Podezřelé chování PC

Wayshan · Příspěvekod **Wayshan** » 24 bře 2015 18:27

Zdravím, už pár dní řeším několik problémů: 1) čas od času (nepřišel jsem na to, jestli se jedná o časový interval, nebo to něco spouští) začne klávesnice sama od sebe psát tuto větu: "Nice :) Thank youuuuuu" (u je mačkáno stále dokolečka, dokud nezmáčknu jakoukoliv jinou klávesu). Pokud zrovna nemám kurzor v nějakém textovém poli (chat, textový dokument), stejně se akce "provede". Například pokud jsem na ploše, začne to vybírat ikony anebo složky, které začínají na písmena N, I, C, E, T, H, A ... snad je to jasné.
2) Klávesa delete začala pracovat jako "otevřít". Když kliknu na ikonu, obrázek, cokoliv a zmáčknu delete, tak se daná věc namísto smazání otevře.

Nevím jestli spolu tyto dvě věci souvisí a jestli se jedná o vir nebo o něco jiného, ale stalo se mi to poprvé a na netu se mi nepodařilo dohledat kohokoliv jiného s tímto problémem. Dvojí test Avastu (rychlý i důkladný) neodhalili nic než jednoho trojana, kterého jsem smazal a problém se nevyřešil. Prosím o jakoukoliv pomoc případně odkázání na správné lidi/sekci.
Díky za Váš čas!

Dokládám log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:56, on 24.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)

Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Winamp\winamp.exe
C:\Users\uzivatel\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=co ... 237189&ir=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (file missing)
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [TQ566808] "D:\Setup.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AirDroid 3] C:\Program Files\AirDroid\AirDroid.exe /start
O4 - HKCU\..\Run: [SkypeVoiceChanger] C:\Program Files\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe /auto
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1427175724
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate1ca646f683b9d3e) (gupdate1ca646f683b9d3e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files\Origin\OriginClientService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 10842 bytes

Reklama

Příspěvekod **jaro3** » 25 bře 2015 08:38

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Wayshan · Příspěvekod **Wayshan** » 25 bře 2015 19:52

ADV CLEANER:
# AdwCleaner v4.113 - Logfile created 25/03/2015 at 18:53:51
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : uzivatel - UZIVATEL-PC
# Running from : C:\Users\uzivatel\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\user.js
File Found : C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
File Found : C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
File Found : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
File Found : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Found : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
File Found : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
File Found : C:\Users\uzivatel\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\user.js
File Found : C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Found : C:\Windows\system32\roboot.exe
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\Program Files\Winamp Toolbar
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Save
Folder Found : C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Folder Found : C:\Users\Madlenka\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Madlenka\AppData\LocalLow\Conduit
Folder Found : C:\Users\Madlenka\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Madlenka\AppData\LocalLow\Mysearchdial
Folder Found : C:\Users\uzivatel\AppData\Local\eSupport.com
Folder Found : C:\Users\uzivatel\AppData\LocalLow\Conduit
Folder Found : C:\Users\uzivatel\AppData\LocalLow\Mysearchdial
Folder Found : C:\Users\uzivatel\AppData\Roaming\Babylon
Folder Found : C:\Users\uzivatel\AppData\Roaming\goforfiles
Folder Found : C:\Users\uzivatel\AppData\Roaming\Solvusoft

***** [ Scheduled tasks ] *****

Task Found : GoforFilesUpdate

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\85388d1b73aeb48
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\dt soft\daemon tools toolbar
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\GoforFiles
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\mysearchdial
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StormWatchApp
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\85388d1b73aeb48
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{13C8734A-1AD2-4500-9F65-10D99AD80F54}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\Iminent.MMServer.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{01BB6254-5E89-4C53-BEF1-4D1656B09B86}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A93B530D-2B18-48C7-9F3C-281679403372}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Found : HKLM\SOFTWARE\Classes\IminentMMServer.ACPlayer
Key Found : HKLM\SOFTWARE\Classes\IminentMMServer.ACPlayer.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.Web2IMBHandler
Key Found : HKLM\SOFTWARE\Classes\IminentWebBooster.Web2IMBHandler.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{425F621C-217C-40AD-B22F-4EFCFF452800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Found : HKLM\SOFTWARE\GoforFiles
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=co ... 237189&ir=

-\\ Mozilla Firefox v

[extensions] - Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[extensions] - Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v41.0.2272.101

[C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ- ... =&crxv=&q={searchTerms}
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_170513_18210&babsrc=SP_ss&mntrId=CEF8647002263EC6
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=119816&tt=gc_170513_18210&babsrc=SP_ss_gin2g&mntrId=CEF8647002263EC6
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=119816&tt=gc_170513_18210&babsrc=SP_ss_gin2g&mntrId=CEF8647002263EC6
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0Azy0B0F0FtAyCyBzytN0D0Tzu0CyDtCtBtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=2029237189&ir=
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ- ... =&crxv=&q={searchTerms}
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.iminent.com/?appId=000000 ... toolbox&q={searchTerms}
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
*************************

AdwCleaner[R0].txt - [14450 bytes] - [25/03/2015 18:53:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14510 bytes] ##########

Malware bytes zřejmě nefunguje. Postupoval jsem podle návodu, sken se celý úspěšně provede, ale jakmile dojde na "heuristickou analýzu" program přestane pracovat.

Příspěvekod **jaro3** » 26 bře 2015 09:29

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Wayshan · Příspěvekod **Wayshan** » 26 bře 2015 21:55

Adw cleaner normálně fungoval. JRT napřed hodil error hlášku: "could not everwrite file: "C:/Users/uzivatel/Local/Temp/jrt/NIRCMD.DAT" Přístup byl odepřen. (viz přílohy) Tak jsem přes správce úloh ten proces ukončil a spustil Adw, pak už to šlo.
MbAM opět sken nedokončil a přestal pracovat. RogueKiller jsem ani nespouštěl. Mohlo by to být zaplým Windows Defenderem?

Logy:

ADW CLEANER:

# AdwCleaner v4.113 - Logfile created 26/03/2015 at 20:45:24
# Updated 22/03/2015 by Xplode
# Database : 2015-03-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : uzivatel - UZIVATEL-PC
# Running from : C:\Users\uzivatel\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Save
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\Winamp Toolbar
Folder Deleted : C:\Users\Madlenka\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Madlenka\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Madlenka\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Madlenka\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\uzivatel\AppData\Local\eSupport.com
Folder Deleted : C:\Users\uzivatel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\uzivatel\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\Babylon
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\uzivatel\AppData\Roaming\Solvusoft
Folder Deleted : C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\uzivatel\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\user.js
File Deleted : C:\Program Files\Mozilla Firefox\user.js
File Deleted : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
File Deleted : C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
File Deleted : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\bprotector web data
File Deleted : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
File Deleted : C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : GoforFilesUpdate

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft\Heroes of Might & Magic V - Hammers of Fate\Registrovat hru.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.MMServer.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentMMServer.ACPlayer
Key Deleted : HKLM\SOFTWARE\Classes\IminentMMServer.ACPlayer.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.Web2IMBHandler
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.Web2IMBHandler.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\85388d1b73aeb48
Key Deleted : HKLM\SOFTWARE\85388d1b73aeb48
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{13C8734A-1AD2-4500-9F65-10D99AD80F54}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{01BB6254-5E89-4C53-BEF1-4D1656B09B86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A93B530D-2B18-48C7-9F3C-281679403372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{913FAA37-8CDB-4144-9047-E2A950CD967E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{425F621C-217C-40AD-B22F-4EFCFF452800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[extensions\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
[extensions\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v41.0.2272.101

[C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ- ... =&crxv=&q={searchTerms}
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_170513_18210&babsrc=SP_ss&mntrId=CEF8647002263EC6
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=119816&tt=gc_170513_18210&babsrc=SP_ss_gin2g&mntrId=CEF8647002263EC6
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=119816&tt=gc_170513_18210&babsrc=SP_ss_gin2g&mntrId=CEF8647002263EC6
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0Azy0B0F0FtAyCyBzytN0D0Tzu0CyDtCtBtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=2029237189&ir=
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?tpid=ORJ- ... =&crxv=&q={searchTerms}
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.iminent.com/?appId=000000 ... toolbox&q={searchTerms}
[C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [14590 bytes] - [25/03/2015 18:53:51]
AdwCleaner[R1].txt - [14650 bytes] - [26/03/2015 20:40:13]
AdwCleaner[S0].txt - [14805 bytes] - [26/03/2015 20:45:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14865 bytes] ##########

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows 7 Home Premium x86
Ran by uzivatel on źt 26.03.2015 at 20:56:56,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\uzivatel\appdata\locallow\nch_en"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{094A4990-26D7-4831-B050-CE03810F8DD9}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{0A79B23D-8A20-4E98-BAAB-CD5894A1D5E5}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{0C11D902-30F9-4C72-943E-40800BE60ABB}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{103A82D1-69EE-4555-91F5-A4A9DCA72FE9}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{10499C8C-26AD-4D30-BE46-E53B040E4150}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{10547A42-B197-4F69-A968-CDBBEF907CC3}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{10DE402C-565C-4211-9E78-314D9FD7A860}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{10F80C66-6A9C-434F-AC88-F02831263A3F}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{11E8FF6E-79B5-4B6A-B156-022D1EA845BB}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{192AECD0-478A-460C-8BD6-D7A9D6B6D073}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{1B3329B3-4236-4802-8D83-4BBAAE0CC264}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{2280C21A-1C04-4069-89B0-9AC5576C37FA}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{23AC21C1-FA46-430E-A719-EFAB244A9C84}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{247EEB65-847D-4C6C-B429-C3B2D84B2B36}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{29BD74C5-553F-4CD2-B635-608D7257AF60}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{2CDB2C04-3559-409E-9565-8A8FC5940E3E}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{3054117D-28C5-475D-A2BD-83F6E020C0A2}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{364BA10E-09D7-4192-9113-7435FC0D0835}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{382188FB-7B87-4287-BA6B-F0CB9D6B82E6}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{3A0B9685-51B4-488A-A2EF-1CEB376DF4AB}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{3A120F65-49BA-45E9-B683-8174E6374106}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{3B4C88FD-0CE9-4FC9-BC32-B217CB3F4929}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{3DC0389B-2044-48BB-8224-30E703FB6283}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{496BB40F-61BC-4AFE-B933-F8A471FE7586}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{4E8256DE-5019-403C-A9A5-5B53A26AAE8A}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{4FAFA713-B738-4815-B9A1-4E42968B5934}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{50DAF658-8A2B-4BA3-AC83-2E5060E06C09}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{51679618-2F0C-434C-A318-2A2F110C19B4}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{548FA545-6A6F-4632-A62D-226949B76063}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{55D64514-64AF-4B32-BD07-D0D252BDE72E}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{561F6719-49C2-4F18-9B02-945BE54F60DD}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{56CF76F1-1F66-4204-8939-A3AA9F71C367}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{60241D35-EDD1-43B3-AFE2-68F46EF79666}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{62050D96-9DA6-41EA-B70D-B400772D9E61}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{63AE1DAA-BE69-443D-A82A-1E1D3C561FA5}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{66D8CB18-BE7B-4AAD-AE3E-0E9622B55555}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{6870F6CB-1E72-4553-AD80-80EE8684BB0D}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{6B1735EB-C771-40B8-A121-508B6C7CB077}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{6F8D24EB-4AAB-4DF8-A401-FE122C076CB4}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{703E6A90-36FF-4CA0-A68B-997E854C18E3}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{736179BD-E75C-41A3-B1E8-0921D16CEFD2}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{757E79C9-C969-466E-9A4C-5C21203B1AE2}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{7637C378-13CD-443F-BCC2-AA8E3EBE0F06}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{7647DF54-4A16-4E42-ABFD-9B8313E417B2}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{7AB5EEDA-E2FA-41AC-8EEC-E773121FEA06}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{7B68FFB4-E6D5-4F87-B4A8-570895803641}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{7FFE9705-0CA9-4BED-A28F-3980BFA1849D}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{8134259B-FC39-4C80-B74A-C7869CE34E5F}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{89C0DB55-D5FE-40A0-93A7-53458B6E120E}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{8A4F57AB-457D-4829-90DC-C524BB9B1569}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{8F974BF6-EA49-4887-81F5-5C87E02A74F8}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{8FB6BC16-6B76-47D9-867A-4BFD08949A12}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{9139594C-1314-4535-82CA-BA9BF070240A}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{94E49DE7-2B1F-4C87-9E50-5EE0B40C6DFF}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{9D1EE21F-05A6-428E-8ADB-27A1EFC20A33}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{A302A484-CE4A-45FA-84A1-9026D2B754FD}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{A6196055-C2B2-4D04-9DE0-2F4DC3643E7F}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{ABE74912-3ED3-4CBC-8CBC-E7F49FCC9933}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{B3FA85F7-2C8C-4264-9890-72F94F45832A}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{B48C6CC9-68CE-4AC5-B365-76A9B8101CE6}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{B7F10315-C51A-4B41-8869-408313F7722A}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{B9C8A482-CE79-4529-82B4-179660D13133}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{BB9E8A4C-0351-4062-AB71-F4B0E7CCD56F}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{C163CCBE-9838-4B62-9096-86E9D67CFAD6}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{C1E0C1B3-F8BF-452A-BFDF-8FB7B5D94021}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{C3AD4787-2D06-4BAE-A8C6-9F082A822783}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{C4E7B3BF-A2A0-4291-BD91-7A6F1BD9B49C}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{C6CA3538-0EFB-4B16-953E-262C1ADD43C8}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{CB5BAB65-AAC5-4DD8-9215-4D8FC5F50726}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{CEB8F6BB-3CFA-45E7-8107-D569657B9197}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{D1C70DCF-5B7F-4913-B73E-60994D6F5D3F}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{D4874FF8-F3FF-4917-A5B9-26A743568575}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{D4E902B2-048D-4195-9E75-6BF64CDA596A}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{DAEC3013-BAD2-42F2-B438-D5546DEE75ED}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{E57D5E4B-2E69-42FF-8DC8-52F6F4DC45F8}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{E91ED6A9-59A7-44BF-BF33-AEF99D0B9923}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{EB5E4E43-4D2F-4ADA-A444-E43AB82BE71D}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{EC9B85C2-9A76-4E7E-A72D-4E93EF6ED6FF}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{F38D5B67-D498-4063-977F-B5FEFBF92525}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{F3DBDF54-3D9A-423F-98F5-F310ED445527}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{F686E995-028A-4ACF-B8CA-54DD518CDF4E}
Successfully deleted: [Empty Folder] C:\Users\uzivatel\appdata\local\{F734B694-1F6C-470F-B2BD-0414BD41C4BF}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 26.03.2015 at 20:59:38,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Příspěvekod **jaro3** » 27 bře 2015 09:56

RK udělej v nouz. režimu.

+
Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Wayshan · Příspěvekod **Wayshan** » 31 bře 2015 18:28

Problém je, že když se dostanu do té nabídky, kde se vybírá z normálního spuštění, spuštění v nouz. režimu, spuštění v nouz. režimu s příkazovým řádkem a ještě jedno tam je, tak nereaguje klávesnice. Prostě a jednoduše nemůžu vybrat ten nouzový režim. V základu je vybraná ta možnost spustit normálně, takže čekám 30 sekund a pak se to klasicky spustí.

Příspěvekod **jaro3** » 31 bře 2015 18:38

stav nouze s prací v síti tam není?

Stáhni si BootSafe

http://majorgeeks.com/downloadget.php?i ... 22a1a3d1fd

- stáhneš ho, spustíš a zvolíš možnost Safe Mode - Minimal
- klikneš na tlačítko Reboot
V normální režimu použij BootSafe

Wayshan · Příspěvekod **Wayshan** » 09 dub 2015 23:34

RogueKiller:

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : uzivatel [Práva správce]
Started from : C:\Users\uzivatel\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 04/09/2015 22:45:46

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1560000A-0364-46E3-8BF9-0516A7F0DA22} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3CBF52F8-D079-4A3B-A4B5-2FDD19752E71} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1560000A-0364-46E3-8BF9-0516A7F0DA22} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3CBF52F8-D079-4A3B-A4B5-2FDD19752E71} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1560000A-0364-46E3-8BF9-0516A7F0DA22} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3CBF52F8-D079-4A3B-A4B5-2FDD19752E71} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] [ofr2][opt]rs0 : user_pref("browser.startup.homepage", "http://mysearch.avg.com/?cid={5797D764-CA83-4129-A852-EADDC39F29C6}&mid=0cedafb549ac47d38815d16d5bb2c3ef-b12703921bd1577620cf1047a4625ff43bc60324&lang=en&ds=es011&pr=sa&d=&v=&pid=safeguard&sg=0&sap=hp"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD753LJ ATA Device +++++
--- User ---
[MBR] 3d456fd7b8533cb4896645c114d95daa
[BSP] c07609f8ba7de08bceceddda224fe635 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 707397 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1448751104 | Size: 8000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Zoek:

Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by uzivatel on źt 09.04.2015 at 22:51:36,73.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\uzivatel\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

9.4.2015 22:56:31 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\AGEIA Technologies deleted successfully
C:\Program Files\Autodesk deleted successfully
C:\Program Files\DesetiPrsty deleted successfully
C:\Program Files\InterActual deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Utherverse Digital Inc deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\Users\Madlenka\AppData\Roaming\Recordpad deleted successfully
C:\Users\uzivatel\AppData\Roaming\Publish Providers deleted successfully
C:\Users\uzivatel\AppData\Roaming\Recordpad deleted successfully
C:\Users\uzivatel\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\uzivatel\AppData\Local\GHISLER deleted successfully
C:\Users\uzivatel\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully
HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "http://mysearch.avg.com/?cid={5797D764-CA83-4129-A852-EADDC39F29C6}&mid=0cedafb549ac47d38815d16d5bb2c3ef-b12703921bd1577620cf1047a4625ff43bc60324&lang=en&ds=es011&pr=sa&d=&v=&pid=safeguard&sg=0&sap=hp");

Added to C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js:
user_pref("browser.startup.homepage", "http://mysearch.avg.com/?cid={5797D764-CA83-4129-A852-EADDC39F29C6}&mid=0cedafb549ac47d38815d16d5bb2c3ef-b12703921bd1577620cf1047a4625ff43bc60324&lang=en&ds=es011&pr=sa&d=&v=&pid=safeguard&sg=0&sap=hp");

Added to C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_09.04.2015_2311_.backup

ProfilePath: C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_09.04.2015_2311_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\AGEIA Technologies not found
C:\Program Files\Autodesk not found
C:\Program Files\DesetiPrsty not found
C:\Program Files\InterActual not found
C:\Program Files\Utherverse Digital Inc not found
C:\Users\uzivatel\AppData\Roaming\.technic deleted
C:\Users\Madlenka\AppData\LocalLow\NCH_EN deleted
C:\Users\Madlenka\.android deleted
C:\Users\uzivatel\.android deleted
C:\Program Files\Mortal Kombat Complete Edition deleted
C:\user.js deleted
C:\Users\uzivatel\AppData\Roaming\MPQEditor.ini deleted
C:\PROGRA~2\ar2r.pad deleted
C:\PROGRA~2\t3oth.pad deleted
C:\PROGRA~2\kjhy64.txt deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Package Cache deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\System32\lMMLDeleteUserData42107612FX.tmp deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
C:\Users\uzivatel\CelticKingsPatch116.exe deleted
C:\Users\uzivatel\SkypeSetup.exe deleted
C:\PROGRA~2\rundll32.exe deleted
C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09.04.2015 20:52]

==== Firefox Extensions ======================

ExtDir: C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- GoPhotoIt - %ExtDir%\gophoto@gophoto.it.xpi

==== Firefox Plugins ======================

==== Deleted Firefox Extensions ======================

C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Default\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db]

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09.04.2015 20:51]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 11:59]

Avast Online Security - Madlenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Skype Click to Call - Madlenka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
AdBlock - uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Avast Online Security - uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Startpages ======================

C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.search.ask.com/?gct=hp",

C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.search.ask.com/?gct=hp",
"homepage": "http://mysearch.avg.com/?cid={5797D764-CA83-4129-A852-EADDC39F29C6}&mid=0cedafb549ac47d38815d16d5bb2c3ef-b12703921bd1577620cf1047a4625ff43bc60324&lang=en&ds=es011&pr=sa&d=2013-11-27 19:59:24&v=17.1.3.1&pid=safeguard&sg=0&sap=hp",
"startup_urls": [ "http://mysearch.avg.com/?cid={5797D764-CA83-4129-A852-EADDC39F29C6}&mid=0cedafb549ac47d38815d16d5bb2c3ef-b12703921bd1577620cf1047a4625ff43bc60324&lang=en&ds=es011&pr=sa&d=2013-11-27 19:59:24&v=17.1.3.1&pid=safeguard&sg=0&sap=hp", "http://search.iminent.com/?appId=00000000-0000-0000-0000-000000000000" ]

==== Chromium Fix ======================

C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{4B3BD4C4-4011-97A7-7A0F-12A5B142DD75} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PPBG_csCZ359"

==== Reset Google Chrome ======================

C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\web data was reset successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully

==== Empty IE Cache ======================

C:\Users\Madlenka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Rodina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\uzivatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\uzivatel\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Madlenka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\uzivatel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1959 folders=241 9818493907 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Madlenka\AppData\Local\Temp emptied successfully
C:\Users\Rodina\AppData\Local\Temp emptied successfully
C:\Users\uzivatel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\uzivatel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Users\uzivatel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ACM7SYMP\0.static.collegehumor.cvcdn.com" not found
"C:\Users\uzivatel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ACM7SYMP\cdn1.static.pornhub.phncdn.com" not found
"C:\Users\uzivatel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ACM7SYMP\cdn3b.static.hardsextube.com" not found
"C:\Users\uzivatel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ACM7SYMP\media.blizzard.com" not found
"C:\Users\uzivatel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ACM7SYMP\static.awempire.com" not found
"C:\Users\uzivatel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ACM7SYMP\staticedge.hststatic.com" not found
"C:\Users\uzivatel\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ACM7SYMP\tag.audiencetv.hiro.tv" not found

==== EOF on źt 09.04.2015 at 23:24:08,15 ======================

Co ten MbAM? Mám to ještě zkoušet?

Příspěvekod **jaro3** » 10 dub 2015 09:14

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Wayshan · Příspěvekod **Wayshan** » 10 dub 2015 16:47

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : uzivatel [Práva správce]
Started from : C:\Users\uzivatel\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 04/10/2015 16:23:32

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1560000A-0364-46E3-8BF9-0516A7F0DA22} | DhcpNameServer : 7.254.254.254 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3CBF52F8-D079-4A3B-A4B5-2FDD19752E71} | DhcpNameServer : 10.0.0.138 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1560000A-0364-46E3-8BF9-0516A7F0DA22} | DhcpNameServer : 7.254.254.254 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3CBF52F8-D079-4A3B-A4B5-2FDD19752E71} | DhcpNameServer : 10.0.0.138 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1560000A-0364-46E3-8BF9-0516A7F0DA22} | DhcpNameServer : 7.254.254.254 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3CBF52F8-D079-4A3B-A4B5-2FDD19752E71} | DhcpNameServer : 10.0.0.138 -> Nahrazeno ()
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3545453532-2280684333-2720647477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD753LJ ATA Device +++++
--- User ---
[MBR] 3d456fd7b8533cb4896645c114d95daa
[BSP] c07609f8ba7de08bceceddda224fe635 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 707397 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1448751104 | Size: 8000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

============================================
RKreport_SCN_04092015_224546.log - RKreport_SCN_04102015_162114.log

ComboFix 15-04-09.01 - uzivatel 10.04.2015 16:30:33.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3326.1837 [GMT 2:00]
Spuštěný z: c:\users\uzivatel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\uzivatel\AppData\Local\Adobe\downloader.dll
c:\users\uzivatel\AppData\Local\Adobe\gccheck.exe
c:\users\uzivatel\AppData\Local\Adobe\gtbcheck.exe
c:\users\uzivatel\AppData\Local\Adobe\SecurityScan_Release.exe
c:\windows\IsUn0405.exe
c:\windows\msdownld.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-10 do 2015-04-10 )))))))))))))))))))))))))))))))
.
.
2015-04-10 13:42 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B456841-B1D5-4414-BEC5-080D03456322}\mpengine.dll
2015-04-09 21:21 . 2015-04-10 14:42 -------- d-----w- c:\users\uzivatel\AppData\Local\Temp
2015-04-09 21:21 . 2015-04-09 20:49 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-09 20:49 . 2015-04-09 21:18 -------- d-----w- C:\zoek_backup
2015-04-09 20:37 . 2015-04-09 20:37 -------- d-----w- c:\windows\system32\vbox
2015-04-09 20:35 . 2015-04-10 14:15 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-09 20:35 . 2015-04-09 20:38 -------- d-----w- c:\programdata\RogueKiller
2015-04-09 18:52 . 2015-04-09 18:51 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-09 18:51 . 2015-04-09 18:51 43112 ----a-w- c:\windows\avastSS.scr
2015-04-05 17:59 . 2015-04-05 19:26 -------- d-----w- c:\programdata\Tunngle
2015-04-05 17:59 . 2015-04-05 18:00 -------- d-----w- c:\program files\Tunngle
2015-04-04 23:57 . 2015-04-04 23:58 -------- d-s---w- c:\windows\system32\GWX
2015-03-25 18:03 . 2015-03-26 20:03 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-25 18:03 . 2015-03-25 18:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-25 18:03 . 2015-03-17 05:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-25 18:03 . 2015-03-17 05:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-25 18:03 . 2015-03-17 05:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-25 17:53 . 2015-03-26 19:45 -------- d-----w- C:\AdwCleaner
2015-03-25 06:11 . 2015-03-11 03:30 534528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-25 06:11 . 2015-03-11 03:29 818176 ----a-w- c:\windows\system32\appraiser.dll
2015-03-25 06:11 . 2015-03-11 03:30 623616 ----a-w- c:\windows\system32\invagent.dll
2015-03-25 06:11 . 2015-03-11 03:29 327168 ----a-w- c:\windows\system32\devinv.dll
2015-03-25 06:11 . 2015-03-11 03:29 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-25 06:11 . 2015-03-11 03:26 892928 ----a-w- c:\windows\system32\aeinv.dll
2015-03-25 06:11 . 2015-03-11 03:29 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-25 06:11 . 2015-03-11 03:29 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-15 16:19 . 2015-03-15 18:18 -------- d-----w- C:\Sierra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-09 18:51 . 2014-10-03 11:54 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-09 18:51 . 2013-03-22 02:35 208024 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-09 18:51 . 2009-12-24 18:02 427736 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-09 18:51 . 2014-10-03 11:53 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-09 18:51 . 2013-03-22 02:35 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-09 18:51 . 2013-01-17 14:49 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-09 18:51 . 2009-12-24 18:02 73440 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-09 18:51 . 2011-02-27 21:43 788272 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-03-28 17:38 . 2012-04-02 15:18 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-28 17:38 . 2011-05-28 22:18 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-06 05:15 . 2015-03-10 21:17 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:15 . 2015-03-10 21:17 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:10 . 2015-03-10 21:17 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-06 05:10 . 2015-03-10 21:17 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-06 05:10 . 2015-03-10 21:17 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-06 05:10 . 2015-03-10 21:17 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-06 05:10 . 2015-03-10 21:17 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-10 21:17 22016 ----a-w- c:\windows\system32\secur32.dll
2015-03-06 05:10 . 2015-03-10 21:17 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-06 05:10 . 2015-03-10 21:17 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-06 05:10 . 2015-03-10 21:17 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-03-06 05:10 . 2015-03-10 21:17 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-06 05:10 . 2015-03-10 21:17 17408 ----a-w- c:\windows\system32\credssp.dll
2015-03-06 05:09 . 2015-03-10 21:17 22528 ----a-w- c:\windows\system32\lsass.exe
2015-03-06 05:09 . 2015-03-10 21:17 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-03-06 05:07 . 2015-03-10 21:17 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-06 05:07 . 2015-03-10 21:17 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-06 05:06 . 2015-03-10 21:17 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-02-26 03:11 . 2015-03-10 21:21 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 03:23 . 2009-12-24 17:59 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:13 . 2015-03-10 21:17 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-10 21:17 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-10 21:17 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-10 21:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-10 21:17 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 02:22 . 2015-03-10 21:21 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-02-20 02:22 . 2015-03-10 21:21 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:09 . 2015-03-10 21:21 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-02-20 02:08 . 2015-03-10 21:21 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-02-20 02:08 . 2015-03-10 21:21 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-10 21:21 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-02-20 01:56 . 2015-03-10 21:21 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-02-20 01:56 . 2015-03-10 21:21 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-02-20 01:56 . 2015-03-10 21:21 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-20 01:50 . 2015-03-10 21:21 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 01:41 . 2015-03-10 21:21 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-10 21:21 4300288 ----a-w- c:\windows\system32\jscript9.dll
2015-02-20 01:24 . 2015-03-10 21:21 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-02-20 01:23 . 2015-03-10 21:21 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:01 . 2015-03-10 21:21 1888256 ----a-w- c:\windows\system32\wininet.dll
2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
2015-02-04 02:54 . 2015-03-10 21:17 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-03 03:16 . 2015-03-10 21:17 3973048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-02-03 03:16 . 2015-03-10 21:17 3917760 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-03 03:16 . 2015-03-10 21:17 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:12 . 2015-03-10 21:17 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:12 . 2015-03-10 21:17 617984 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-10 21:21 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-10 21:17 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:12 . 2015-03-10 21:17 400896 ----a-w- c:\windows\system32\srcore.dll
2015-02-03 03:12 . 2015-03-10 21:16 43008 ----a-w- c:\windows\system32\srclient.dll
2015-02-03 03:12 . 2015-03-10 21:16 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:12 . 2015-03-10 21:16 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:12 . 2015-03-10 21:16 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:12 . 2015-03-10 21:17 1329664 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:12 . 2015-03-10 21:17 519680 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:12 . 2015-03-10 21:16 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-10 21:17 157184 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:12 . 2015-03-10 21:17 28160 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:12 . 2015-03-10 21:16 8192 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:12 . 2015-03-10 21:17 504320 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:12 . 2015-03-10 21:17 265216 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:12 . 2015-03-10 21:16 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:12 . 2015-03-10 21:17 3209728 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:12 . 2015-03-10 21:17 354816 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:12 . 2015-03-10 21:16 103424 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:12 . 2015-03-10 21:17 489984 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:12 . 2015-03-10 21:16 275968 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:12 . 2015-03-10 21:17 988160 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:12 . 2015-03-10 21:17 406016 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-10 21:17 1174528 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:12 . 2015-03-10 21:17 1005056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:12 . 2015-03-10 21:17 103936 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:12 . 2015-03-10 21:17 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:12 . 2015-03-10 21:16 81408 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:12 . 2015-03-10 21:16 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-02-03 03:12 . 2015-03-10 21:17 744960 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:12 . 2015-03-10 21:17 475136 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:12 . 2015-03-10 21:17 374784 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:12 . 2015-03-10 21:16 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:12 . 2015-03-10 21:16 195584 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:12 . 2015-03-10 21:16 27648 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:12 . 2015-03-10 21:16 69632 ----a-w- c:\windows\system32\smss.exe
2015-02-03 03:11 . 2015-03-10 21:17 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-02-03 03:11 . 2015-03-10 21:16 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:11 . 2015-03-10 21:16 9728 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:11 . 2015-03-10 21:16 8192 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:11 . 2015-03-10 21:16 23040 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:11 . 2015-03-10 21:17 100864 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:11 . 2015-03-10 21:16 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-09 18:51 644608 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 13:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 13:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 13:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 13:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 13:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 13:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-11-09 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"AirDroid 3"="c:\program files\AirDroid\AirDroid.exe" [2015-02-05 11662848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-12-13 2210040]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-09 5512912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TP-LINK Wireless Configuration Utility.lnk - c:\program files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2012-12-20 788992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
backup=c:\windows\pss\LOLRecorder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trust Gaming Mouse]
2011-01-17 15:29 2245632 ----a-w- c:\program files\Trust Gaming Mouse\Mouse.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-31 685816]
R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x]
R2 gupdate1ca646f683b9d3e;Služba Google Update (gupdate1ca646f683b9d3e);c:\program files\Google\Update\GoogleUpdate.exe [2014-11-09 107912]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-09-24 22528]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-12-07 23040]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2009-12-15 23424]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-12-15 101120]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-08-26 25480]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-03-26 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-03-17 51928]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-09-08 3852792]
R3 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2015-03-04 1910640]
R3 RTCore32;RTCore32;c:\program files\MSI Afterburner\RTCore32.sys [2013-03-11 5632]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 trustms;Trust Mouse;c:\windows\system32\drivers\trustms.sys [2010-11-15 9600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2015-02-09 792016]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-09-24 19592]
S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2010-09-28 3033200]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-09 788272]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-04-09 427736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-05-03 243128]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-09 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-09 73440]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-09 106912]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 915600]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 18186896]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-04-09 220240]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-04-09 3205216]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-03-17 23256]
S3 NCHSSVAD;SoundTap Recorder;c:\windows\system32\drivers\nchssvad.sys [2011-10-02 21120]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [2009-10-16 369664]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 15:07 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 17:38]
.
2015-04-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-11-09 20:56]
.
2015-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-09 20:43]
.
2015-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-11-09 20:43]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-GarenaPlus - c:\program files\Garena Plus\GarenaMessenger.exe
HKCU-Run-SkypeVoiceChanger - c:\program files\AthTek\Voice Changer for Skype\SkypeVoiceChanger.exe
HKLM-Run-TQ566808 - D:\Setup.exe
HKLM-Run-Nvtmru - c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Autodesk FBX Plugin 2009.4 - 3ds Max 2010 - c:\program files\Autodesk\FBX\FBXPlugins\2009.4\3ds Max 2010\Uninstall.exe
AddRemove-Google Updater - c:\program files\Google\Google Updater\GoogleUpdater.exe
AddRemove-O2CZ - c:\program files\O2\O2CZ\Uninstall.exe
AddRemove-Switch - c:\program files\NCH Software\Switch\uninst.exe
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-04-10 16:44:07
ComboFix-quarantined-files.txt 2015-04-10 14:44
.
Před spuštěním: Volných bajtů: 127 588 081 664
Po spuštění: Volných bajtů: 127 471 476 736
.
- - End Of File - - 359EB36336274FE05C44BAF5FFAAC93B
A36C5E4F47E84449FF07ED3517B43A31

EDIT: Nejspíš jsem našel a odstranil příčinu závady. Mám herní klávesnici a očividně se mi nějaký program hrabal v makrech, nastavení jednotlivých kláves i samotném ovládacím programu. Smazal jsem všechna makra a obnovil nastavení kláves a problémy prozatím přestaly. Nicméně jestli jsou v PC stále nějaké škodlivé soubory, rád bych to dotáhl do konce :)

Příspěvekod **jaro3** » 11 dub 2015 09:35

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vlož nový log z HJT + informuj o problémech.

Podezřelé chování PC

Podezřelé chování PC

Re: Podezřelé chování PC

Re: Podezřelé chování PC

Re: Podezřelé chování PC

Re: Podezřelé chování PC

Re: Podezřelé chování PC

Re: Podezřelé chování PC

Re: Podezřelé chování PC

Re: Podezřelé chování PC

Re: Podezřelé chování PC

Re: Podezřelé chování PC

Re: Podezřelé chování PC

Kdo je online