Preventívna kontrola

Aristoteles · Příspěvekod **Aristoteles** » 20 pro 2014 14:59

Poprosím o kontrolu nootebooku :) dík

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:58:04, on 20. 12. 2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

FIREFOX: 34.0.5 (x86 sk)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\Explorer.EXE
C:\Program Files\WinRAR\WinRAR.exe
E:\Dokumenty\Programy\Meniny.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
F:\sw\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... PLTG7230Q1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp ... PLTG7230Q1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?typ ... G7230Q1&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?typ ... G7230Q1&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=22
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Web TuneUp\vprot.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /auto
O4 - HKCU\..\Run: [KrosMeniny] E:\Dokumenty\Programy\Meniny.exe
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Atheros\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: vToolbarUpdater3.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe

--
End of file - 8516 bytes

Reklama

Příspěvekod **jaro3** » 21 pro 2014 10:35

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Aristoteles · Příspěvekod **Aristoteles** » 21 pro 2014 16:42

Posielam príslušné reporty - dík

# AdwCleaner v4.105 - Report created 21/12/2014 at 16:02:30
# Updated 08/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Ultimate (32 bits)
# Username : ju - MIREC
# Running from : C:\Users\ju\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater3.2.0

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Found : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\searchplugins\avg-secure-search.xml
File Found : C:\Users\ju\daemonprocess.txt
File Found : C:\Windows\system32\roboot.exe
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\GetPrivate
Folder Found : C:\Program Files\GreenTree Applications
Folder Found : C:\Program Files\NCH Software
Folder Found : C:\Program Files\SiteLookup
Folder Found : C:\Program Files\SupTab
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\Adina\AppData\LocalLow\HPAppData
Folder Found : C:\Users\ju\AppData\Local\genienext
Folder Found : C:\Users\ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Folder Found : C:\Users\ju\AppData\Local\Mobogenie
Folder Found : C:\Users\ju\AppData\LocalLow\HPAppData
Folder Found : C:\Users\ju\AppData\Roaming\GetPrivate
Folder Found : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\Extensions\adremoveext@adremoveext.net
Folder Found : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\Extensions\ascsurfingprotection@iobit.com
Folder Found : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\Extensions\Avg@toolbar
Folder Found : C:\Users\ju\AppData\Roaming\OpenCandy
Folder Found : C:\Users\ju\AppData\Roaming\SimilarAddon
Folder Found : C:\Users\ju\AppData\Roaming\Systweak
Folder Found : C:\Users\ju\Documents\Mobogenie

***** [ Scheduled Tasks ] *****

Task Found : advanced-System Protector_startup
Task Found : ASP
Task Found : Driver Booster Scan
Task Found : Driver Booster Update

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc ... PLTG7230Q1
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Liveistream
Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKCU\Software\SupHpUISoft
Key Found : HKCU\Software\Tune
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Tune
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp ... PLTG7230Q1
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?typ ... G7230Q1&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp ... PLTG7230Q1
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?typ ... G7230Q1&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www.buenosearch.com/?babsrc=NT_s ... 3&tsp=5345

-\\ Mozilla Firefox v34.0.5 (x86 sk)

[joo2zrtn.default-1408478341201] - Line Found : user_pref("extensions.quick_start.enable_search1", false);
[joo2zrtn.default-1408478341201] - Line Found : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[joo2zrtn.default-1408478341201] - Line Found : user_pref("extensions.searchads.insertDomains", "{\"istart.webssearches.com\":2}");

-\\ Google Chrome v

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [9025 octets] - [21/12/2014 16:02:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9085 octets] ##########

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 21. 12. 2014
Scan Time: 16:10:37
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.21.03
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: ju

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341101
Time Elapsed: 6 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.Babylon.A, HKU\S-1-5-21-1019906989-1979819465-4059662089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [74034c19b3c90b2ba4102fa5b34f3cc4],
PUP.Optional.SupTab.A, HKU\S-1-5-21-1019906989-1979819465-4059662089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [5324184d24589c9a0036f8e145bd9c64],
PUP.Optional.WPM.A, HKLM\SOFTWARE\supWindowsMangerProtect, , [185fe87d7804db5b82cbf3dc35cffd03],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [cbacde872a521620866f4d6d9a6a55ab],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP, , [d6a174f17dffa195895bbfaaf2110000],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, , [d7a01f46d3a991a58095e288df24758b],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, , [a1d6b1b4d0acb6805edbef70d92a52ae],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [1067cf961a62c3731d1d93ccdb283ec2],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1019906989-1979819465-4059662089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, , [60171a4baad2ae8873527af1f50eee12],
PUP.Optional.Qone8, HKU\S-1-5-21-1019906989-1979819465-4059662089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [0f68dc8989f35bdb559fa416689cb24e],
PUP.Optional.FastStart.A, HKU\S-1-5-21-1019906989-1979819465-4059662089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, , [7700e97c88f47bbb48e0b1b6a55ef50b],

Registry Values: 4
PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\extensions\faststartff@gmail.com, , [27508dd8c0bc3cfad790eee0d62e718f]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP|dir, C:\Program Files\SupTab, , [d6a174f17dffa195895bbfaaf2110000]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, irs, , [d7a01f46d3a991a58095e288df24758b]
PUP.Optional.FastStart.A, HKU\S-1-5-21-1019906989-1979819465-4059662089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, , [7700e97c88f47bbb48e0b1b6a55ef50b]

Registry Data: 7
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc ... PLTG7230Q1, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc ... PLTG7230Q1),,[afc8115468141125cb60d29b986d11ef]
PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://www.buenosearch.com/?babsrc=NT_s ... 3&tsp=5345, Good: (http://www.google.com), Bad: (http://www.buenosearch.com/?babsrc=NT_s ... 3&tsp=5345),,[aacd461f4b3195a1fe6ef37a01048080]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://istart.webssearches.com/web/?typ ... G7230Q1&q={searchTerms}, Good: (http://www.google.com), Bad: (http://istart.webssearches.com/web/?typ ... G7230Q1&q={searchTerms}),,[94e381e41369330311118ce18382cf31]
PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp ... PLTG7230Q1, Good: (http://www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... PLTG7230Q1),,[8bec214490ec63d3aa76422b5baa13ed]
PUP.Optional.WebSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://istart.webssearches.com/web/?typ ... G7230Q1&q={searchTerms}, Good: (http://www.google.com), Bad: (http://istart.webssearches.com/web/?typ ... G7230Q1&q={searchTerms}),,[5d1a2a3b55278aac56e8c8b1d43143bd]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[85f2ef766319290d073de0971de88878]
PUP.Optional.WebsSearches.A, HKU\S-1-5-21-1019906989-1979819465-4059662089-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://istart.webssearches.com/?type=hp ... PLTG7230Q1, Good: (http://www.google.com), Bad: (http://istart.webssearches.com/?type=hp ... PLTG7230Q1),,[b7c00c59502c6fc739e8beaf1fe63cc4]

Folders: 46
PUP.Optional.GetPrivateVPN, C:\Users\ju\AppData\Roaming\GetPrivate, , [eb8c9bcaafcdcb6b3c6492d0e71cce32],
PUP.Optional.GetPrivateVPN, C:\Program Files\GetPrivate, , [9cdb75f090ec9b9b138e88da12f146ba],
PUP.Optional.OpenCandy, C:\Users\ju\AppData\Roaming\OpenCandy, , [1067df86e9935ed88c7865bdc63d58a8],
PUP.Optional.OpenCandy, C:\Users\ju\AppData\Roaming\OpenCandy\082C586CB8A6450F9559199F6827DAA6, , [1067df86e9935ed88c7865bdc63d58a8],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\bitstreams, , [fd7a71f4d3a9999d96a551d3877ca858],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, , [4c2bd392bac2ba7c6f0365d22fd4e31d],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, , [4c2bd392bac2ba7c6f0365d22fd4e31d],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [096e77ee85f71620b21d02370df66e92],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, , [096e77ee85f71620b21d02370df66e92],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [096e77ee85f71620b21d02370df66e92],
PUP.Optional.SupTab.A, C:\Program Files\SupTab, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin\image, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\en-US, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-419, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-ES, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-BE, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CA, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CH, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-FR, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-LU, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-CH, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-IT, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pl, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt-BR, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru-MO, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\tr-TR, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\vi-VI, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-CN, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-TW, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SimilarAddon.A, C:\Users\ju\AppData\Roaming\SimilarAddon, , [1c5bfb6a700c3afc6534053fae553cc4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector, , [f87ff17488f446f0f91c9da8bc47c13f],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\2.1.1000.14138, , [f87ff17488f446f0f91c9da8bc47c13f],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\Backup, , [f87ff17488f446f0f91c9da8bc47c13f],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\Logs, , [f87ff17488f446f0f91c9da8bc47c13f],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\Quarantine, , [f87ff17488f446f0f91c9da8bc47c13f],

Files: 117
PUP.Optional.SearchProtect, C:\Program Files\SupTab\Loader64.exe, , [71061b4a403c2a0c87ff796aa0617f81],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncbxnk.exe, , [3f38353088f4f83e2b23c846cb37aa56],
PUP.Optional.Bitcoin, C:\Windows\System32\acumnclnuw.exe, , [3d3a79ecff7d74c2db739a746e94619f],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncwimetp.exe, , [e88f3530e19b2313fd51b35bcd35f808],
Trojan.BitMiner, C:\Windows\System32\dcgmncbxnk.exe, , [44332144d3a944f291b8130c7d855ea2],
Trojan.BitMiner, C:\Windows\System32\dcgmnclnuw.exe, , [9ed9da8b2c505cda4306ab744ab8a35d],
Trojan.BitMiner, C:\Windows\System32\dcgmncwimetp.exe, , [d2a570f5b2ca50e62524aa75936fb54b],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncbxnk.exe, , [90e7c4a12e4e2412ed4980ac758ce31d],
PUP.BitCoinMiner, C:\Windows\System32\lcpmnclnuw.exe, , [6710b5b0fa82f5414ee81b11c73a827e],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncwimetp.exe, , [c9aea4c183f9f3430531ab81d92831cf],
HackTool.GamesCheat.Gen, C:\Users\ju\Downloads\RCH2.exe, , [a6d1362ff28a66d0379594f65fa62ed2],
PUP.Optional.GetPrivateVPN, C:\Users\ju\AppData\Roaming\GetPrivate\tasks.dll, , [eb8c9bcaafcdcb6b3c6492d0e71cce32],
PUP.Optional.GetPrivateVPN, C:\Users\ju\AppData\Roaming\GetPrivate\gp_upd.exe, , [eb8c9bcaafcdcb6b3c6492d0e71cce32],
PUP.Optional.GetPrivateVPN, C:\Program Files\GetPrivate\tasks.dll, , [9cdb75f090ec9b9b138e88da12f146ba],
PUP.Optional.GetPrivateVPN, C:\Windows\System32\Tasks\GPUP, , [93e45411fb81181e475b9dc5e51e46ba],
PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\Tasks\Advanced-System Protector_startup, , [492e7aebb2ca310536f71951e22118e8],
PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, , [a1d6c0a50d6f23131bb776f6fa09c33d],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [b9be84e1077575c10fae6a1c8a792cd4],
PUP.Optional.WebsSearches.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\webssearches.xml, , [126593d21864c670749099f4ef1439c7],
Trojan.Script, C:\Windows\System32\msduciil.vbe, , [52255312dba12e08f8ef485143c05aa6],
Trojan.Script, C:\Windows\System32\msgkqtbl.vbe, , [da9d75f079033df93fa8a3f63bc844bc],
Trojan.Script, C:\Windows\System32\msntqek.vbe, , [4f282c39760664d26a7d4059956e2bd5],
Trojan.Script, C:\Windows\System32\msshnis.vbe, , [0c6bda8b7dff3bfb9057cecbd033be42],
Malware.Trace, C:\Windows\inf\ntvdm.vbe, , [1562b9ac3e3e5bdb6b2910a0ac58e020],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [40375b0acab27fb75f36b1ff13f1f808],
PUP.Optional.OpenCandy, C:\Users\ju\AppData\Roaming\OpenCandy\082C586CB8A6450F9559199F6827DAA6\RealPlayer.exe, , [1067df86e9935ed88c7865bdc63d58a8],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\diablo130302.cl, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\diakgcn121016.cl, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\libcurl-4.dll, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\libeay32.dll, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\libidn-11.dll, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\librtmp.dll, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\libssh2.dll, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\mncftndi.exe, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\phatk121016.cl, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\poclbm130302.cl, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\scrypt130511.cl, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\ssleay32.dll, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\zlib1.dll, , [fd7a71f4d3a9999d96a551d3877ca858],
Trojan.Agent.BCM, C:\Windows\inf\mncftndi\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [fd7a71f4d3a9999d96a551d3877ca858],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, , [4c2bd392bac2ba7c6f0365d22fd4e31d],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-21[19-35-55-028].log, , [096e77ee85f71620b21d02370df66e92],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\ient.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\install.data, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\Loader32.exe, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\msvcp110.dll, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\msvcr110.dll, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin\bk_shadow.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin\btn.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin\close.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin\main.xml, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin\main.xml.bak, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin\image\ck_box.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin\image\ck_check.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin\image\radio_bk.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\skin\image\radio_check.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\data.html, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\indexIE.html, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\indexIE8.html, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\main.css, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\ver.txt, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\google_trends.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon128.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon16.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\icon48.png, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\loading.gif, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\img\logo32.ico, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\common.js, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\ga.js, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\jquery-1.11.0.min.js, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\jquery.autocomplete.js, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\js.js, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\library.js, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\xagainit-ie8.js, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\js\xagainit2.0.js, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\en-US\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-419\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\es-ES\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-BE\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CA\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-CH\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-FR\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\fr-LU\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-CH\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\it-IT\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pl\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\pt-BR\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\ru-MO\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\tr-TR\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\vi-VI\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-CN\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.SupTab.A, C:\Program Files\SupTab\web\_locales\zh-TW\messages.json, , [80f75510403c1b1bd308201ff80b0cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\AddonSafelist, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\log.xslt, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\completedatabase.db, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Cookies.bin, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\DigSign.bin, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\FilePathFIX.bin, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\FilePaths.bin, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\FileSignature.bin, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Folders.bin, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Md5.bin, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\Registry.bin, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\SetupSign.bin, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures\StrSetupSign.bin, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\100oupdate.zip, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\1997completedatabase.zip, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\updates\1998update.zip, , [d6a1194c0874f83e090c73d2d0330cf4],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\QDetail.db, , [f87ff17488f446f0f91c9da8bc47c13f],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\Settings.db, , [f87ff17488f446f0f91c9da8bc47c13f],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\Update.ini, , [f87ff17488f446f0f91c9da8bc47c13f],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\2.1.1000.14138\ASPLog.txt, , [f87ff17488f446f0f91c9da8bc47c13f],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\Logs\log_26-10-14_04-01-35.xml, , [f87ff17488f446f0f91c9da8bc47c13f],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\Logs\SMLog.xml, , [f87ff17488f446f0f91c9da8bc47c13f],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\ju\AppData\Roaming\Systweak\Advanced-System Protector\Quarantine\pup.annoy-rsk._qt_, , [f87ff17488f446f0f91c9da8bc47c13f],

Physical Sectors: 0
(No malicious items detected)

(end)

Příspěvekod **Orcus** » 21 pro 2014 20:15

AVG 2013 je poněkud starší verze. Aktualizuj na verzi 2015. Je to v rámci licence / free verze zdarma. :-)

Znovu spusť MbAM a dej Skenovat nyní
Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
Zkopíruj sem celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Aristoteles · Příspěvekod **Aristoteles** » 22 pro 2014 18:20

posielam dohodnuté výsledky kontrol

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : ju [Administrator]
Mode : Scan -- Date : 12/22/2014 18:05:23

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\PySolitaire -- "C:\Users\ju\Desktop\PySolitaire.exe" ("/logon") -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] joo2zrtn.default-1408478341201 : user_pref("browser.startup.homepage", "http://aktualne.sk/"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: OCZ-VERTEX2 ATA Device +++++
--- User ---
[MBR] 9af52515ec06d92472251bae349e26d0
[BSP] fad20b402cf69cf35dd70dfc32dbf971 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 57139 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] 763f73409e2afd89da0fbcc44bd88ba8
[BSP] 34527a27a5fc9f9df077db946f73712f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953866 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?iadavka nie je podporovaná. )

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Ultimate x86
Ran by ju on po 22. 12. 2014 at 17:33:46,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E3865AC7-4AD3-4B53-BCD2-B3607FEA740B}

~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"

~~~ FireFox

Successfully deleted the following from C:\Users\ju\AppData\Roaming\mozilla\firefox\profiles\joo2zrtn.default-1408478341201\prefs.js

user_pref("browser.newtab.url", "hxxp://www.globasearch.com/?serie=22&newtab");
Emptied folder: C:\Users\ju\AppData\Roaming\mozilla\firefox\profiles\joo2zrtn.default-1408478341201\minidumps [89 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 22. 12. 2014 at 17:43:09,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22. 12. 2014
Scan Time: 16:34:25
Logfile: MbamLog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.22.04
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: ju

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341545
Time Elapsed: 8 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

# AdwCleaner v4.106 - Report created 22/12/2014 at 16:48:41
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Live]
# Operating System : Windows 7 Ultimate (32 bits)
# Username : ju - MIREC
# Running from : C:\Users\ju\Downloads\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater3.2.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\SiteLookup
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Adina\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\ju\AppData\Local\genienext
Folder Deleted : C:\Users\ju\AppData\Local\Mobogenie
Folder Deleted : C:\Users\ju\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\ju\AppData\Roaming\Systweak
Folder Deleted : C:\Users\ju\Documents\Mobogenie
Folder Deleted : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\Extensions\adremoveext@adremoveext.net
Folder Deleted : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\Extensions\ascsurfingprotection@iobit.com
Folder Deleted : C:\Users\ju\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\ju\daemonprocess.txt
File Deleted : C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Scheduled Tasks ] *****

Task Deleted : advanced-System Protector_startup
Task Deleted : ASP
Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\ju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\ju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\ju\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\ju\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Tune
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tune
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Liveistream
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Mozilla Firefox v34.0.5 (x86 sk)

[joo2zrtn.default-1408478341201\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[joo2zrtn.default-1408478341201\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[joo2zrtn.default-1408478341201\prefs.js] - Line Deleted : user_pref("extensions.searchads.insertDomains", "{\"istart.webssearches.com\":2}");

-\\ Google Chrome v

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [9165 octets] - [21/12/2014 16:02:30]
AdwCleaner[R1].txt - [6790 octets] - [22/12/2014 16:46:40]
AdwCleaner[S0].txt - [7578 octets] - [22/12/2014 16:48:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7638 octets] ##########

Počas inštalácie AVG 2015 mi pri reštarte počítača opakovane asi 4x nabehol blue screen musel som to riešiť v núdzovom režime. Stávalo sa mi to občas aj predtým pri štate počítača alebo pri ukladaní súborov vo worde al exceli ašak max. raz potom už všetko šlapalo v poriadku. Pozeral som nastavenia a minidump mi neuložil žiadne správy o zlyhaní ale neviem v čom môže byť problém. Ďakujem za ochotu. :-)

Příspěvekod **jaro3** » 22 pro 2014 18:22

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Stáhni si Security Check by screen317 z některého odkazu
http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.

Aristoteles · Příspěvekod **Aristoteles** » 22 pro 2014 19:10

posielam logy :

Results of screen317's Security Check version 0.99.93
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
AVG Internet Security 2015
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG Web TuneUp
avg pc tuneup 2014 plna verze serial key cz.exe version for Windows
Java 7 Update 60
Java version 32-bit out of Date!
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
IObit IObit Malware Fighter IMFsrv.exe
IObit IObit Malware Fighter IMF.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : ju [Administrator]
Mode : Delete -- Date : 12/22/2014 18:37:26

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : www.google.com -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\PySolitaire -- "C:\Users\ju\Desktop\PySolitaire.exe" ("/logon") -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 4 ¤¤¤
[FIREFX:Addon] joo2zrtn.default-1408478341201 : HP Smart Web Printing [smartwebprinting@hp.com] -> Deleted
[FIREFX:Addon] joo2zrtn.default-1408478341201 : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Deleted
[FIREFX:Addon] joo2zrtn.default-1408478341201 : RealDownloader [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] -> Deleted
[PUM.HomePage][FIREFX:Config] joo2zrtn.default-1408478341201 : user_pref("browser.startup.homepage", "http://aktualne.sk/"); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: OCZ-VERTEX2 ATA Device +++++
--- User ---
[MBR] 9af52515ec06d92472251bae349e26d0
[BSP] fad20b402cf69cf35dd70dfc32dbf971 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 57139 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_12222014_180523.log - RKreport_SCN_12222014_

Zoek.exe v5.0.0.0 Updated 22-12-2014
Tool run by ju on po 22. 12. 2014 at 18:40:20,31.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ju\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22. 12. 2014 18:41:03 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Wise deleted successfully
C:\PROGRA~2\IDM deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Users\ju\AppData\Roaming\DMCache deleted successfully
C:\Users\ju\AppData\Roaming\HpUpdate deleted successfully
C:\Users\ju\AppData\Roaming\Philipp Winterberg deleted successfully
C:\Users\ju\AppData\Local\cache deleted successfully
C:\Users\ju\AppData\Local\GHISLER deleted successfully
C:\Users\ju\AppData\Local\KrosMeniny deleted successfully
C:\Users\ju\AppData\Local\MigWiz deleted successfully
C:\Users\ju\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1019906989-1979819465-4059662089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
HKEY_USERS\S-1-5-21-1019906989-1979819465-4059662089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{47FCB201-C887-43C6-A621-15B1C4ABC184} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\d7hpd32g.default\prefs.js:

Added to C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\d7hpd32g.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\prefs.js:
user_pref("browser.startup.homepage", "http://aktualne.sk/");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\prefs.js:

==== Deleting Files \ Folders ======================

C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\Users\ju\.android deleted
C:\Program Files\Internet Download Manager deleted
C:\Program Files\Liveistream deleted
C:\PROGRA~2\AVG Web TuneUp deleted
C:\PROGRA~2\ProductData deleted
C:\PROGRA~2\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Liveistream deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\Users\ju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Liveistream deleted
C:\Users\Adina\AppData\LocalLow\AVG Web TuneUp deleted
C:\Users\Adina\AppData\LocalLow\ADSRemoval deleted
C:\Users\ju\AppData\LocalLow\AVG Web TuneUp deleted
C:\Users\ju\AppData\LocalLow\ADSRemoval deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Web TuneUp deleted
C:\Windows\system32\sasnative32.exe deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
"C:\Program Files\AVG Web TuneUp\TBAPI.dll" deleted
"C:\Program Files\AVG Web TuneUp\TBAPI.dll" deleted
"C:\Program Files\AVG Web TuneUp" not deleted
"C:\Program Files\AVG Web TuneUp" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1DD9AC48-0855-4AE7-9934-159B4377FFA2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [29. 06. 2014 16:46]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [26. 11. 2013 17:11]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Adina\AppData\Roaming\Mozilla\Firefox\Profiles\d7hpd32g.default
- Undetermined - C:\Program Files\IObit Apps Toolbar\FF

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201
9860727E477F17B88E39AF8B69B0407A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
64C4ADE063A9C93D3BAE09922AD90C27 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
446BCAE59E26321802E000FC3E0C390A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
14D06C3796CE3F6BA8F43CDF3AD65D76 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U67
0A6E5E3BEF374AA2F47071E7374EAD7B - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.670.1
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
1095877EB57F51997A06BAAF2CB15FCF - c:\program files\real\realplayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
613D8C97363B21B20924FF21035E58EE - c:\program files\real\realplayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
06C0E62DE26FBC4F174A91F4B70C45F7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5 (32-bit)
D1041C1505FEDBBA27529AB1B57450B8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealPlayer Video Downloader for PepperFlash (32-bit)
D0D8A5784C6260EE1C1EA58A9576F652 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealPlayer Video Downloader (32-bit)

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\ju\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[10. 06. 2014 16:54]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} webssearches Url="http://www.globasearch.com/?serie=22&q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\ju\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\ju\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avg pc tuneup 2014 plna verze serial key cz.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Boost.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Deployer.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DriverBooster.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GameBooster.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbtray.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IObitCommunities.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lip.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MakeSFX.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NewUpdater.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\piso.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PowerISO.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Promote.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PWRISOVM.EXE deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rnxproc.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Scheduler.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpdateDB.exe deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrdhlp.exe deleted successfully

==== Empty IE Cache ======================

C:\Users\ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82G78VYV will be deleted at reboot
C:\Users\ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUX9Y678 will be deleted at reboot
C:\Users\ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPSDRDBY will be deleted at reboot
C:\Users\ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\ju\AppData\Local\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\ju\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=315 folders=110 76201542 bytes)

==== Empty Temp Folders ======================

C:\Users\Adina\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\ju\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ju\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Program Files\AVG Web TuneUp" not found
"C:\Program Files\AVG Web TuneUp" not found
"C:\Users\ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\82G78VYV" not found
"C:\Users\ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUX9Y678" not found
"C:\Users\ju\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPSDRDBY" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on po 22. 12. 2014 at 19:01:42,45 ======================

Příspěvekod **jaro3** » 23 pro 2014 09:38

Aktualizuj javu:
[url= http://www.oracle.com/technetwork/java/ ... 33155.html
]Java SE Runtime Environment 8[/url]

Doinstaluj si SP1.

Vlož nový log z HJT + info o problémech.

Aristoteles · Příspěvekod **Aristoteles** » 23 pro 2014 17:35

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:28:22, on 23. 12. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)

FIREFOX: 34.0.5 (x86 sk)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Skype\Phone\Skype.exe
E:\Dokumenty\Programy\Meniny.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Dokumenty\Programy\Čistace programy na PC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [KrosMeniny] E:\Dokumenty\Programy\Meniny.exe
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files\Atheros\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe

--
End of file - 7264 bytes

Naskočil mi 2x blue screen avšak netuším včom môže byť problém

Příspěvekod **jaro3** » 23 pro 2014 19:04

Odinstaluj:
Malware Fighter
Advanced SystemCare 7

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Aristoteles · Příspěvekod **Aristoteles** » 23 pro 2014 19:49

posielam log - dik

ComboFix 14-12-23.01 - ju . 12. 2014 19:34:38.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.2989.2000 [GMT 1:00]
Running from: C:\Users\ju\Desktop\ComboFix.exe
AV: AVG Internet Security 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Internet Security 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Windows\msxml4-KB954430-enu.LOG
C:\Windows\msxml4-KB973688-enu.LOG

((((((((((((((((((((((((( Files Created from 2014-11-23 to 2014-12-23 )))))))))))))))))))))))))))))))

2014-12-23 15:55:02 . 2013-01-13 19:53:14 187392 ----a-w- C:\Windows\system32\UIAnimation.dll
2014-12-23 15:53:57 . 2014-12-23 15:53:57 41088 ----a-w- C:\Windows\system32\drivers\HECI.sys
2014-12-23 15:53:46 . 2014-12-23 15:53:46 -------- d-----w- C:\Program Files\Synaptics
2014-12-23 15:53:42 . 2014-12-23 15:53:42 28656 ----a-w- C:\Windows\system32\drivers\Smb_driver_Intel.sys
2014-12-23 15:53:27 . 2014-12-23 15:53:27 84480 ----a-w- C:\Windows\system32\DelayAPO.dll
2014-12-23 15:53:27 . 2014-12-23 15:53:27 77824 ----a-w- C:\Windows\system32\drivers\AtihdW73.sys
2014-12-23 15:53:10 . 2014-12-23 15:53:10 36616 ----a-w- C:\Windows\system32\drivers\btcusb.sys
2014-12-23 15:53:10 . 2014-12-23 15:53:10 19464 ----a-w- C:\Windows\system32\btinstall.dll
2014-12-23 15:49:25 . 2014-12-23 15:49:25 23840 ----a-w- C:\Windows\system32\drivers\HWiNFO32.SYS
2014-12-23 15:36:40 . 2014-12-23 15:36:41 -------- d-----w- C:\Windows\system32\SPReview
2014-12-23 15:35:51 . 2014-12-23 15:35:52 -------- d-----w- C:\Windows\system32\EventProviders
2014-12-23 15:35:46 . 2014-12-23 15:35:46 -------- d-----w- C:\Program Files\MSXML 4.0
2014-12-23 15:31:59 . 2010-11-20 12:21:39 21504 ----a-w- C:\Windows\system32\wsdchngr.dll
2014-12-23 15:25:54 . 2014-12-23 15:25:54 -------- d-----w- C:\Program Files\Common Files\Java
2014-12-23 15:24:54 . 2014-12-23 15:29:36 -------- d-----w- C:\ProgramData\Oracle
2014-12-23 09:51:49 . 2014-12-23 09:51:49 -------- d-----w- C:\Users\ju\AppData\Local\KrosMeniny
2014-12-22 17:59:12 . 2014-12-22 17:40:15 24064 ----a-w- C:\Windows\zoek-delete.exe
2014-12-22 17:40:16 . 2014-12-22 18:01:25 -------- d-----w- C:\zoek_backup
2014-12-22 16:48:15 . 2014-12-22 16:51:50 35064 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
2014-12-22 16:48:12 . 2014-12-22 16:48:14 -------- d-----w- C:\ProgramData\RogueKiller
2014-12-22 16:33:45 . 2014-12-22 16:33:45 -------- d-----w- C:\Windows\ERUNT
2014-12-22 15:30:24 . 2014-12-22 15:30:24 -------- d-----w- C:\Users\ju\AppData\Roaming\AVG2015
2014-12-22 15:29:48 . 2014-12-22 19:38:45 -------- d-----w- C:\ProgramData\AVG2015
2014-12-21 15:09:35 . 2014-12-22 15:34:25 114904 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-12-21 15:09:00 . 2014-12-21 15:09:02 -------- d-----w- C:\Program Files\Malwarebytes Anti-Malware
2014-12-21 15:09:00 . 2014-12-21 15:09:00 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-21 15:09:00 . 2014-11-21 05:14:20 51928 ----a-w- C:\Windows\system32\drivers\mwac.sys
2014-12-21 15:09:00 . 2014-11-21 05:14:10 75480 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2014-12-21 15:09:00 . 2014-11-21 05:14:06 23256 ----a-w- C:\Windows\system32\drivers\mbam.sys
2014-12-21 15:00:52 . 2014-12-22 15:48:50 -------- d-----w- C:\AdwCleaner
2014-12-20 14:09:22 . 2014-12-20 14:11:26 -------- d-----w- C:\Windows\system32\MRT
2014-12-20 14:08:05 . 2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2014-12-20 14:08:04 . 2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\system32\ntoskrnl.exe
2014-12-20 14:08:02 . 2011-04-09 05:56:38 123904 ----a-w- C:\Windows\system32\poqexec.exe
2014-12-20 14:08:02 . 2010-12-17 07:07:55 542208 ----a-w- C:\Windows\system32\kerberos.dll
2014-12-20 14:04:09 . 2012-06-02 22:19:33 53784 ----a-w- C:\Windows\system32\wuauclt.exe
2014-12-20 14:04:09 . 2012-06-02 22:19:33 45080 ----a-w- C:\Windows\system32\wups2.dll
2014-12-20 14:04:09 . 2012-06-02 22:19:17 1933848 ----a-w- C:\Windows\system32\wuaueng.dll
2014-12-20 14:04:09 . 2012-06-02 22:12:32 2422272 ----a-w- C:\Windows\system32\wucltux.dll
2014-12-20 14:04:04 . 2012-06-02 22:19:32 35864 ----a-w- C:\Windows\system32\wups.dll
2014-12-20 14:04:04 . 2012-06-02 22:19:23 577048 ----a-w- C:\Windows\system32\wuapi.dll
2014-12-20 14:04:04 . 2012-06-02 22:12:13 88576 ----a-w- C:\Windows\system32\wudriver.dll
2014-12-20 14:04:02 . 2012-06-02 14:19:42 171904 ----a-w- C:\Windows\system32\wuwebv.dll
2014-12-20 14:04:02 . 2012-06-02 14:12:20 33792 ----a-w- C:\Windows\system32\wuapp.exe
2014-12-20 13:49:35 . 2014-12-20 13:49:46 -------- d-----w- C:\Program Files\CrystalDiskInfo
2014-12-16 15:10:52 . 2014-12-16 17:10:04 -------- d-----w- C:\tomáš
2014-12-08 20:25:06 . 2014-12-08 20:25:06 208152 ----a-w- C:\Windows\system32\drivers\avgidsdriverx.sys
2014-12-02 12:03:59 . 2014-12-02 12:03:59 -------- d-----w- C:\Users\Adina\AppData\Roaming\RealNetworks
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2014-12-23 15:54:21 . 2013-11-28 21:32:30 71344 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-23 15:54:21 . 2013-11-28 21:32:30 701616 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2014-12-23 15:52:47 . 2010-01-22 07:39:28 4077568 ----a-w- C:\Windows\system32\atiumdag.dll
2014-12-23 15:52:47 . 2010-01-22 07:29:36 52736 ----a-w- C:\Windows\system32\coinst.dll
2014-12-23 15:52:47 . 2010-01-22 07:21:18 3460096 ----a-w- C:\Windows\system32\atiumdva.dll
2014-12-23 15:52:47 . 2010-01-22 07:07:18 30720 ----a-w- C:\Windows\system32\atiuxpag.dll
2014-12-23 15:52:47 . 2010-01-22 07:07:04 28672 ----a-w- C:\Windows\system32\atiu9pag.dll
2014-12-23 15:52:46 . 2010-01-22 08:01:30 380928 ----a-w- C:\Windows\system32\atieclxx.exe
2014-12-23 15:52:46 . 2010-01-22 08:01:00 176128 ----a-w- C:\Windows\system32\atiesrxx.exe
2014-12-23 15:52:46 . 2010-01-22 07:56:04 3953152 ----a-w- C:\Windows\system32\atidxx32.dll
2014-12-23 15:52:46 . 2010-01-22 07:48:26 536576 ----a-w- C:\Windows\system32\aticfx32.dll
2014-12-23 15:52:46 . 2010-01-22 07:08:24 241664 ----a-w- C:\Windows\system32\atiadlxx.dll
2014-12-23 15:42:01 . 2009-07-14 02:05:42 152576 ----a-w- C:\Windows\system32\msclmd.dll
2014-12-23 15:28:59 . 2014-08-15 14:38:52 96680 ----a-w- C:\Windows\system32\WindowsAccessBridge.dll
2014-12-12 13:49:41 . 2014-03-27 07:55:24 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2014-12-12 13:49:37 . 2014-03-25 20:18:37 458064 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-12-10 09:51:29 . 2014-03-25 20:18:40 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-11-18 20:41:58 . 2014-11-18 20:41:58 154904 ----a-w- C:\Windows\system32\drivers\avgidshx.sys
2014-11-03 12:08:06 . 2014-03-27 07:55:20 458064 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-10-10 14:13:58 . 2014-10-10 14:13:58 200984 ----a-w- C:\Windows\system32\drivers\avgtdix.sys
2014-10-05 19:42:06 . 2014-10-05 19:42:06 98584 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2014-12-03 11:16:40 30878816]
"KrosMeniny"="E:\Dokumenty\Programy\Meniny.exe" [2010-02-21 20:13:55 1420288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe" [2014-12-18 08:51:14 3667472]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2014-12-03 11:16:40 30878816]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2010-04-12 08:40:16 180224]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2014-06-29 15:45:37 296520]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 12:17:41 1174016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-20 12:17:41 1174016]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 795936]
RealPlayer Cloud Service UI.lnk - C:\Program Files\Real\RealPlayer\RPDS\Bin\rpsystray.exe [2014-6-29 822880]
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe /f=srs_premium_sound_nopreset.zip /h [2013-11-25 156952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files\AVG\AVG2015\avgidsagent.exe [2014-12-18 08:54:30 3432976]
R2 LiveUpdateSvc;LiveUpdate;C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2014-08-19 14:09:48 2282272]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys [2010-06-07 10:08:52 37224]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys [2010-06-07 10:08:52 256360]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys [2010-06-07 10:08:54 177704]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys [2010-06-07 10:08:54 46952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys [2010-06-07 10:08:54 143080]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 14:32:50 29472]
R3 cpuz138;cpuz138;C:\Users\ju\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;C:\Windows\system32\DRIVERS\JME.sys [2014-01-12 12:38:04 125456]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 10:21:14 15872]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 10:24:41 52224]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 05:08:46 14416]
S0 AVGIDSHX;AVGIDSHX;C:\Windows\system32\DRIVERS\avgidshx.sys [2014-11-18 20:41:58 154904]
S0 Avglogx;AVG Logging Driver;C:\Windows\system32\DRIVERS\avglogx.sys [2014-07-18 13:55:24 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 19:03:36 27416]
S0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 08:40:32 18624]
S1 Avgdiskx;AVG Disk Driver;C:\Windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 19:03:34 121624]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2014-12-08 20:25:06 208152]
S1 AVGIDSShim;AVGIDSShim;C:\Windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 19:03:34 21272]
S1 Avgldx86;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx86.sys [2014-08-28 19:43:36 192792]
S1 Avgtdix;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdix.sys [2014-10-10 14:13:58 200984]
S1 avgtp;avgtp;C:\Windows\system32\drivers\avgtpx86.sys [2014-08-30 09:39:14 42784]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\system32\drivers\HWiNFO32.SYS [2014-12-23 15:49:25 23840]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2014-12-23 15:52:46 176128]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files\Atheros\Ath_CoexAgent.exe [2010-05-24 15:44:48 151552]
S2 AtherosSvc;AtherosSvc;C:\Program Files\Atheros\Bluetooth Suite\adminservice.exe [2010-06-07 13:24:28 38560]
S2 avgwd;AVG WatchDog;C:\Program Files\AVG\AVG2015\avgwdsvc.exe [2014-12-18 08:45:26 298080]
S2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 16:21:46 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 16:21:06 1767520]
S2 PfFilter;PfFilter;C:\Program Files\IObit\Protected Folder\pffilter.sys [2013-04-03 15:22:42 34336]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-06-10 15:50:38 39568]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [2014-06-29 15:45:53 1141848]
S2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-06-10 20:03:38 23552]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW73.sys [2014-12-23 15:53:27 77824]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys [2010-06-07 10:08:52 28200]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 16:23:38 94208]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2014-12-23 15:52:14 148720]
S3 SmbDrvI;SmbDrvI;C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-12-23 15:53:42 28656]
S3 SPUVCbv;SPUVCb Driver Service;C:\Windows\system32\Drivers\SPUVCbv.sys [2014-01-12 12:38:15 2351944]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2014-12-23 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-28 21:32:30 . 2014-12-23 15:54:21]

2014-12-22 C:\Windows\Tasks\ReclaimerUpdateFiles_ju.job
- C:\Users\ju\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-04 14:05:00 . 2014-12-04 14:04:59]

2014-12-23 C:\Windows\Tasks\ReclaimerUpdateXML_ju.job
- C:\Users\ju\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-04 14:05:00 . 2014-12-04 14:04:59]

2014-12-23 C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_ju.job
- C:\Users\ju\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-12-04 14:05:00 . 2014-12-04 14:04:59]

------- Supplementary Scan -------

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\ju\AppData\Roaming\Mozilla\Firefox\Profiles\joo2zrtn.default-1408478341201\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aktualne.sk/

- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-vProt - C:\Program Files\AVG Web TuneUp\vprot.exe
MSConfigStartUp-IObit Malware Fighter - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
AddRemove-AVG Web TuneUp - C:\Program Files\AVG Web TuneUp\UNINSTALL.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe

Příspěvekod **jaro3** » 24 pro 2014 09:27

Log není celý!

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Preventívna kontrola Vyřešeno

Preventívna kontrola

Re: Preventívna kontrola

Re: Preventívna kontrola

Re: Preventívna kontrola

Re: Preventívna kontrola

Re: Preventívna kontrola

Re: Preventívna kontrola

Re: Preventívna kontrola

Re: Preventívna kontrola

Re: Preventívna kontrola

Re: Preventívna kontrola

Re: Preventívna kontrola

Kdo je online