PC-HELP.CZ

Zdravím, mám tento istý problém + ako bonus, že mi síce nainštaluje Malwarebytes AM, ale nemozem ho spustiť, rovnako ako CCleaner, regedit, Hijack This takisto nejde spustit, ani ako správca ho nespustím. Po niekoľkých pokusoch sa spustil ADWCleaner, tu je z neho výpis.

# AdwCleaner v4.208 - Log vytvorený 03/08/2015 at 17:06:40
# Aktualizované 09/07/2015 by Xplode
# Databáza : 2015-08-01.1 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (x64)
# Uživateľské meno : xxx - HUNCUT99
# Spustené z : D:\adwcleaner_4.208 (1).exe
# Nastavenia : Čistenie

***** [ Služby ] *****


***** [ Súbory / Priečinky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupcovia ] *****


***** [ Registre ] *****

Kľúč registra Zmazané : HKCU\Software\Conduit

***** [ Webové prehliadače ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Google Chrome v44.0.2403.125


-\\ Opera v30.0.1835.125


*************************

AdwCleaner[R0].txt - [894 bajtov] - [03/08/2015 17:05:58]
AdwCleaner[S0].txt - [762 bajtov] - [03/08/2015 17:06:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [821 bajtov] ##########

Vlož log z HJT:
viewtopic.php?f=70&t=5119

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

MbAM zkus spustit v nouz. režimu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by xxx on st 05. 08. 2015 at 6:34:51,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cmd
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin



~~~ Chrome


[C:\Users\xxx\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\xxx\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\xxx\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\xxx\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 05. 08. 2015 at 6:37:49,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : xxx [Práva správce]
Started from : D:\RogueKillerX64.exe
Mód : Prohledat -- Datum : 08/05/2015 06:51:52

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bandicam.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ssl.bandisoft.com

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-00BN5A0 SCSI Disk Device +++++
--- User ---
[MBR] ea47143793b9fd05065be7a797635bbb
[BSP] 793bbd9016ca03df1fd1bf520c315738 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 149900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307202048 | Size: 803867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Vlož log z HJT:
viewtopic.php?f=70&t=5119

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:


klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Po použití Zoek.exe už funguje aj Ccleaner aj Regedit, Opera sa už sama neotvára, žiadna ruska stranka sa neukazuje. combofix som nespustal, mam ho aj napriek tomu spustit?


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by xxx on st 05. 08. 2015 at 17:36:26,76.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\xxx\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

5. 8. 2015 17:36:49 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\GUM2AD9.tmp deleted successfully
C:\PROGRA~2\Ubisoft deleted successfully
C:\Users\xxx\AppData\Local\Avg deleted successfully
C:\Users\xxx\AppData\Local\GHISLER deleted successfully
C:\Users\xxx\AppData\Local\Ubisoft Game Launcher deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUM2AD9.tmp not found
C:\PROGRA~2\Ubisoft not found
C:\install.exe deleted
C:\Users\xxx\AppData\Roaming\GPU MeterV2_Settings.ini deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\xxx\AppData\Local\LumaEmu" deleted

==== Chromium Look ======================

Music Box - xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaddliknddhjhjcofimffekgonpkom

==== Chromium Startpages ======================

C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences
\":\"53\",\"width_microns\":235400},{\"custom_display_name\":\"Super A\",\"height_microns\":356000,\"name\":\"NA_SUPER_A\",\"vendor_id\":\"57\",\"width_microns\":227000},{\"custom_display_name\":\"Super B\",\"height_microns\":487000,\"name\":\"NA_B_PLUS\",\"vendor_id\":\"58\",\"width_microns\":305000},{\"custom_display_name\":\"List Plus\",\"height_microns\":322300,\"name\":\"NA_LETTER_PLUS\",\"vendor_id\":\"59\",\"width_microns\":215900},{\"custom_display_name\":\"A4 Plus\",\"height_microns\":330000,\"name\":\"OM_FOLIO\",\"vendor_id\":\"60\",\"width_microns\":210000},{\"custom_display_name\":\"A3 Extra\",\"height_microns\":445000,\"name\":\"ISO_A3_EXTRA\",\"vendor_id\":\"63\",\"width_microns\":322000},{\"custom_display_name\":\"A5 Extra\",\"height_microns\":235000,\"name\":\"ISO_A5_EXTRA\",\"vendor_id\":\"64\",\"width_microns\":174000},{\"custom_display_name\":\"B5 (ISO) Extra\",\"height_microns\":276000,\"name\":\"ISO_B5_EXTRA\",\"vendor_id\":\"65\",\"width_microns\":201000},{\"custom_display_name\":\"A2\",\"height_microns\":594000,\"name\":\"ISO_A2\",\"vendor_id\":\"66\",\"width_microns\":420000},{\"custom_display_name\":\"Japonská pohľadnica (dvojnásobn\",\"height_microns\":200000,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"69\",\"width_microns\":148000},{\"custom_display_name\":\"A6\",\"height_microns\":148000,\"name\":\"ISO_A6\",\"vendor_id\":\"70\",\"width_microns\":105000},{\"custom_display_name\":\"Japonská obálka kaku č. 2\",\"height_microns\":332000,\"name\":\"JPN_KAKU2\",\"vendor_id\":\"71\",\"width_microns\":240000},{\"custom_display_name\":\"Japonská obálka kaku č. 3\",\"height_microns\":277000,\"vendor_id\":\"72\",\"width_microns\":216000},{\"custom_display_name\":\"Japonská obálka čou č. 3\",\"height_microns\":235000,\"name\":\"JPN_CHOU3\",\"vendor_id\":\"73\",\"width_microns\":120000},{\"custom_display_name\":\"Japonská obálka čou č. 4\",\"height_microns\":205000,\"name\":\"JPN_CHOU4\",\"vendor_id\":\"74\",\"width_microns\":90000},{\"custom_display_name\":\"B6 (JIS)\",\"height_microns\":182000,\"name\":\"JIS_B6\",\"vendor_id\":\"88\",\"width_microns\":128000},{\"custom_display_name\":\"12x11\",\"height_microns\":304900,\"name\":\"NA_11X12\",\"vendor_id\":\"90\",\"width_microns\":279500},{\"custom_display_name\":\"Japonská obálka you č. 4\",\"height_microns\":235000,\"name\":\"JPN_YOU4\",\"vendor_id\":\"91\",\"width_microns\":105000},{\"custom_display_name\":\"ČĽR Obálka č. 1\",\"height_microns\":165000,\"name\":\"PRC_1\",\"vendor_id\":\"96\",\"width_microns\":102000},{\"custom_display_name\":\"ČĽR Obálka č. 4\",\"height_microns\":208000,\"name\":\"PRC_4\",\"vendor_id\":\"99\",\"width_microns\":110000},{\"custom_display_name\":\"ČĽR Obálka č. 6\",\"height_microns\":230000,\"name\":\"PRC_6\",\"vendor_id\":\"101\",\"width_microns\":120000},{\"custom_display_name\":\"ČĽR Obálka č. 7\",\"height_microns\":230000,\"name\":\"PRC_7\",\"vendor_id\":\"102\",\"width_microns\":160000},{\"custom_display_name\":\"ČĽR Obálka č. 8\",\"height_microns\":309000,\"name\":\"PRC_8\",\"vendor_id\":\"103\",\"width_microns\":120000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"Microsoft XPS Document Writer\",\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000}}"}},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]hudba.zoznam.sk,*":{"setting":1},"[*.]vas.cas.sk,*":{"setting":1},"[*.]www.cas.sk,*":{"setting":1},"[*.]www.topky.sk,*":{"setting":1},"[*.]www.topserialy.sk,*":{"setting":1},"http://fotbal.idnes.cz:80,http://fotbal.idnes.cz:80":{"setting":1},"https://[*.]www.facebook.com:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1},"https://openload.io:443,http://www.teevee.sk:80":{"setting":1},"https://openload.io:443,http://www.topserialy.sk:80":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]hudba.zoznam.sk,*":{"fullscreen":1},"[*.]vas.cas.sk,*":{"fullscreen":1},"[*.]www.cas.sk,*":{"fullscreen":1},"[*.]www.topky.sk,*":{"fullscreen":1},"[*.]www.topserialy.sk,*":{"fullscreen":1},"http://fotbal.idnes.cz:80,http://fotbal.idnes.cz:80":{"fullscreen":1},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://openload.io:443,http://www.teevee.sk:80":{"fullscreen":1},"https://openload.io:443,http://www.topserialy.sk:80":{"fullscreen":1}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"is_managed":false,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Prvý používateľ","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\xxx\\Downloads"},"selectfile":{"last_directory":"C:\\Users\\xxx\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13070218867837012"},"sync":{"suppress_start":true},"translate_accepted_count":{"en":0},"translate_blocked_languages":["cs","sk"],"translate_denied_count":{"en":2},"translate_denied_count_for_language":{"en":2},"translate_last_denied_time":1425757000000,"translate_last_denied_time_for_language":{"en":1438540020349.302},"translate_too_often_denied":true,"translate_too_often_denied_for_language":{"en":true},"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
gjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["alarms","desktopCapture","processes","webConnectable","webrtcAudioPrivate","webrtcLoggingPrivate","system.cpu"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13070218869190486","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":["https://*.google.com/hangouts*","*://localhost/*"]},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Google+ Hangouts","permissions":["alarms","desktopCapture","processes","system.cpu","webrtcAudioPrivate","webrtcLoggingPrivate"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\41.0.2272.76\\resources\\hangout_services","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13082497942880342","lastpingday":"13082972400963383","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"sk","default_locale":"en","description":"Platby Internetového obchodu Chrome","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Platby Internetového obchodu Chrome","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.2.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.2.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"prefs":{"preference_reset_time":"13070218867239891"},"protection":{"macs":{"browser":{"show_home_button":"C37341DFC1BB6C53CEC2817F16EB990E299646FC9D120644518A6528D4976DA0"},"default_search_provider":{"keyword":"832820B11D81818FAB071388DD0D988CE70254946430B3820157A081C1CE1FB8","name":"A855218C65D40720DB4EC802A1CA6A4D586DCBA9B8BA397CAA3E4D537BC2184D","search_url":"E3BD3E07A4A5E761CE860F496F7C1E32D829336F105EF69635E84D3C4FC15E93"},"default_search_provider_data":{"template_url_data":"F2B54B2E48F7DBF21C3AF3895C19A1B80BD298EED68B44A8B69F224304DB6036"},"extensions":{"settings":{"aaaaddliknddhjhjcofimffekgonpkom":"D2800714E96447D31787AAAC40442B80B0229049C792A23337B333AE1920D7BE","ahfgeienlihckogmohjhadlkjgocpleb":"13D4402D94AE6D49468A6A1C4DA1039B73901F68D20E6C174A87844C724A39A6","bepbmhgboaologfdajaanbcjmnhjmhfn":"BB48D2B052C170C26DB26CB4EB716D25311A317288D6E8B4C1D2DB35F908BBDB","eemcgdkfndhakfknompkggombfjjjeno":"EE9097A1938C79E81FE0ACD9E3E64E8375EDCF617A3225A6539772C132C8CD21","ennkphjdgehloodpbhlhldgbnhmacadg":"D631BC40084D93F10FB2D0837790BCA4FBACD21EDB93928DB2B78D7291325E13","gfdkimpbcpahaombhbimeihdjnejgicl":"2D1201A3D2369D63E9F0E6683F2023D0D94D2EE7E6762EC2BEA585FEDA24ED3B","kmendfapggjehodndflmmgagdbamhnfd":"D933D7A235D8DF1F491454C52F192CC142C183A3AEFBD61FA827410D919B9415","mfehgcgbbipciphmccgaenjidiccnmng":"22BB56451F27FD1796E9FB6D34D2613E38621858B38EDEAAB1FDF9B7E28D4CE8","mgndgikekgjfcpckkfioiadnlibdjbkf":"F70C3763B9484003EF7967557AAF6EEC4D14453A41B2A32C865E99A6C8F48F85","mhjfbmdgcfjbbpaeojofohoefgiehjai":"DD56A06527F6C3032B1743B72C275979E4447B76B151924B57D7274C4ADBB156","neajdppkdcdipfabeoofebfddakdcjhd":"C0904A62EC3C8CB628E20CEAF9999B0CB5AB2E63B6640C4467C1D338F757042E","nkeimhogjdpnpccoofpliimaahmaaome":"75C967ED1ED2950E5A5AD50E4036E06B15786F55E90A3C9626F141C29AD8B38D","nmmhkkegccagdldgiimedpiccmgmieda":"4D41CE70F93BE5237B7D7260691ADD959B45D099C33EF9DF014A16D748D84600"}},"google":{"services":{"account_id":"A42C1F268841266212F39DF77C509F70BC77D2D77A643E292739ED3FCC715C93","last_username":"E75359B07D033C0077DF03E741BB711C80F5FC322F0A233AE4355C542E33299D","username":"F4FBE464A6E6FAE128CCCB190157E00AAE031E909EF8E68D54C6BA427CE971E7"}},"homepage":"CD0BA81893AB9B32023FD7093F17E29059B4D9B773AC6A31DF4CAD3F507E3970","homepage_is_newtabpage":"168562FAC86DF8A4C643550239BAC2408264AF1CF859063FE60B729A5EBEE322","pinned_tabs":"2310E6101790F07C53C6FAF0B0B808B4CE899E40424EE8217FABF8B66747311A","prefs":{"preference_reset_time":"D917B53E8E38C48604F5DDF0848A2D0FC85FCD59D9742EFF0AFF7135A8E8BCF9"},"profile":{"reset_prompt_memento":"FB689D73614F1BC24DA2D69BBDBF01CBA490CF136BF2383DAB29869329D0A836"},"safebrowsing":{"incidents_sent":"D7EBAF0B544E50505964CF56CB27A8EBD305F45AC45CC343AEF96FAD84E36104"},"search_provider_overrides":"E1B4BE1BA6179A763EC6B054B0BD5C128BB1C9E86464623F5362C09F034647D2","session":{"restore_on_startup":"5D576C18054B402EDA2EB498301C0FB63FDC9528B2375D513471DE5CDA0FC535","startup_urls":"E7FAA5E81A63CFA9129EF31960CA33F2EDAE3347A512D7363BDA38265F420CAF"},"software_reporter":{"prompt_reason":"2F9A0FE32DAF05F76B5BF3E77FDE4A535087445B8C32DB9027855F5B035B3B07","prompt_seed":"559A72AE9FF6F6529E079677CCE103DE65CAFC9F81230C8E310B134513E2074A","prompt_version":"9A4C70A56E0E063E8F9C8BBE01D863293CE0D9A53B1517F77B9BDDB83283B86C"},"sync":{"remaining_rollback_tries":"6014DB86E7CBDD7E12187536E8257F56C6116C45B28DE4A5AD75863A1BABFC69"}},"super_mac":"8D6BE46979DD79F05ADD6F9BEBC7E28C6BE36471BC0DE357333C4B579746B392"},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.com/"]}}

C:\Users\xxx\AppData\Roaming\Opera Software\Opera Stable\Preferences
5741545,"www.svetkuriozit.sk":1.2239010857415449,"www.vedelisteze.sk":1.2239010857415449,"www.videacesky.cz":1.2239010857415449}}},"plugins":{"plugins_list":[]},"profile":{"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"https://[*.]www.facebook.com:443,https://[*.]www.facebook.com:443":{"setting":[1,1431968000.0]},"https://www.facebook.com:443,*":{"last_used":1438620537.401773}},"media_stream_mic":{"https://[*.]www.facebook.com:443,https://[*.]www.facebook.com:443":{"setting":[1,1431968000.0]},"https://www.facebook.com:443,*":{"last_used":1438620537.401754}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{"http://cm-eu.wargaming.net:80,*":{"setting":[2,1437775347.119519]}},"plugins":{},"popups":{"https://www.telekom.sk,*":{"setting":[1,1430226000.0]}},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"https://[*.]www.facebook.com:443,https://[*.]www.facebook.com:443":{"media-stream-camera":[1,1431968000.0],"media-stream-mic":[1,1431968000.0]},"https://www.telekom.sk,*":{"popups":[1,1430226000.0]}},"pref_version":1},"created_by_version":"27.0.1689.76","creation_timestamp":"13070016724949620","default_content_settings":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true},"quick_access_bar":{"visible":true},"savefile":{"default_directory":"C:\\Users\\xxx\\Desktop"},"selectfile":{"last_directory":"C:\\Users\\Public\\Pictures\\Duchonka TBOQQ 2015"},"session":{"restore_on_startup":4,"startup_urls":["http://www.azet.sk/"],"urls_signature":"LjyXmlmXovDv8qHCYEIMU7Yb0itPPWrLsnqYfEz2O7+3oAur5B9BCu9LxPtt3P8k"},"speeddial":{"bookmarks_folder_guid":"98CC57C3-16C5-43AC-B352-76B6BD981EF6","imported_to_bookmarks":true},"startpage":{"is_experimental_start_page_prompt_dismissed":false},"sync":{"login_screen_reminder":1},"turbo":{"client_id":"7aa3814f7e16e14c46b2a5b303ac0ae2d5e44891dc55f25dcce1f70d2f42ba15"},"ui":{"show_tab_preview":false,"tab_menu":{"enabled":true,"has_been_shown":true}}}


==== Set IE to Default ======================

Old Values:

New Values:

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== Reset Google Chrome ======================

C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\xxx\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\xxx\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\xxx\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwcleaner_4.207.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwcleaner_4.208.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AnVir.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoLogger.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner64.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRST.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRST64.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HiJackThis.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegWorks.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSIT.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSITx64.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\xxx\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=23 folders=19 17948397 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\xxx\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\xxx\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on st 05. 08. 2015 at 17:50:15,24 ======================

Ano, udělej i ComboFix pro jistotu