kontrola logu - chybová hláška: Windows průzkumník přestal p Vyřešeno

[loleq86]

zdravím. Prosím o kontrolu logu. občas mi win vyhodí chybu: program Windows pruzkumník přestal pracovat, chyba je nahodilá. (chyba se objevovala i při pokusu spustit nekteré stažené hry, což je možná logický, když nebyli origo :) ) navic je PC vyrazne pomalejsi tak jestli tam nemam nejaky bordel. dekuju

PC: netbook ASUS, Win7, CPU 1GHz, 1MB Ram


log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:38:08, on 17.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)

FIREFOX: 19.0.2 (cs)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\ExpressGateUtil\VAWinAgent.exe
D:\Programy\Kies\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\BlueStacks\HD-Agent.exe
D:\Programy\Kies\Kies\Kies.exe
D:\Programy\Kies\Kies\KiesAirMessage.exe
D:\Programy\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\syncables\syncables desktop\syncables.exe
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
C:\Windows\System32\C2MP\UpdateChecker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\explorer.exe
C:\Program Files\Asus\Eee Docking\Eee Docking.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Kvart\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT330287 ... 75E5&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\ASUS\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.102.211\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [KiesTrayAgent] D:\Programy\Kies\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [KiesPreload] D:\Programy\Kies\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] D:\Programy\Kies\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] D:\Programy\Kies\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Kvart\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Driver Tool] C:\Program Files\Driver Tool\Driver Tool\DriverTool.exe /applicationMode:systemTray /showWelcome:false
O4 - HKCU\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\daemon tools\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\Asus\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\System32\C2MP\UpdateChecker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programy\MICROS~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\MICROS~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://D:\Programy\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\Common Files\InstantOn\InsOnSrv.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\windows\system32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe
O23 - Service: cfhpghnrmxtoap - Unknown owner - c:\windows\system32\wvfarmcc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TiMiniService - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe

--
End of file - 11105 bytes

[Reklama]

[memphisto]

Tak jako snažit se hrát hry na netbooku už je samo o sobě hodně špatný nápad...

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[loleq86]

tady je ten prvni (adwcleaner)

# AdwCleaner v3.310 - Report created 17/09/2014 at 18:10:22
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Kvart - KVART-PC
# Running from : C:\Users\Kvart\Desktop\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\searchplugins\buenosearch.xml
File Found : C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\searchplugins\trovi-search.xml
File Found : C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js
File Found : C:\windows\system32\roboot.exe
Folder Found : C:\Program Files\AVG Security Toolbar
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Kvart\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Kvart\AppData\Roaming\Babylon
Folder Found : C:\Users\Kvart\AppData\Roaming\ExpressFiles
Folder Found : C:\Users\Kvart\AppData\Roaming\OpenCandy

***** [ Scheduled Tasks ] *****

Task Found : Express FilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\ExpressFiles
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_youwave_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_youwave_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT330287 ... 75E5&SSPV=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://search.babylon.com/?affID=112185 ... 08ca9eb4a6
hxxp://eeepc.asus.com

-\\ Mozilla Firefox v19.0.2 (cs)

[ File : C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\prefs.js ]

Line Found : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3302872&octid=EB_ORIGINAL_CTID&ISID=ae10d0ae-2158-41c8-9794-7374d3895d0d&SearchSource=55&CUI=&UM=5&UP=SPAE0B0C8A-A780-4259-B76D-[...]
Line Found : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3302872&octid=EB_ORIGINAL_CTID&ISID=ae10d0ae-2158-41c8-9794-7374d3895d0d&SearchSource=55&CUI=&UM=5&UP=SPAE0B0C8A-A780-4259-B76D-[...]
Line Found : user_pref("browser.search.selectedEngine", "Trovi search");

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Kvart\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&c ... 69175E5&q={searchTerms}&SSPV=
Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&c ... 69175E5&q={searchTerms}&SSPV=
Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&c ... 69175E5&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [6180 octets] - [17/09/2014 18:10:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6240 octets] ##########

[loleq86]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17.9.2014
Scan Time: 18:46:47
Logfile: logfile.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.17.07
Rootkit Database: v2014.09.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Kvart

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 280485
Time Elapsed: 23 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-433252344-4095087950-1502536368-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [75467876eb9081b5f39a7da760a3c23e],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-433252344-4095087950-1502536368-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT330287 ... 75E5&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT330287 ... 75E5&SSPV=),,[7e3d1ed05c1f51e5e239f8ff976da15f]

Folders: 4
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy, , [57649c523d3e7abc3b1faa293cc626da],
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy\953DE5262C0A4582AC1718093E93FB21, , [57649c523d3e7abc3b1faa293cc626da],
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy\D237F09D304B422190219784EA9DD912, , [57649c523d3e7abc3b1faa293cc626da],
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy\OpenCandy_D237F09D304B422190219784EA9DD912, , [57649c523d3e7abc3b1faa293cc626da],

Files: 27
PUP.Optional.Trovi.A, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\searchplugins\trovi-search.xml, , [86358f5f2e4db383bab38c9160a37090],
PUP.Optional.BuenoSearch.A, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\searchplugins\buenosearch.xml, , [407b48a67506c0763e63111942c151af],
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy\953DE5262C0A4582AC1718093E93FB21\TuneUpUtilities2013_2200329_cs-CZ.exe, , [57649c523d3e7abc3b1faa293cc626da],
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy\D237F09D304B422190219784EA9DD912\avg_tuht_stf_cs_2014_206_CZ.exe, , [57649c523d3e7abc3b1faa293cc626da],
PUP.Optional.Trovi, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Trovi search");), ,[8a31c7279ae182b481668ba859ac10f0]
PUP.Optional.Trovi.A, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3302872&octid=EB_ORIGINAL_CTID&ISID=ae10d0ae-2158-41c8-9794-7374d3895d0d&SearchSource=55&CUI=&UM=5&UP=SPAE0B0C8A-A780-4259-B76D-2C94A69175E5&SSPV=");), ,[2f8c31bde5963ef85b1923115ca97090]
PUP.Optional.BuenoSearch.A, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=961F0008CA9EB4A6&affID=128492&tsp=5269");), ,[b308628ccab160d605e3260e0401df21]
PUP.Optional.BuenoSearch.A, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=961F0008CA9EB4A6&affID=128492&tsp=5269");), ,[a91245a9e6955adcd6120d273ec7827e]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.id", "961fdae30000000000000008ca9eb4a6");), ,[f9c25d91601b4ee8aa37270ea65f29d7]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), ,[704b44aa2a5191a54e935fd6c93c7f81]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlDay", "16226");), ,[ffbc618d59220333a33ef4418c798a76]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), ,[a7142ac49cdf9d99cc15f045db2a02fe]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), ,[e4d70ae4205b87af974ae451e322669a]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.78:17:17");), ,[912a3cb2a6d58bab9a47fe37778e5da3]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), ,[0daecc22aad12610627f69cc7194a65a]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.prdct", "buenosearch");), ,[b308be30a9d2c76f3fa2c273f60f847c]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.aflt", "babsst");), ,[3e7d48a678030531469bff3643c21de3]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.smplGrp", "none");), ,[78431ed07605d46221c0979eda2b8878]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrId", "base");), ,[89325f8f1a61c670eff264d1b1548779]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlRef", "sst");), ,[07b416d82754f73f14cd88ad00057987]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.dfltLng", "cs");), ,[e3d8ffef542744f2895891a401043cc4]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.excTlbr", false);), ,[7d3eed011962d462b03188ad5baa47b9]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), ,[efccfef005766dc919c82510ff060af6]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), ,[f2c97975017ad363ebf6cf6658ad4bb5]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.autoRvrt", "false");), ,[dbe0707e3b40ee4821c03401df26a060]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.rvrt", "false");), ,[83387777f8831b1b449d42f3c243c33d]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.newTab", false);), ,[516a37b7aecdda5c974aa88dd035f40c]

Physical Sectors: 0
(No malicious items detected)


(end)

[Orcus]

Znovu spusť MbAM a dej Skenovat nyní
Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
Zkopíruj sem celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[loleq86]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17.9.2014
Scan Time: 21:12:11
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.17.08
Rootkit Database: v2014.09.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Kvart

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 321809
Time Elapsed: 35 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-433252344-4095087950-1502536368-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [45770de102794beb22a1107603ff17e9],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-433252344-4095087950-1502536368-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [45770de102794beb22a1107603ff17e9],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [45770de102794beb22a1107603ff17e9],
PUP.Optional.Babylon.A, HKU\S-1-5-21-433252344-4095087950-1502536368-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [e0dceb033e3dce68742090f659a95ca4],
PUP.Optional.Babylon.A, HKU\S-1-5-21-433252344-4095087950-1502536368-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, Quarantined, [e0dceb033e3dce68742090f659a95ca4],
PUP.Optional.Softonic.A, HKU\S-1-5-21-433252344-4095087950-1502536368-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [e3d9c22cc3b86ccad0ceae768f7403fd],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Trovi.A, HKU\S-1-5-21-433252344-4095087950-1502536368-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT330287 ... 75E5&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT330287 ... 75E5&SSPV=),Replaced,[48741cd207749a9c38f4ed0a7c888779]

Folders: 4
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy, Quarantined, [f1cbfdf16d0e999d6dfad4ffff03f808],
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy\953DE5262C0A4582AC1718093E93FB21, Quarantined, [f1cbfdf16d0e999d6dfad4ffff03f808],
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy\D237F09D304B422190219784EA9DD912, Quarantined, [f1cbfdf16d0e999d6dfad4ffff03f808],
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy\OpenCandy_D237F09D304B422190219784EA9DD912, Quarantined, [f1cbfdf16d0e999d6dfad4ffff03f808],

Files: 30
PUP.Optional.Amonetize, C:\Users\Kvart\Downloads\Trhak Aneb 21 Kapitol O Vasem Downloader__3687_i1289409487_il1096952.exe, Quarantined, [69535d91f28974c2648b8e2801006e92],
PUP.Optional.Amonetize, C:\Users\Kvart\Downloads\Trhak Aneb 21 Kapitol O Vasem Downloader__3687_i1289411106_il1096952.exe, Quarantined, [febed01ef58641f5c52a74426b96dc24],
PUP.Optional.Amonetize, C:\Users\Kvart\Downloads\Trhak Aneb 21 Kapitol O Vasem Downloader__3687_i1289412062_il1096952.exe, Quarantined, [c6f68569314a54e2a24d496d46bb4bb5],
PUP.Optional.Trovi.A, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\searchplugins\trovi-search.xml, Quarantined, [b10b15d9314a60d6ea9415083fc46d93],
PUP.Optional.BuenoSearch.A, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\searchplugins\buenosearch.xml, Quarantined, [3e7e8d61b8c3cf672b87d9517093ed13],
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy\953DE5262C0A4582AC1718093E93FB21\TuneUpUtilities2013_2200329_cs-CZ.exe, Quarantined, [f1cbfdf16d0e999d6dfad4ffff03f808],
PUP.Optional.OpenCandy, C:\Users\Kvart\AppData\Roaming\OpenCandy\D237F09D304B422190219784EA9DD912\avg_tuht_stf_cs_2014_206_CZ.exe, Quarantined, [f1cbfdf16d0e999d6dfad4ffff03f808],
PUP.Optional.Trovi, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "Trovi search");), Replaced,[249841ad96e5d561d226b2819e6749b7]
PUP.Optional.Trovi.A, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.trovi.com/?gd=&ctid=CT3302872&octid=EB_ORIGINAL_CTID&ISID=ae10d0ae-2158-41c8-9794-7374d3895d0d&SearchSource=55&CUI=&UM=5&UP=SPAE0B0C8A-A780-4259-B76D-2C94A69175E5&SSPV=");), Replaced,[ecd0d816f08b04325f260a2aa56011ef]
PUP.Optional.BuenoSearch.A, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=961F0008CA9EB4A6&affID=128492&tsp=5269");), Replaced,[cfed7b73631887afa25770c45da8936d]
PUP.Optional.BuenoSearch.A, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=961F0008CA9EB4A6&affID=128492&tsp=5269");), Replaced,[e1db9e506516b0863cbd4fe5719414ec]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.id", "961fdae30000000000000008ca9eb4a6");), Replaced,[a418ea04e79477bf3db5d85dfb0a47b9]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), Replaced,[615b509edaa1a690975b3afb9075cb35]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlDay", "16226");), Replaced,[4874ed01403b3402965c94a1ed18aa56]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), Replaced,[8933d81648331323777b51e4798c738d]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), Replaced,[efcd00ee4932dd5989695ed7ee17a35d]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.78:17:17");), Replaced,[15a7b539fc7f90a65d9537fe95709f61]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), Replaced,[fbc1925c017af64037bbc07555b009f7]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.prdct", "buenosearch");), Replaced,[1aa2a747671421153fb348ed858031cf]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.aflt", "babsst");), Replaced,[7f3deb033e3dba7c2ec44ee74cb9c63a]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.smplGrp", "none");), Replaced,[c1fb56985c1f221417db32037e87d030]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrId", "base");), Replaced,[506c00ee03785dd9668c9d98c5408e72]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlRef", "sst");), Replaced,[0bb1da143f3c89ad876b0134a46111ef]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.dfltLng", "cs");), Replaced,[0daf85695922e84eae4480b519ec9868]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.excTlbr", false);), Replaced,[a3198e6086f54ee832c0ce6759ac4db3]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), Replaced,[5e5ee7074e2d7db9846e59dc030243bd]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), Replaced,[a9132ac48cef60d61ed453e2a75e27d9]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.autoRvrt", "false");), Replaced,[5e5e5698493292a4b240a98c27de2bd5]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.rvrt", "false");), Replaced,[4973e707ceade2547c762f060ef73ec2]
PUP.Optional.BuenoSearch, C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js, Good: (), Bad: (user_pref("extensions.buenosearch.newTab", false);), Replaced,[3785a5494b30a492be3467cee421c33d]

Physical Sectors: 0
(No malicious items detected)


(end)







# AdwCleaner v3.310 - Report created 17/09/2014 at 22:08:45
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Kvart - KVART-PC
# Running from : C:\Users\Kvart\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\AVG Security Toolbar
Folder Deleted : C:\Users\Kvart\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Kvart\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Kvart\AppData\Roaming\ExpressFiles
File Deleted : C:\windows\system32\roboot.exe
File Deleted : C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Express FilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_youwave_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_youwave_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\ExpressFiles

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Mozilla Firefox v19.0.2 (cs)

[ File : C:\Users\Kvart\AppData\Roaming\Mozilla\Firefox\Profiles\zkhlqghf.default\prefs.js ]


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Kvart\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&c ... 69175E5&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&c ... 69175E5&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&c ... 69175E5&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [6320 octets] - [17/09/2014 18:10:22]
AdwCleaner[R1].txt - [4289 octets] - [17/09/2014 21:57:31]
AdwCleaner[R2].txt - [4349 octets] - [17/09/2014 22:03:46]
AdwCleaner[S0].txt - [4945 octets] - [17/09/2014 22:08:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5005 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 7 Starter x86
Ran by Kvart on st 17.09.2014 at 22:33:11,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{0378E5B2-7A0C-4BB7-8429-ECD8512ADC4A}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{06DFCC16-327F-4ABA-BB72-A4DC40681299}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{09BBDF74-F375-4A31-A403-37165A954D2D}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{1B961FBD-B259-4185-903E-E6320AF361B9}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{22E46DF7-6EA6-4FD7-8B20-B8AE3D087304}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{24869191-573E-4C09-A1A0-64FCBB970722}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{263D06E3-B6B0-44B9-87E8-3951B1F3BF60}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{2C475114-5685-4FD3-8379-F30279085DF5}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{2D64F036-9320-4CC1-A6A4-E173A3235B6A}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{2DCFE87C-167A-4043-9DD7-57B2A0F0AF87}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{2DEAEB88-E81A-46FA-A92D-4F4DE0395F54}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{310CCA2D-5412-4F3F-ACA9-623C26405B0D}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{3663FF75-CA91-4947-A70A-9A558BDF630B}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{3C1977C8-3F9C-4852-B82A-9A55298BA76C}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{3FA3939C-1A8A-4E7F-960A-AD7C71918C3E}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{3FB5D3E8-CCCE-45F1-8746-855B81F30011}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{455BA621-FF80-4827-A7ED-DCB2F3485282}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{52B78557-808F-45DC-A8E5-C2F1468CF40C}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{56962831-E8D2-40FC-922B-FABD9A4FC8B5}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{5E7ABADE-097E-4F4A-9C3F-382A7BAA9D4B}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{6448F5E7-1E86-4B7F-9672-815AC337E394}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{6A7D52C2-8725-4035-A436-800D927F8E70}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{79370A7E-5AE4-4529-B2D7-DBEB5604A6F3}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{7B408E72-5427-4CF0-AC0E-D665ABBC409D}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{7E966D7A-B3A8-4C8A-B2C6-8F42532634D5}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{8D16EB5D-24DE-4D17-8621-538F20AA083B}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{9240F144-7006-4A8D-87FD-C7A4235F9633}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{98808C65-6553-41F6-B86C-8CA5D676B4AC}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{ABFC1BD8-6F5A-4EF6-840C-F3AD54661E94}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{AC70A474-5940-4122-A8CF-4B0B0C7A10FB}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{AEF7487F-4A1F-4511-B58F-F8D726DC7106}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{AF2AD0F6-2284-4110-8208-C188C7EC7305}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{C39DB5B4-AA87-4EAE-87A6-C7984C0FE862}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{C414EE96-3959-42BE-B89D-F6E16D175ED5}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{C59C001E-FB1D-4F28-A309-7AD3616942A1}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{CEFBCE16-234A-4F26-832C-A594C82B439F}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{DC55CC41-7C8D-4625-B6A9-2FE0402B740A}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{DE46D3D3-9B9E-4DF5-A01D-B92BEE1742A8}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{E2E1AF23-5B85-4BC2-B4D8-52A92B75606B}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{E8FFC377-8699-40A8-A2C0-7CB6313994A8}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{EA551A97-9AE0-4490-8B5B-621B0CAB8E01}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{EBB02886-C243-44A3-939F-3B9ACAF47991}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{ECADB6DA-EBF5-44FD-A44A-7D29290128CD}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{F120266A-C3A2-4823-A28C-539821D73602}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{F2281427-6656-4A0B-B70B-3DA8F980E54A}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{F6AD66BF-BF58-4B46-A359-616A45C3E16A}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{F79B9948-41F0-4010-8F46-E805EFD72525}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{FA04C96B-B7FE-43EA-B8F2-598783D501C5}
Successfully deleted: [Empty Folder] C:\Users\Kvart\appdata\local\{FBBE73B9-71EB-4EE9-A3C9-A885A11B6933}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 17.09.2014 at 22:57:15,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[memphisto]

Ještě výsledek z Rogue

[loleq86]

ano, tady je, chvilku mi to trva



RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Kvart [Práva správce]
Mód : Kontrola -- Datum : 09/17/2014 23:39:01

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 11 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D1AB82F8-F82F-4483-85F4-35E3D49E7405} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D1AB82F8-F82F-4483-85F4-35E3D49E7405} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D1AB82F8-F82F-4483-85F4-35E3D49E7405} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-433252344-4095087950-1502536368-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-433252344-4095087950-1502536368-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.HomePage] HKEY_USERS\S-1-5-21-433252344-4095087950-1502536368-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> NALEZENO

¤¤¤ naplánované úlohy : 3 ¤¤¤
[Suspicious.Path] \\{955C3561-C30F-4914-9CF9-D898A2DFE5FC} -- C:\Users\Kvart\Desktop\BlueStacks-SplitInstaller_native_b.exe -> NALEZENO
[Suspicious.Path] \\{E1DB53F4-653E-402A-A19E-5E265A6BACF2} -- C:\Users\Kvart\Desktop\BlueStacks-SplitInstaller_native_b.exe -> NALEZENO
[Suspicious.Path] \\{F47B4B81-9ED5-4487-A121-51EEEF43198B} -- C:\Users\Kvart\Desktop\BlueStacks-SplitInstaller_native_b.exe -> NALEZENO

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 21 (Driver: NAHRÁNO) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtCreateKey[70] : Unknown @ 0x84a06aa0
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x84a4da00
[SSDT:Addr(Hook.SSDT)] NtCreateProcess[79] : Unknown @ 0x84a055a0
[SSDT:Addr(Hook.SSDT)] NtCreateProcessEx[80] : Unknown @ 0x84a058a0
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x84a4ddc0
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x84a4d340
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x84a4d520
[SSDT:Addr(Hook.SSDT)] NtCreateUserProcess[93] : Unknown @ 0x84a05ba0
[SSDT:Addr(Hook.SSDT)] NtDeleteKey[103] : Unknown @ 0x84a070a0
[SSDT:Addr(Hook.SSDT)] NtDeleteValueKey[106] : Unknown @ 0x84a079a0
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x84a4dfa0
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[190] : Unknown @ 0x84a05ea0
[SSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x84a07f80
[SSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x84a061a0
[SSDT:Addr(Hook.SSDT)] NtRenameKey[290] : Unknown @ 0x84a073a0
[SSDT:Addr(Hook.SSDT)] NtRestoreKey[302] : Unknown @ 0x84a076a0
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x84a4dbe0
[SSDT:Addr(Hook.SSDT)] NtSetValueKey[358] : Unknown @ 0x84a06da0
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x84a067a0
[IAT:Addr] (explorer.exe) KERNEL32.dll - HeapAlloc : C:\windows\AppPatch\AcXtrnal.DLL @ 0x726292cd
[IAT:Addr] (explorer.exe) msvcrt.dll - exit : C:\windows\AppPatch\AcXtrnal.DLL @ 0x72629508

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD32 00BPVT-80JJ5T0 SATA Disk Device +++++
--- User ---
[MBR] 33269ebea13f6b7d5ac5100f7f844b69
[BSP] 295ef069f79e9ed5327a1b123417ff35 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102400 MB
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 209717248 | Size: 15360 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 241174528 | Size: 187467 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 625106944 | Size: 16 MB
User = LL1 ... OK
User = LL2 ... OK

[memphisto]

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller


Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

[loleq86]

tak tady je ten prvni:

RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Kvart [Práva správce]
Mód : Odebrat -- Datum : 09/18/2014 10:23:14

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Proc.Hidden] -- [x] -> SMAZÁNO [TermThr]

¤¤¤ ¤¤¤ Záznamy Registrů: : 11 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NEVYBRÁNO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NEVYBRÁNO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NEVYBRÁNO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D1AB82F8-F82F-4483-85F4-35E3D49E7405} | DhcpNameServer : 10.0.0.138 -> NEVYBRÁNO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D1AB82F8-F82F-4483-85F4-35E3D49E7405} | DhcpNameServer : 10.0.0.138 -> NEVYBRÁNO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D1AB82F8-F82F-4483-85F4-35E3D49E7405} | DhcpNameServer : 10.0.0.138 -> NEVYBRÁNO
[PUM.Policies] HKEY_USERS\S-1-5-21-433252344-4095087950-1502536368-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NEVYBRÁNO
[PUM.Policies] HKEY_USERS\S-1-5-21-433252344-4095087950-1502536368-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NEVYBRÁNO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO
[PUM.HomePage] HKEY_USERS\S-1-5-21-433252344-4095087950-1502536368-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> NEVYBRÁNO

¤¤¤ naplánované úlohy : 3 ¤¤¤
[Suspicious.Path] \\{955C3561-C30F-4914-9CF9-D898A2DFE5FC} -- C:\Users\Kvart\Desktop\BlueStacks-SplitInstaller_native_b.exe -> VYMAZÁNO
[Suspicious.Path] \\{E1DB53F4-653E-402A-A19E-5E265A6BACF2} -- C:\Users\Kvart\Desktop\BlueStacks-SplitInstaller_native_b.exe -> VYMAZÁNO
[Suspicious.Path] \\{F47B4B81-9ED5-4487-A121-51EEEF43198B} -- C:\Users\Kvart\Desktop\BlueStacks-SplitInstaller_native_b.exe -> VYMAZÁNO

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 21 (Driver: NAHRÁNO) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtCreateKey[70] : Unknown @ 0x84a06aa0
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x84a4da00
[SSDT:Addr(Hook.SSDT)] NtCreateProcess[79] : Unknown @ 0x84a055a0
[SSDT:Addr(Hook.SSDT)] NtCreateProcessEx[80] : Unknown @ 0x84a058a0
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x84a4ddc0
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x84a4d340
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x84a4d520
[SSDT:Addr(Hook.SSDT)] NtCreateUserProcess[93] : Unknown @ 0x84a05ba0
[SSDT:Addr(Hook.SSDT)] NtDeleteKey[103] : Unknown @ 0x84a070a0
[SSDT:Addr(Hook.SSDT)] NtDeleteValueKey[106] : Unknown @ 0x84a079a0
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x84a4dfa0
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[190] : Unknown @ 0x84a05ea0
[SSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x84a07f80
[SSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x84a061a0
[SSDT:Addr(Hook.SSDT)] NtRenameKey[290] : Unknown @ 0x84a073a0
[SSDT:Addr(Hook.SSDT)] NtRestoreKey[302] : Unknown @ 0x84a076a0
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x84a4dbe0
[SSDT:Addr(Hook.SSDT)] NtSetValueKey[358] : Unknown @ 0x84a06da0
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x84a067a0
[IAT:Addr] (explorer.exe) KERNEL32.dll - HeapAlloc : C:\windows\AppPatch\AcXtrnal.DLL @ 0x726292cd
[IAT:Addr] (explorer.exe) msvcrt.dll - exit : C:\windows\AppPatch\AcXtrnal.DLL @ 0x72629508

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD32 00BPVT-80JJ5T0 SATA Disk Device +++++
--- User ---
[MBR] 33269ebea13f6b7d5ac5100f7f844b69
[BSP] 295ef069f79e9ed5327a1b123417ff35 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 102400 MB
1 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 209717248 | Size: 15360 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 241174528 | Size: 187467 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 625106944 | Size: 16 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_09172014_233900.log - RKreport_SCN_09182014_101923.log

[loleq86]

pri tom druhem je to uz vic nez hodinu takto, mam to nechat jeste?

[loleq86]

tak už to jede zas