmhfn":"9B69B244756D412826356BBC8A2EFA3004433A76DB51FC7BE7834CC5D00CF02E","bfaohpmjmhdgnjblojekjlnadhehiadj":"62F5062CF6B215A1B4A814D6AF6220489366A77BB3668A10FFF64B9FF05DA1E0","blpcfgokakmgnkcojhhkbfbldkacnbeo":"5CFEBB45D826C69E8A5560DAE9291225831C2EAC969B07DC3E15099C8DD62C32","coobgpohoikkiipiblmjeljniedjpjpf":"D10CD0EB9D59A928E1182DB6B4B950B7F3E6D607B1800DAC5DB3C9BEF7CDCF74","eemcgdkfndhakfknompkggombfjjjeno":"E82F0FD3FCE941B18DA294D9A83CDCF226465120280D0B955EFFFB0F8E3D7B7A","ennkphjdgehloodpbhlhldgbnhmacadg":"1A0C74B6F20ECCAC36C3057E6F0C97D822A2A0A3FCC50E6EB8445DFF134D28C2","fkepacicchenbjecpbpbclokcabebhah":"162CA1B451AB734D7D04F7F38BD613757A63024737D11A1B273951DD208A9D22","gfdkimpbcpahaombhbimeihdjnejgicl":"89DF208DE6C5706B6C4C1F5FB28106BEE1F8C2E1FE926CC1676FDBBA9A9763FD","kmendfapggjehodndflmmgagdbamhnfd":"EAFF051245903DB64F7C99CEFB28D0E29003DD5AC2E9E7C91608D07DCBBA9D8A","knebimhcckndhiglamoabbnifdkijidd":"2D84234EEDE82667A7D764DB041453C2F98EAD8322BAF31E57512A3809C9028F","mfehgcgbbipciphmccgaenjidiccnmng":"DDF5D44BB78C441628A4FA10CF5D707DC5CC95B1C5D6CC9D7A82FEB980AE274A","mfffpogegjflfpflabcdkioaeobkgjik":"A8C32049F07671C86D1309F617DB10D92E545C5164819150C3939CA4AB7C6955","mgndgikekgjfcpckkfioiadnlibdjbkf":"901FBE3F8583B5CEC9BF1DE4218AB8BECB24D0C1A331BBD58D52DD5B183B5427","mhjfbmdgcfjbbpaeojofohoefgiehjai":"B06362F42EA7D86A91CA1C29B5CB4D39F5D9DBA56BF0300A37CB370DF9E02AE8","neajdppkdcdipfabeoofebfddakdcjhd":"77857848CFD6B3BEA8B4594BDD1E6407D067A4A2F6E4EBB6E33FF1CB59268489","nkeimhogjdpnpccoofpliimaahmaaome":"70EC044F58715D48FD4D52BDA329D9B863630D3F1EBA28E693D7D1F7219575CB","nmmhkkegccagdldgiimedpiccmgmieda":"46383BFDD523C6A39000332DDA62DBB858EDE48A4E3EB41A2689A2FA19A18A2A","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"26B5DE8FA4152D699FE80E806D36C8748678D516634F8CC5326CDF23A3F825DE","pjkljhegncpnkpknbcohdijeoejaedia":"4224A7A37639ED5D6302950DF1C958FC5A4C2CD5F084D7B35E21F110335E7922"}},"google":{"services":{"last_username":"396B81800E4C39B273E8B6A46EB7069DB9059C39CE0F0F2697BE909D2E1BA6F1","username":"D6A149E903984BF6E6E4848A5F1E2124FA7AEC364F4BBECB860CA62B5D994FC1"}},"homepage":"51B8153C9F8543555A038D06614B2D610130723D4301EB2F241D947DE9D54932","homepage_is_newtabpage":"AE3EDE7A532C33718BFE1C17EA8027A7B1E214F2E9065867D6DD109AE027EDB4","pinned_tabs":"D1E7473AB4941DE3FFA1325CE81F52556AFF94C788882CBD700B693C00C30797","prefs":{"preference_reset_time":"3E4A328C3C4931FB2FD0AA0CA48F4CD6E718A2E95E0CA5D676E69A48961A0384"},"profile":{"reset_prompt_memento":"41A7972CA29A14FFA17203F2CAE22E0FB6FF504093F2AEDD1C2AC2DFCD1AF0B5"},"safebrowsing":{"incidents_sent":"03EEC8D29C846D73DCF45AE40BBA64FDD470CF14FFF0E1F3E5A4950E189BECF1"},"search_provider_overrides":"A7956B8525F5DB7B9CE1623D5BD5026B1CBAE3AD4D8F8D74A65E6813BF63F6F6","session":{"restore_on_startup":"0B3CDC34F72A3E202637D188D1722426E9214384BD87B7AD1C73535290EFDA54","startup_urls":"C5D217A823251376320B4ADB0A129599FC06DD3E1D653E206292C1B5CBBC92F7"},"software_reporter":{"prompt_reason":"097C5C9096626931C37FBE25842C5280D8A1755D3DA4BB556540C4D165FEB584","prompt_seed":"94FD7FAC3F5D0405D72E15DD4A21464266BF270491311C32D882A16C3100D6AD","prompt_version":"A2DE1999408A929650D5582A37E56E661AB61C005964DF3B7DC298195E8BDC95"},"sync":{"remaining_rollback_tries":"E6514946DC9BC552B459A044532DCD26270B7D261B89DC7BC6B20ECE1DCBC004"}},"super_mac":"4D660ECE2A4A9C79B021BE41AF1DD2D556DCF2A1A06F42FAEAEEF54B3E34FF91"},"session":{"restore_on_startup":4,"startup_urls":[]},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KAJA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\KAJA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Foundp

==== C:\zoek_backup content ======================

C:\zoek_backup (files=59 folders=4 6753902 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\KAJA\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\KAJA\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on út 30.06.2015 at 7:15:47,54 ======================

[jaro3]

stáhni SuperAntiSpyware
aktualizuj databázi , proveď sken a následně nákazy smaž

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[shearer79]

ComboFix 15-06-30.01 - KAJA 01.07.2015 0:01.3.1 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2937.1702 [GMT 2:00]
Spuštěný z: c:\users\KAJA\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-28 do 2015-06-30 )))))))))))))))))))))))))))))))
.
.
2015-06-30 22:12 . 2015-06-30 22:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-30 21:26 . 2015-06-30 21:26 -------- d-----w- c:\users\KAJA\AppData\Roaming\SUPERAntiSpyware.com
2015-06-30 21:24 . 2015-06-30 21:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-06-30 21:24 . 2015-06-30 21:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-06-30 05:19 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED0B0698-79DD-4120-9AD1-C5C42503397A}\mpengine.dll
2015-06-30 05:15 . 2015-06-30 05:15 -------- d-----w- c:\programdata\ioloGovernor
2015-06-29 23:24 . 2015-06-29 22:40 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-29 23:24 . 2015-06-30 22:15 -------- d-----w- c:\users\KAJA\AppData\Local\Temp
2015-06-29 22:40 . 2015-06-29 23:18 -------- d-----w- C:\zoek_backup
2015-06-29 22:20 . 2015-06-29 22:20 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-29 22:19 . 2015-06-29 22:47 -------- d-----w- c:\programdata\RogueKiller
2015-06-29 21:54 . 2015-06-29 21:54 -------- d-----w- C:\RegBackup
2015-06-28 13:42 . 2015-06-12 07:50 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-26 08:19 . 2015-06-26 08:19 -------- d-----w- c:\users\KAJA\AppData\Local\GWX
2015-06-23 15:11 . 2015-06-23 15:16 -------- d-s---w- c:\windows\system32\GWX
2015-06-23 15:11 . 2015-06-23 15:11 -------- d-s---w- c:\windows\SysWow64\GWX
2015-06-23 15:05 . 2015-06-23 15:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-06-23 09:03 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-23 09:03 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-23 08:04 . 2015-05-25 18:19 50176 ----a-w- c:\windows\system32\srclient.dll
2015-06-23 08:00 . 2015-05-23 03:15 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-06-23 07:57 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-06-23 07:57 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-06-23 07:56 . 2015-03-10 03:25 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-06-23 07:56 . 2015-03-10 03:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-06-23 07:56 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-06-23 07:56 . 2015-03-10 03:05 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-06-23 07:56 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2015-06-23 07:56 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys
2015-06-23 07:51 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-06-23 07:51 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-06-23 07:51 . 2015-04-20 02:11 3204608 ----a-w- c:\windows\system32\win32k.sys
2015-06-23 07:51 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-06-23 07:42 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-06-23 07:41 . 2015-04-29 18:22 14635008 ----a-w- c:\windows\system32\wmp.dll
2015-06-23 07:40 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-06-23 07:30 . 2015-06-23 07:30 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-23 07:30 . 2015-06-23 07:30 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 07:30 . 2015-06-23 07:30 -------- d-----w- c:\windows\SysWow64\Macromed
2015-06-23 07:30 . 2015-06-23 07:30 -------- d-----w- c:\windows\system32\Macromed
2015-06-23 07:20 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-06-23 07:20 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-06-23 07:20 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-06-23 07:20 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-06-23 07:20 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-06-21 16:53 . 2015-06-21 18:38 28984 ----a-w- c:\windows\SysWow64\drivers\TS888x64.sys
2015-06-21 09:01 . 2015-06-21 08:58 38200 ----a-w- c:\windows\system32\drivers\TSSKX64.sys
2015-06-21 08:36 . 2015-04-08 07:17 103240 ----a-w- c:\windows\system32\drivers\BDDefense.sys
2015-06-21 08:36 . 2015-04-08 07:17 196936 ----a-w- c:\windows\system32\drivers\bd0002.sys
2015-06-21 08:34 . 2015-04-08 07:17 56136 ----a-w- c:\windows\system32\drivers\BDMWrench_x64.sys
2015-06-21 08:32 . 2015-04-08 07:17 152392 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2015-06-21 08:32 . 2015-04-08 07:17 67400 ----a-w- c:\windows\system32\drivers\bd0003.sys
2015-06-20 08:12 . 2015-04-08 07:17 202576 ----a-w- c:\windows\system32\drivers\bd0001.sys
2015-06-20 08:12 . 2015-06-21 08:39 -------- d-----w- c:\program files (x86)\Common Files\Baidu
2015-06-20 08:02 . 2012-02-29 07:49 11888 ------w- c:\windows\system32\drivers\rsndisp.sys
2015-06-20 08:02 . 2015-03-11 05:00 71056 ------w- c:\windows\system32\drivers\rsutils.sys
2015-06-20 08:02 . 2015-02-11 05:00 121072 ------w- c:\windows\system32\drivers\sysmon.sys
2015-06-20 07:56 . 2015-06-20 08:05 -------- d-----w- c:\programdata\Rising
2015-06-17 18:31 . 2015-03-25 22:19 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBDF58D2-0EB0-4DCA-B860-C2A9E2FA9618}\gapaengine.dll
2015-06-16 21:36 . 2015-06-16 21:36 -------- d-----w- c:\users\KAJA\AppData\Local\Dropbox
2015-06-16 21:36 . 2015-06-16 21:36 -------- d-----w- c:\programdata\Dropbox
2015-06-02 21:52 . 2015-06-02 21:52 -------- d-----w- c:\users\KAJA\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-30 21:07 . 2014-07-23 20:59 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-23 15:04 . 2014-09-21 15:56 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-06-21 08:35 . 2015-02-27 15:40 73728 ----a-w- c:\windows\SysWow64\tasks.dll
2015-05-26 22:04 . 2014-07-23 20:19 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:19 . 2015-06-23 08:05 113664 ----a-w- c:\windows\system32\sechost.dll
2015-05-25 18:19 . 2015-06-23 08:05 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-25 18:01 . 2015-06-23 08:05 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-25 18:01 . 2015-06-23 08:05 92160 ----a-w- c:\windows\SysWow64\sechost.dll
2015-05-25 18:01 . 2015-06-23 08:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-05-04 11:24 . 2015-05-04 11:24 4097140 ----a-w- c:\windows\SysWow64\FotoMagica_FotoMagica_uninstaller.exe
2015-04-15 11:12 . 2015-04-15 11:12 138056 ----a-w- c:\windows\SysWow64\atl100.dll
2015-04-14 07:37 . 2014-07-23 20:58 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-07-23 20:58 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-07-23 20:58 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-12-14 21:36 233128 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-12-14 21:36 233128 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-12-14 21:36 233128 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\KAJA\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-16 134512]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-05-15 7799576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 BdSandBox;BdSandBox;c:\windows\system32\DRIVERS\BdSandBox.sys;c:\windows\SYSNATIVE\DRIVERS\BdSandBox.sys [x]
R2 BDKVRTP;BDKVRTP Service;c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe;c:\program files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BaiduHips;BaiduHips;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe;c:\program files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [x]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
R4 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
R4 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
S0 sysmon;sysmon;c:\windows\system32\DRIVERS\sysmon.sys;c:\windows\SYSNATIVE\DRIVERS\sysmon.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S1 BDMWrench_x64;BDMWrench_x64;c:\windows\system32\DRIVERS\BDMWrench_x64.sys;c:\windows\SYSNATIVE\DRIVERS\BDMWrench_x64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
S1 rsutils;rsutils;c:\windows\system32\DRIVERS\rsutils.sys;c:\windows\SYSNATIVE\DRIVERS\rsutils.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 BDDefense;BDDefense;c:\windows\system32\drivers\BDDefense.sys;c:\windows\SYSNATIVE\drivers\BDDefense.sys [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - SASDIFSV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-22 21:16 990024 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-06-30 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3987399166-679275742-319485661-1001Core.job
- c:\users\KAJA\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 21:35]
.
2015-06-30 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3987399166-679275742-319485661-1001UA.job
- c:\users\KAJA\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 21:35]
.
2015-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-21 19:09]
.
2015-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-21 19:09]
.
2015-06-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e25bec39-51d6-4b6c-9e15-8ee7ff465f58.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2015-06-30 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task eaebd0b4-966e-47c0-8998-765707a7c02c.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-12-14 21:37 260776 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-12-14 21:37 260776 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-12-14 21:37 260776 ----a-w- c:\users\KAJA\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-10 20:34 184856 ----a-w- c:\users\KAJA\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 1337000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-29 1794856]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mDefault_Search_URL = 00
mDefault_Page_URL = 00
mSearch Page = 00
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.100.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{B7667919-3765-4815-A66D-98A09BE662D6} - (no file)
AddRemove-FotoMagica_FotoMagica - c:\windows\system32\FotoMagica_FotoMagica_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2015-07-01 00:21:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-06-30 22:21
ComboFix2.txt 2014-12-28 18:10
ComboFix3.txt 2014-12-28 17:49
.
Před spuštěním: Volných bajtů: 132 746 379 264
Po spuštění: Volných bajtů: 132 333 219 840
.
- - End Of File - - 064FE781A166B64EFBCFCA4D2E6B48DD
A36C5E4F47E84449FF07ED3517B43A31

[jerabina]

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\SysWow64\FotoMagica_FotoMagica_uninstaller.exe
c:\windows\system32\drivers\rsndisp.sys
c:\windows\system32\drivers\rsutils.sys
c:\windows\system32\drivers\sysmon.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.


Odinstaluj vše od iolo: http://www.iolo.com/
A Rising Technology: http://beijing-rising-information-technology-co.software.informer.com/


Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::

Folder::
c:\programdata\RogueKiller
c:\program files (x86)\Common Files\Baidu
c:\program files (x86)\Baidu
c:\programdata\Rising

File::
c:\windows\system32\drivers\TSSKX64.sys
c:\windows\system32\drivers\BDDefense.sys
c:\windows\system32\drivers\bd0002.sys
c:\windows\system32\drivers\BDMWrench_x64.sys
c:\windows\system32\drivers\BDArKit.sys
c:\windows\system32\drivers\bd0003.sys
c:\windows\system32\drivers\bd0001.sys
c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3987399166-679275742-319485661-1001Core.job
c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3987399166-679275742-319485661-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e25bec39-51d6-4b6c-9e15-8ee7ff465f58.job
c:\windows\Tasks\SUPERAntiSpyware Scheduled Task eaebd0b4-966e-47c0-8998-765707a7c02c.job
c:\windows\system32\DRIVERS\BdSandBox.sys

Driver::
BdSandBox
BDKVRTP
BaiduHips
BDMWrench
BDDefense

DDS::
mDefault_Search_URL = 00
mDefault_Page_URL = 00
mSearch Page = 00

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"=-
"SUPERAntiSpyware"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť:

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu