Prosím o kontrolu logu z HJT

Příspěvekod **jaro3** » 06 zář 2014 09:53

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Reklama

JANíčOK · Příspěvekod **JANíčOK** » 06 zář 2014 11:33

RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : https://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Konštrukcia [Admin rights]
Mode : Remove -- Date : 09/06/2014 11:12:39

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 28 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> DELETED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> DELETED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> DELETED
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REPLACED (1)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REPLACED (1)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> REPLACED (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> REPLACED (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> REPLACED (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> REPLACED (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> REPLACED (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> REPLACED (http://go.microsoft.com/fwlink/?LinkId=54896)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 4 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> DELETED
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.2 facebook.com -> DELETED
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.3 https://www.facebook.com/ -> DELETED
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.3 https://www.facebook.com/ -> DELETED

¤¤¤ Antirootkit : 6 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\ACPI @ Unknown (\SystemRoot\system32\CLFS.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Harddisk1\DR1 : \Driver\partmgr @ Unknown (\SystemRoot\System32\drivers\tfhgn.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP0T0L0-0 : \Driver\ACPI @ Unknown (\SystemRoot\system32\CLFS.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\System32\drivers\tfhgn.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk1\DR1 : \Driver\partmgr @ Unknown (\SystemRoot\System32\drivers\tfhgn.sys)
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\System32\drivers\tfhgn.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-083CA1 ATA Device +++++
--- User ---
[MBR] 9c8536b690d63a27acaf5d62b508bee9
[BSP] bf554009e5a41c68658bc45fc24d780e : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: OCZ-VERTEX3 ATA Device +++++
--- User ---
[MBR] a3ed84bb13a480d6c3cfa763949b7258
[BSP] 369efba5729038d9fa4835b7cc8e210b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_09052014_115100.log - RKreport_SCN_09052014_120335.log - RKreport_SCN_09062014_105449.log - RKreport_SCN_09062014_110108.log
RKreport_DEL_09062014_110426.log - RKreport_SCN_09062014_110728.log

JANíčOK · Příspěvekod **JANíčOK** » 06 zář 2014 11:33

Zoek.exe v5.0.0.0 Updated 05-September-2014
Tool run by Konstrukcia on so 06. 09. 2014 at 11:18:30,54.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\KONTRU~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6. 9. 2014 11:19:10 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2DB92385-001A-4416-9A25-EC995AE11446} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} deleted successfully
HKEY_USERS\S-1-5-21-3654305221-3194196692-2434187223-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\KONTRU~1\AppData\Roaming\Mozilla\Firefox\Profiles\lio47eye.default\prefs.js:

Added to C:\Users\KONTRU~1\AppData\Roaming\Mozilla\Firefox\Profiles\lio47eye.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\KONTRU~1\.android deleted
C:\PROGRA~2\Probit Software deleted
C:\Users\KONTRU~1\AppData\Local\cache deleted
C:\Users\KONTRU~1\AppData\Local\CrashRpt deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\PROGRA~3\134ca4084c70334c\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20140904070152" deleted
"C:\PROGRA~3\134ca4084c70334c\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140904065713" deleted
"C:\PROGRA~3\134ca4084c70334c\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140904070143" deleted
"C:\PROGRA~3\134ca4084c70334c\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140904070144" deleted
"C:\PROGRA~3\134ca4084c70334c\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140904070152" deleted
"C:\PROGRA~3\134ca4084c70334c\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140904070153" deleted
"C:\PROGRA~3\134ca4084c70334c\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20140904065720" deleted
"C:\PROGRA~3\134ca4084c70334c\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140904065655" deleted
"C:\PROGRA~3\134ca4084c70334c\{FDB962F0-B5B8-9460-D12F-7966E97BAA43}.20140904065704" deleted
"C:\PROGRA~3\134ca4084c70334c" deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Chrome Look ======================

PRicechoP - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\keomloiddikgcklghnpeadidjkpbnfbd
Live Sports - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo
NExeTCCouup - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmmfipbkglpbilhhbbelipabfoelmjjn
Live Sports - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo
PRicechoP - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\keomloiddikgcklghnpeadidjkpbnfbd
Live Sports - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo
NExeTCCouup - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmmfipbkglpbilhhbbelipabfoelmjjn
PRicechoP - KONTRU~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\keomloiddikgcklghnpeadidjkpbnfbd
Live Sports - KONTRU~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo
NExeTCCouup - KONTRU~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmmfipbkglpbilhhbbelipabfoelmjjn
Live Sports - KONTRU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo
PRicechoP - KONTRU~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\keomloiddikgcklghnpeadidjkpbnfbd
Live Sports - KONTRU~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo
NExeTCCouup - KONTRU~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmmfipbkglpbilhhbbelipabfoelmjjn

==== Chrome Fix ======================

C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\keomloiddikgcklghnpeadidjkpbnfbd deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\keomloiddikgcklghnpeadidjkpbnfbd deleted successfully
C:\Users\KONTRU~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\keomloiddikgcklghnpeadidjkpbnfbd deleted successfully
C:\Users\KONTRU~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\keomloiddikgcklghnpeadidjkpbnfbd deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo deleted successfully
C:\Users\KONTRU~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo deleted successfully
C:\Users\KONTRU~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo deleted successfully
C:\Users\KONTRU~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmmfipbkglpbilhhbbelipabfoelmjjn deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmmfipbkglpbilhhbbelipabfoelmjjn deleted successfully
C:\Users\KONTRU~1\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmmfipbkglpbilhhbbelipabfoelmjjn deleted successfully
C:\Users\KONTRU~1\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmmfipbkglpbilhhbbelipabfoelmjjn deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{2DB92385-001A-4416-9A25-EC995AE11446}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2DB92385-001A-4416-9A25-EC995AE11446}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KONTRU~1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\KONTRU~1\AppData\Local\Mozilla\Firefox\Profiles\lio47eye.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=248 folders=59 2878524 bytes)

==== Empty Temp Folders ======================

C:\Users\Classic .NET AppPool\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Users\CLASSI~1.NET\AppData\Local\temp emptied successfully
C:\Users\KONTRU~1\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\KONTRU~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 06. 09. 2014 at 11:32:42,34 ======================

Příspěvekod **jaro3** » 07 zář 2014 10:18

Stáhni si zde DelFix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?

JANíčOK · Příspěvekod **JANíčOK** » 07 zář 2014 13:15

NOD 32 nehlási žiadny vírus - to bolo hlavný problém.
Tu je log z DelFix:

# DelFix v10.8 - Logfile created 07/09/2014 at 13:11:20
# Updated 29/07/2014 by Xplode
# Username : Konštrukcia - KONSTRUKCIA-PC
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\log.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Konštrukcia\Desktop\AdwCleaner.exe
Deleted : C:\Users\Konštrukcia\Desktop\JRT.exe
Deleted : C:\Users\Konštrukcia\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Konštrukcia\Desktop\TFC.exe
Deleted : C:\Users\Konštrukcia\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #126 [Windows Update | 08/22/2014 11:08:51]
Deleted : RP #127 [Windows Update | 08/26/2014 10:52:27]
Deleted : RP #128 [Windows Update | 08/28/2014 01:00:10]
Deleted : RP #129 [Windows Update | 09/02/2014 17:09:24]
Deleted : RP #130 [Revo Uninstaller's restore point - Viber | 09/03/2014 04:37:58]
Deleted : RP #131 [Revo Uninstaller's restore point - Trillian | 09/04/2014 04:59:55]
Deleted : RP #132 [Revo Uninstaller's restore point - EZDownloader | 09/04/2014 05:00:46]
Deleted : RP #133 [Revo Uninstaller's restore point - YioutubeAAddBlocke | 09/04/2014 05:01:27]
Deleted : RP #134 [Revo Uninstaller's restore point - SkypEmoticons | 09/04/2014 05:04:36]
Deleted : RP #135 [Revo Uninstaller's restore point - NExeTCCouup | 09/04/2014 05:05:34]
Deleted : RP #136 [Revo Uninstaller's restore point - pricecHop | 09/04/2014 05:10:39]
Deleted : RP #137 [Revo Uninstaller's restore point - SW-Sustainer 1.80 | 09/04/2014 05:11:21]
Deleted : RP #138 [Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 sk) | 09/04/2014 05:57:33]
Deleted : RP #139 [Installed DWG Converter | 09/05/2014 15:59:46]
Deleted : RP #140 [Windows Update | 09/05/2014 22:40:21]
Deleted : RP #141 [zoek.exe restore point | 09/06/2014 09:19:05]

New restore point created !

########## - EOF - ##########

Příspěvekod **memphisto** » 07 zář 2014 15:04

POkud nejsou další problémy, tak poprosím o zelenou fajku vpravo nahoře

JANíčOK · Příspěvekod **JANíčOK** » 07 zář 2014 15:43

Ďakujem pekne za pomoc! :thumbup:

Prosím o kontrolu logu z HJT Vyřešeno

Re: Prosím o kontrolu logu z HJT

Re: Prosím o kontrolu logu z HJT

Re: Prosím o kontrolu logu z HJT

Re: Prosím o kontrolu logu z HJT

Re: Prosím o kontrolu logu z HJT

Re: Prosím o kontrolu logu z HJT

Re: Prosím o kontrolu logu z HJT Vyřešeno

Kdo je online