Prosím o kontrolu - PC hlásí opakovaně málo místa na disku Vyřešeno

[martinb01]

Ahoj,potřebuji poradit.
Počítač mi začal hlásit,že mám málo místa na disku C. Bylo to divné,jelikož tam bylo vždy místa dost (cca 20 Gb),ale najednou tam bylo 118 Mb.
PC jsem pročistil,spoustu souborů(filmy,fotky...) vyházel a bylo opět kolem 20 Gb. Během dvou dnů opět hlásí,že je málo místa na disku a opět je tam volných 100 Mb...
Poradíte čím by to mohlo být? Čím se ten disk zaplňuje? Nic jsem nestahoval.
Děkuji.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:27:34, on 26.1.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16599)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\fsc-reg\fscreg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Martin\Downloads\hijackthis (1).exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GTGMOUSE] "C:\Program Files\FSC\LASER MOUSE\1.0\GTGMouse.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20100425
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.mojebanka.cz
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 5037494029
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2360775890
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 6015 bytes

[Reklama]

[heavyblack1]

Měl jsem stejný problém
Vymaž si temp
win7
https://www.youtube.com/watch?v=9qnb-ml3KTo
a spusť ccleaner a vyčisti prohlížeče
Nevím jesti je to i tvůj případ z toho logo jem akorát zjistil co máž zaplý ne co zabírá kolik místa.
Nejsem odborník na vypisy ale to nebude ten pravý výpis související z tvým problémem
myslím že bys měl vyzkoušet :
http://technet.idnes.cz/vycisteni-disku ... ftware_dvr

[Pic]

To heavyblack1 - Jsi v sekci, kde mají oprávnění radit jen členové týmu. Takže porušuješ pravidla tohoto fóra.

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[martinb01]

# AdwCleaner v4.109 - Report created 27/01/2015 at 10:56:56
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Martin - HOME
# Running from : C:\Users\Martin\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files\Uninstall.exe
File Found : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
File Found : C:\Users\Public\Desktop\driverscanner.lnk
File Found : C:\Windows\Reimage.ini
Folder Found : C:\Program Files\AskPartnerNetwork
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\Program Files\SearchPredict
Folder Found : C:\Program Files\Uniblue
Folder Found : C:\Program Files\Uniblue\DriverScanner
Folder Found : C:\Program Files\Uniblue\SpeedUpMyPC
Folder Found : C:\Program Files\Zrychleni Pocitace
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Found : C:\Users\Martin\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Martin\AppData\Local\OpenCandy
Folder Found : C:\Users\Martin\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Martin\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Martin\AppData\Roaming\Uniblue
Folder Found : C:\Users\Martin\AppData\Roaming\Uniblue\DriverScanner

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\CToolbar
Key Found : HKCU\Software\ICQToolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FAE862E3-E3C7-4fbe-BBCD-93E3637B6C09}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1500}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Uniblue
Key Found : HKCU\Software\Uniblue\DriverScanner
Key Found : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
Key Found : HKLM\SOFTWARE\Classes\ctbcommon.Buttons
Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Client
Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Script
Key Found : HKLM\SOFTWARE\Classes\CToolbar.TB4Server
Key Found : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
Key Found : HKLM\SOFTWARE\CToolbar
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Key Found : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
Key Found : HKLM\SOFTWARE\Uniblue\SpeedUpMyPC
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v

[77cajyaj.default] - Line Found : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[77cajyaj.default] - Line Found : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[77cajyaj.default] - Line Found : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[77cajyaj.default] - Line Found : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID");
[77cajyaj.default] - Line Found : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
[77cajyaj.default] - Line Found : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB_TOOLBAR_ID");
[77cajyaj.default] - Line Found : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[77cajyaj.default] - Line Found : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[77cajyaj.default] - Line Found : user_pref("CT2438727.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchType=ToolbarComponents");
[77cajyaj.default] - Line Found : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[77cajyaj.default] - Line Found : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Mar 03 2010 12:02:31 GMT+0100");
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.locale", "en");
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Mar 03 2010 12:02:30 GMT+0100");
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
[77cajyaj.default] - Line Found : user_pref("CommunityToolbar.alert.userId", "{bea1dddc-0a7d-4534-bb62-7527e119f095}");
[77cajyaj.default] - Line Found : user_pref("keyword.URL", "hxxp://www.ask.com/web?&o=13795&l=dis&q=");
[77cajyaj.default] - Line Found : user_pref("browser.startup.homepage","hxxp://www.ask.com/web?&o=13799&l=dis&q=");
[77cajyaj.default] - Line Found : user_pref("keyword.URL", "hxxp://www.ask.com/web?&o=13795&l=dis&q=");
[77cajyaj.default] - Line Found : user_pref("browser.startup.homepage","hxxp://www.ask.com/web?&o=13799&l=dis&q=");

-\\ Google Chrome v40.0.2214.93

[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.crawler.com/search/dispatche ... p=aus&qkw={searchTerms}&tbid=60308
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.daemon-search.com/search/web?q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

*************************

AdwCleaner[R0].txt - [10360 octets] - [27/01/2015 10:56:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10421 octets] ##########

[martinb01]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27.1.2015
Scan Time: 11:11:44
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.27.05
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Martin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357078
Time Elapsed: 13 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.MyFreeze.A, HKLM\SOFTWARE\Freeze.com, , [045d42baff8a6cca80ea136d8f7414ec],
PUP.Optional.SearchApp.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaaaiabcopkplhgaedhbloeejhhankf, , [acb54bb16f1aae888f9ebdd224dfc13f],

Registry Values: 1
PUP.Optional.SearchPredict.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchpredict@speedbit.com, , [253c6993daaff73f7313443b7192ee12],

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy, , [ca97887409800c2ab6048fb2f60db64a],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\OpenCandy_B6335AB326D8432095DB6180DEC4AA60, , [ca97887409800c2ab6048fb2f60db64a],
PUP.Optional.SearchPredict.A, C:\Program Files\SEARCHPREDICT, , [08596597c0c972c450fa264ee61d9d63],
PUP.Optional.SearchPredict.A, C:\Program Files\SEARCHPREDICT\Chrome, , [08596597c0c972c450fa264ee61d9d63],

Files: 8
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\OpenCandy_B6335AB326D8432095DB6180DEC4AA60\LatestDLMgr.exe, , [f76ad923addc0b2b56b17e4f56afed13],
Keylogger.KeyProwler, C:\Users\Martin\AppData\Roaming\{8A8D5546-D293-4474-93CC-3BFF7A2CEB58}\KeyProwler Keylogger.msi, , [4a1751ab2d5c5bdbb4a0ab5b27d9659b],
PUP.Optional.OpenCandy, C:\Users\Martin\Desktop\KMPlayer_EN_3.1.0.0_R2.exe, , [0b5614e8ccbd95a16a9d29a464a1758b],
Keylogger.KeyProwler, C:\Windows\Installer\13a36783.msi, , [a9b8f10bbbce83b33f157690936d02fe],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\OpenCandy_B6335AB326D8432095DB6180DEC4AA60\1763.ico, , [ca97887409800c2ab6048fb2f60db64a],
PUP.Optional.OpenCandy, C:\Users\Martin\AppData\Roaming\OpenCandy\OpenCandy_B6335AB326D8432095DB6180DEC4AA60\RealPlayer_p1v2.exe, , [ca97887409800c2ab6048fb2f60db64a],
PUP.Optional.SearchPredict.A, C:\Program Files\SearchPredict\Chrome\SearchPredictChrome.crx, , [08596597c0c972c450fa264ee61d9d63],
PUP.Optional.Conduit.A, C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\77cajyaj.default\prefs.js, Good: (), Bad: (user_pref("CT2438727.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");), ,[1b46c5373d4cec4a9bd3c51dbe47ac54]

Physical Sectors: 0
(No malicious items detected)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[martinb01]

# AdwCleaner v4.109 - Report created 27/01/2015 at 20:52:08
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Martin - HOME
# Running from : C:\Users\Martin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\SearchPredict
Folder Deleted : C:\Program Files\Uniblue
Folder Deleted : C:\Program Files\Zrychleni Pocitace
Folder Deleted : C:\Users\Martin\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Martin\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Martin\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Martin\AppData\Roaming\Uniblue
File Deleted : C:\Users\Public\Desktop\driverscanner.lnk
File Deleted : C:\Program Files\Uninstall.exe
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\ctbcommon.Buttons
Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Client
Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Script
Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Server
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FAE862E3-E3C7-4fbe-BBCD-93E3637B6C09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\CToolbar
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F524A2D-5350-4500-76A7-A758B70C1500}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v

[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.SearchEngine", "Searchhxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://hosting.conduit-services.com/newtab/?ctid=EB_TOOLBAR_ID");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://search.conduit.com/Results.aspx?q=SEARCH_TERM&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&SearchType=ToolbarComponents");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Mar 03 2010 12:02:31 GMT+0100");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Mar 03 2010 12:02:30 GMT+0100");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.userId", "{bea1dddc-0a7d-4534-bb62-7527e119f095}");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://www.ask.com/web?&o=13795&l=dis&q=");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage","hxxp://www.ask.com/web?&o=13799&l=dis&q=");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://www.ask.com/web?&o=13795&l=dis&q=");
[77cajyaj.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage","hxxp://www.ask.com/web?&o=13799&l=dis&q=");

-\\ Google Chrome v40.0.2214.93

[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.crawler.com/search/dispatche ... p=aus&qkw={searchTerms}&tbid=60308
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search/web?q={searchTerms}
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

*************************

AdwCleaner[R0].txt - [10502 octets] - [27/01/2015 10:56:56]
AdwCleaner[R1].txt - [10563 octets] - [27/01/2015 11:36:06]
AdwCleaner[R2].txt - [10624 octets] - [27/01/2015 20:47:13]
AdwCleaner[S0].txt - [10620 octets] - [27/01/2015 20:52:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10681 octets] ##########

[martinb01]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Martin on Łt 27.01.2015 at 21:03:52,74
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1406a281-7501-4636-8d93-520bfd79b532}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4ef9-920C-5F2848A5AF26}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 27.01.2015 at 21:06:47,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[martinb01]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27.1.2015
Scan Time: 21:18:48
Logfile: Mbam - scan.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.27.09
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Martin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357275
Time Elapsed: 13 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Keylogger.KeyProwler, C:\Users\Martin\AppData\Roaming\{8A8D5546-D293-4474-93CC-3BFF7A2CEB58}\KeyProwler Keylogger.msi, Quarantined, [5c09bf3d573255e1f0649274986844bc],
PUP.Optional.OpenCandy, C:\Users\Martin\Desktop\KMPlayer_EN_3.1.0.0_R2.exe, Quarantined, [0560b04c9eeb6ccaaf45d8f56d98fa06],
Keylogger.KeyProwler, C:\Windows\Installer\13a36783.msi, Quarantined, [c2a317e53653072f3222709652ae2fd1],

Physical Sectors: 0
(No malicious items detected)


(end)

[martinb01]

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : Martin [Práva správce]
Mód : Prohledat -- Datum : 01/27/2015 21:56:32

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 18 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Skytel : Skytel.exe -> Nalezeno
[Suspicious.Path] HKEY_USERS\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Run | fsc-reg : C:\ProgramData\fsc-reg\fscreg.exe 20100425 -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dmhkrm (System32\drivers\bpwc.sys) -> Nalezeno
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{882498C6-53A3-4545-B910-58434356C432} | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{882498C6-53A3-4545-B910-58434356C432} | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{882498C6-53A3-4545-B910-58434356C432} | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{882498C6-53A3-4545-B910-58434356C432} | DhcpNameServer : 213.46.172.36 213.46.172.37 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2273070986-1392902156-3200417566-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 14 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\CLASSPNP.SYS - IRP_MJ_CREATE[0] : Unknown @ 0x850981e8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\CLASSPNP.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0x850981e8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\CLASSPNP.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x850981e8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\CLASSPNP.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x850981e8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\CLASSPNP.SYS - IRP_MJ_POWER[22] : Unknown @ 0x850981e8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\CLASSPNP.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x850981e8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\CLASSPNP.SYS - IRP_MJ_PNP[27] : Unknown @ 0x850981e8
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\disk @ \Device\Harddisk5\DR5 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\disk @ \Device\Harddisk4\DR4 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\disk @ \Device\Harddisk3\DR3 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\disk @ \Device\Harddisk2\DR2 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\disk @ \Device\Harddisk1\DR1 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)
[Filter(Kernel.Filter)] \Driver\disk @ \Device\Harddisk0\DR0 : \Driver\partmgr @ Unknown (\SystemRoot\System32\DRIVERS\avgarkt.sys)

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 77cajyaj.default : user_pref("browser.startup.homepage", "http://www.gazeta.pl/0,0.html?p=170"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-07YGA0 ATA Device +++++
--- User ---
[MBR] 10a92f914d3f2c25fadfb11b49b38d58
[BSP] f28b6ad02e1ae9cf774ee963a0dbd703 : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24578048 | Size: 310627 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 660742144 | Size: 154311 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic 2.0 Reader -0 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic 2.0 Reader -1 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic 2.0 Reader -2 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic 2.0 Reader -3 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic 2.0 Reader -4 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

[martinb01]

Tak je to tu vše.