svchost.exe prosím o kontrolu logu

Evesoon · Příspěvekod **Evesoon** » 11 dub 2015 12:30

Zdravím , asi po hodině co používám PC se mi zvedne využití ram na cca 65% kvůli " svchost.exe " . Děje se mi to asi už týden . V PC mám Windows 7 64bit a 4 gb ram . Předem moc děkuji za pomoc.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:34, on 11.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Users\Mikey\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObit Apps Toolbar - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.0\iobitappsToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Spustit klienta k monitoru &1 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Spustit klienta k monitoru &2 - C:\Windows\web\AOpenClient.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wtfastdrv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzSurroundVADStreamingService - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9492 bytes

Reklama

Příspěvekod **jerabina** » 11 dub 2015 13:30

Nevidím tam pořádný antivirus ...

Odinstaluj:

Kód: Vybrat vše

IOBit
IOBit Advanced System Care

a nainstaluj si třeba Avast, je to mnohonásobně lepší. Osobně považuji IOBit za sofistikovaný vir :lol:

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Evesoon · Příspěvekod **Evesoon** » 11 dub 2015 14:09

AdwCleaner obsah:
# AdwCleaner v4.201 - Log vytvořen 11/04/2015 v 14:06:21
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-08.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Mikey - MIKEY-PC
# Spuštěno z : C:\Users\Mikey\Desktop\adwcleaner_4.201.exe
# Nastavení : Sken

***** [ Služby ] *****

Služba Nalezeno : 17812836

***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files (x86)\Application Updater
Složka Nalezeno : C:\Program Files (x86)\AVG SafeGuard toolbar
Složka Nalezeno : C:\Program Files (x86)\BBEstSSAvoeForiYou
Složka Nalezeno : C:\Program Files (x86)\Common Files\AVG Secure Search
Složka Nalezeno : C:\Program Files (x86)\Common Files\ParetoLogic
Složka Nalezeno : C:\Program Files (x86)\Conduit
Složka Nalezeno : C:\Program Files (x86)\DoigiSaver
Složka Nalezeno : C:\Program Files (x86)\DriverToolkit
Složka Nalezeno : C:\Program Files (x86)\EonJJoyCCoupon
Složka Nalezeno : C:\Program Files (x86)\FFun2SSaave
Složka Nalezeno : C:\Program Files (x86)\globalUpdate
Složka Nalezeno : C:\Program Files (x86)\GotClip
Složka Nalezeno : C:\Program Files (x86)\IObit Apps Toolbar
Složka Nalezeno : C:\Program Files (x86)\MyPC Backup
Složka Nalezeno : C:\Program Files (x86)\PreiCEChooP
Složka Nalezeno : C:\Program Files (x86)\PrIceChooP
Složka Nalezeno : C:\ProgramData\apn
Složka Nalezeno : C:\ProgramData\AVG SafeGuard toolbar
Složka Nalezeno : C:\ProgramData\AVG Security Toolbar
Složka Nalezeno : C:\ProgramData\ParetoLogic
Složka Nalezeno : C:\Users\Mikey\AppData\Local\AVG SafeGuard toolbar
Složka Nalezeno : C:\Users\Mikey\AppData\Local\DriverToolkit
Složka Nalezeno : C:\Users\Mikey\AppData\Local\genienext
Složka Nalezeno : C:\Users\Mikey\AppData\Local\globalUpdate
Složka Nalezeno : C:\Users\Mikey\AppData\Local\Mobogenie
Složka Nalezeno : C:\Users\Mikey\AppData\LocalLow\AVG SafeGuard toolbar
Složka Nalezeno : C:\Users\Mikey\AppData\LocalLow\Conduit
Složka Nalezeno : C:\Users\Mikey\AppData\LocalLow\Minibar
Složka Nalezeno : C:\Users\Mikey\AppData\Roaming\DriverCure
Složka Nalezeno : C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
Složka Nalezeno : C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Složka Nalezeno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Složka Nalezeno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\Extensions\3Z@j.org
Složka Nalezeno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\Extensions\C@PL8eV.net
Složka Nalezeno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\Extensions\kXP8Z@UJThMM.net
Složka Nalezeno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\Extensions\lrArMucMC@k.com
Složka Nalezeno : C:\Users\Mikey\AppData\Roaming\ParetoLogic
Složka Nalezeno : C:\Users\Mikey\AppData\Roaming\Systweak
Složka Nalezeno : C:\Users\Mikey\Documents\Mobogenie
Soubor Nalezeno : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml
Soubor Nalezeno : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
Soubor Nalezeno : C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
Soubor Nalezeno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\user.js
Soubor Nalezeno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\user.js
Soubor Nalezeno : C:\Users\Mikey\daemonprocess.txt
Soubor Nalezeno : C:\Windows\System32\roboot64.exe

***** [ Naplánované úlohy ] *****

Úloha Nalezeno : paretologic registration3
Úloha Nalezeno : paretologic update version3
Úloha Nalezeno : ParetoLogic Update Version3 Startup Task

***** [ Zástupci ] *****

Zástupce Infikováno : C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Zástupce Infikováno : C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Zástupce Infikováno : C:\Users\Mikey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5054562D-5247-006A-76A7-7A786E7484D7}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Hodnota Nalezeno : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Klíč Nalezeno : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč Nalezeno : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Klíč Nalezeno : HKCU\Software\AppDataLow\Software\Conduit
Klíč Nalezeno : HKCU\Software\AppDataLow\Software\IObit Apps
Klíč Nalezeno : HKCU\Software\BI
Klíč Nalezeno : HKCU\Software\DriverToolkit
Klíč Nalezeno : HKCU\Software\DriverTuner
Klíč Nalezeno : HKCU\Software\DriverTuner_Init
Klíč Nalezeno : HKCU\Software\GlobalUpdate
Klíč Nalezeno : HKCU\Software\IObit Apps
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{027F82DC-2700-4CA8-82A2-49D383489F93}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Nalezeno : HKCU\Software\Mozilla\Extends
Klíč Nalezeno : HKCU\Software\ParetoLogic
Klíč Nalezeno : HKCU\Software\simplytech
Klíč Nalezeno : HKCU\Software\systweak
Klíč Nalezeno : [x64] HKCU\Software\BI
Klíč Nalezeno : [x64] HKCU\Software\DriverToolkit
Klíč Nalezeno : [x64] HKCU\Software\DriverTuner
Klíč Nalezeno : [x64] HKCU\Software\DriverTuner_Init
Klíč Nalezeno : [x64] HKCU\Software\GlobalUpdate
Klíč Nalezeno : [x64] HKCU\Software\IObit Apps
Klíč Nalezeno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{027F82DC-2700-4CA8-82A2-49D383489F93}
Klíč Nalezeno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíč Nalezeno : [x64] HKCU\Software\ParetoLogic
Klíč Nalezeno : [x64] HKCU\Software\simplytech
Klíč Nalezeno : [x64] HKCU\Software\systweak
Klíč Nalezeno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíč Nalezeno : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč Nalezeno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Nalezeno : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Klíč Nalezeno : HKLM\SOFTWARE\89d3cb47-2a33-cb32-1534-56fc39ed7e03
Klíč Nalezeno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Klíč Nalezeno : HKLM\SOFTWARE\Conduit
Klíč Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Klíč Nalezeno : HKLM\SOFTWARE\IObit Apps
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Klíč Nalezeno : HKLM\SOFTWARE\ParetoLogic
Klíč Nalezeno : HKLM\SOFTWARE\systweak
Klíč Nalezeno : HKLM\SOFTWARE\Vittalia
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Klíč Nalezeno : HKU\.DEFAULT\Software\AskPartnerNetwork

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.defaultenginename", "mystartsearch");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.defaultenginename,S", "WebSearch");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.defaulturl", "hxxp://websearch.swellsearch.info/?pid=1539&r=2015/03/01&hid=8345429175370309954&lg=EN&cc=CZ&unqvl=84&l=1&q=");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.order.1", "WebSearch");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.order.1,S", "WebSearch");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.searchengine.alias", "mystartsearch");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.searchengine.name", "mystartsearch");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1425229019&from=wpc&uid=ST1000DM003-9YN162_S1DAJRT3XXXXS1DAJRT3&q={searchTerms}");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.selectedEngine", "mystartsearch");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.search.selectedEngine,S", "WebSearch");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.aflt", "ddrnw");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.dfltLng", "");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.dfltSrch", true);
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.dnsErr", true);
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.excTlbr", false);
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.hmpg", true);
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ddrnw");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.id", "6a015e2d000000000000bc5ff4ab01e5");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.instlDay", "16068");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.instlRef", "");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.newTab", true);
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ddrnw");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.prdct", "funmoods");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.smplGrp", "none");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.tlbrId", "base");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1612:51:05");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("keyword.url", "hxxp://websearch.swellsearch.info/?pid=1539&r=2015/03/01&hid=8345429175370309954&lg=EN&cc=CZ&unqvl=84&l=1&q=");
[u4mif9g1.default] - Řádek Nalezeno : user_pref("browser.startup.homepage", "hxxp://websearch.swellsearch.info/?pid=1539&r=2015/03/01&hid=8345429175370309954&lg=EN&cc=CZ&unqvl=84");

-\\ Google Chrome v41.0.2272.118

[C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://isearch.avg.com/search?cid={619F98BC-F15D-4660-A520-4CF9EA12B5BF}&mid=86e3a5b5aa6d47d3a4a13120d30a5464-b43916e1ccfd32ffa15aac98ffab6643fb63b359&lang=cz/browser=all&ds=is015&pr=sa&d=2013-02-19 17:52:13&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
[C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}
[C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=1539&r=2015/03/01&hid=8345429175370309954&lg=EN&cc=CZ&unqvl=84
[C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://istart.webssearches.com/web/?typ ... 1DAJRT3&q={searchTerms}
[C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Extension] : lfmhcpmkbdkbgbmkjoiopeeegenkdikp
[C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Startup_URLs] : ", "hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [13883 bytů] - [11/04/2015 14:06:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13942 bytů] ##########

Evesoon · Příspěvekod **Evesoon** » 11 dub 2015 14:21

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 11.4.2015
Čas skenování: 14:11:25
Protokol:
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.11.02
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Mikey

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 354915
Uplynulý čas: 8 min, 56 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 8
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\3Z@j.org\content, , [d47a77f46d1dee48a88681d3b45122de],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\3Z@j.org, , [d47a77f46d1dee48a88681d3b45122de],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\C@PL8eV.net\content, , [014d99d2f8921125aa84f16356afbd43],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\C@PL8eV.net, , [014d99d2f8921125aa84f16356afbd43],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\kXP8Z@UJThMM.net\content, , [4b03b0bb6e1c3ef850de4e06d332ac54],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\kXP8Z@UJThMM.net, , [4b03b0bb6e1c3ef850de4e06d332ac54],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\lrArMucMC@k.com\content, , [4b03fd6eec9eb08627070e46cc397987],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\lrArMucMC@k.com, , [4b03fd6eec9eb08627070e46cc397987],

Soubory: 19
PUP.Optional.MyStartSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml, , [361898d3dcaef44221e52da8cc370ef2],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\3Z@j.org\content\bg.js, , [d47a77f46d1dee48a88681d3b45122de],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\3Z@j.org\bootstrap.js, , [d47a77f46d1dee48a88681d3b45122de],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\3Z@j.org\chrome.manifest, , [d47a77f46d1dee48a88681d3b45122de],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\3Z@j.org\install.rdf, , [d47a77f46d1dee48a88681d3b45122de],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\C@PL8eV.net\content\bg.js, , [014d99d2f8921125aa84f16356afbd43],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\C@PL8eV.net\bootstrap.js, , [014d99d2f8921125aa84f16356afbd43],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\C@PL8eV.net\chrome.manifest, , [014d99d2f8921125aa84f16356afbd43],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\C@PL8eV.net\install.rdf, , [014d99d2f8921125aa84f16356afbd43],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\kXP8Z@UJThMM.net\content\bg.js, , [4b03b0bb6e1c3ef850de4e06d332ac54],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\kXP8Z@UJThMM.net\bootstrap.js, , [4b03b0bb6e1c3ef850de4e06d332ac54],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\kXP8Z@UJThMM.net\chrome.manifest, , [4b03b0bb6e1c3ef850de4e06d332ac54],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\kXP8Z@UJThMM.net\install.rdf, , [4b03b0bb6e1c3ef850de4e06d332ac54],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\lrArMucMC@k.com\content\bg.js, , [4b03fd6eec9eb08627070e46cc397987],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\lrArMucMC@k.com\bootstrap.js, , [4b03fd6eec9eb08627070e46cc397987],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\lrArMucMC@k.com\chrome.manifest, , [4b03fd6eec9eb08627070e46cc397987],
PUP.Optional.MultiPlug.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\extensions\lrArMucMC@k.com\install.rdf, , [4b03fd6eec9eb08627070e46cc397987],
PUP.Optional.SwellSearch.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\prefs.js, Dobré: (), Špatné: (user_pref("browser.startup.homepage", "http://websearch.swellsearch.info/?pid=1539&r=2015/03/01&hid=8345429175370309954&lg=EN&cc=CZ&unqvl=84");), ,[262877f4b4d649edf66953e940c6dc24]
PUP.Optional.MyStartSearch.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\search.json, Dobré: (), Špatné: (mystartsearch), ,[301e016a5b2fa39328d0e457e91d966a]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jerabina** » 11 dub 2015 14:23

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Evesoon · Příspěvekod **Evesoon** » 11 dub 2015 14:45

# AdwCleaner v4.201 - Log vytvořen 11/04/2015 v 14:40:19
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-08.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Mikey - MIKEY-PC
# Spuštěno z : C:\Users\Mikey\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : 17812836

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\ProgramData\AVG SafeGuard toolbar
Složka Smazáno : C:\ProgramData\AVG Security Toolbar
Složka Smazáno : C:\ProgramData\ParetoLogic
Složka Smazáno : C:\Program Files (x86)\Application Updater
Složka Smazáno : C:\Program Files (x86)\AVG SafeGuard toolbar
Složka Smazáno : C:\Program Files (x86)\Conduit
Složka Smazáno : C:\Program Files (x86)\globalUpdate
Složka Smazáno : C:\Program Files (x86)\IObit Apps Toolbar
Složka Smazáno : C:\Program Files (x86)\MyPC Backup
Složka Smazáno : C:\Program Files (x86)\GotClip
Složka Smazáno : C:\Program Files (x86)\DriverToolkit
Složka Smazáno : C:\Program Files (x86)\BBEstSSAvoeForiYou
Složka Smazáno : C:\Program Files (x86)\DoigiSaver
Složka Smazáno : C:\Program Files (x86)\EonJJoyCCoupon
Složka Smazáno : C:\Program Files (x86)\FFun2SSaave
Složka Smazáno : C:\Program Files (x86)\PreiCEChooP
Složka Smazáno : C:\Program Files (x86)\PrIceChooP
Složka Smazáno : C:\Program Files (x86)\Common Files\AVG Secure Search
Složka Smazáno : C:\Program Files (x86)\Common Files\ParetoLogic
Složka Smazáno : C:\Users\Mikey\AppData\Local\AVG SafeGuard toolbar
Složka Smazáno : C:\Users\Mikey\AppData\Local\genienext
Složka Smazáno : C:\Users\Mikey\AppData\Local\globalUpdate
Složka Smazáno : C:\Users\Mikey\AppData\Local\Mobogenie
Složka Smazáno : C:\Users\Mikey\AppData\Local\DriverToolkit
Složka Smazáno : C:\Users\Mikey\AppData\LocalLow\AVG SafeGuard toolbar
Složka Smazáno : C:\Users\Mikey\AppData\LocalLow\Conduit
Složka Smazáno : C:\Users\Mikey\AppData\LocalLow\Minibar
Složka Smazáno : C:\Users\Mikey\AppData\Roaming\DriverCure
Složka Smazáno : C:\Users\Mikey\AppData\Roaming\ParetoLogic
Složka Smazáno : C:\Users\Mikey\AppData\Roaming\Systweak
Složka Smazáno : C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Složka Smazáno : C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
Složka Smazáno : C:\Users\Mikey\Documents\Mobogenie
Složka Smazáno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Složka Smazáno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\Extensions\3Z@j.org
Složka Smazáno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\Extensions\C@PL8eV.net
Složka Smazáno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\Extensions\kXP8Z@UJThMM.net
Složka Smazáno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\Extensions\lrArMucMC@k.com
Soubor Smazáno : C:\Windows\System32\roboot64.exe
Soubor Smazáno : C:\Users\Mikey\daemonprocess.txt
Soubor Smazáno : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml
Soubor Smazáno : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
Soubor Smazáno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\user.js
Soubor Smazáno : C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\user.js
Soubor Smazáno : C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage

***** [ Naplánované úlohy ] *****

Úloha Smazáno : paretologic registration3
Úloha Smazáno : paretologic update version3
Úloha Smazáno : ParetoLogic Update Version3 Startup Task

***** [ Zástupci ] *****

Zástupce Vyléčeno : C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Zástupce Vyléčeno : C:\Users\Mikey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Zástupce Vyléčeno : C:\Users\Mikey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Klíč Smazáno : HKCU\Software\Mozilla\Extends
Klíč Smazáno : HKLM\SOFTWARE\89d3cb47-2a33-cb32-1534-56fc39ed7e03
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5054562D-5247-006A-76A7-7A786E7484D7}]
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{027F82DC-2700-4CA8-82A2-49D383489F93}
Hodnota Smazáno : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Klíč Smazáno : HKCU\Software\BI
Klíč Smazáno : HKCU\Software\GlobalUpdate
Klíč Smazáno : HKCU\Software\ParetoLogic
Klíč Smazáno : HKCU\Software\simplytech
Klíč Smazáno : HKCU\Software\systweak
Klíč Smazáno : HKCU\Software\IObit Apps
Klíč Smazáno : HKCU\Software\DriverTuner_Init
Klíč Smazáno : HKCU\Software\DriverTuner
Klíč Smazáno : HKCU\Software\DriverToolkit
Klíč Smazáno : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Klíč Smazáno : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč Smazáno : HKCU\Software\AppDataLow\Software\Conduit
Klíč Smazáno : HKCU\Software\AppDataLow\Software\IObit Apps
Klíč Smazáno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Smazáno : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Klíč Smazáno : HKLM\SOFTWARE\Conduit
Klíč Smazáno : HKLM\SOFTWARE\ParetoLogic
Klíč Smazáno : HKLM\SOFTWARE\systweak
Klíč Smazáno : HKLM\SOFTWARE\Vittalia
Klíč Smazáno : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíč Smazáno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíč Smazáno : HKLM\SOFTWARE\IObit Apps
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.defaultenginename", "mystartsearch");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.defaultenginename,S", "WebSearch");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.defaulturl", "hxxp://websearch.swellsearch.info/?pid=1539&r=2015/03/01&hid=8345429175370309954&lg=EN&cc=CZ&unqvl=84&l=1&q=");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.order.1", "WebSearch");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.order.1,S", "WebSearch");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.alias", "mystartsearch");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/favicon.ico");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.name", "mystartsearch");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=ds&ts=1425229019&from=wpc&uid=ST1000DM003-9YN162_S1DAJRT3XXXXS1DAJRT3&q={searchTerms}");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.selectedEngine", "mystartsearch");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.search.selectedEngine,S", "WebSearch");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.aflt", "ddrnw");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.dfltLng", "");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.dfltSrch", true);
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.dnsErr", true);
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.excTlbr", false);
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.hmpg", true);
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=ddrnw");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.id", "6a015e2d000000000000bc5ff4ab01e5");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.instlDay", "16068");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.instlRef", "");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.newTab", true);
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=ddrnw");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.prdct", "funmoods");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.smplGrp", "none");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.tlbrId", "base");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=ddrnw&q=");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1612:51:05");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("keyword.url", "hxxp://websearch.swellsearch.info/?pid=1539&r=2015/03/01&hid=8345429175370309954&lg=EN&cc=CZ&unqvl=84&l=1&q=");
[u4mif9g1.default\prefs.js] - Řádek Smazáno : user_pref("browser.startup.homepage", "hxxp://websearch.swellsearch.info/?pid=1539&r=2015/03/01&hid=8345429175370309954&lg=EN&cc=CZ&unqvl=84");

-\\ Google Chrome v41.0.2272.118

[C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Extension] : lfmhcpmkbdkbgbmkjoiopeeegenkdikp
[C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Startup_URLs] : ", "hxxp://search.b1.org/?bsrc=4hcxr&chid=c167991

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [14081 bytů] - [11/04/2015 14:06:22]
AdwCleaner[R1].txt - [13011 bytů] - [11/04/2015 14:34:37]
AdwCleaner[S0].txt - [12533 bytů] - [11/04/2015 14:40:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12592 bytů] ##########

Evesoon · Příspěvekod **Evesoon** » 11 dub 2015 15:15

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 11.4.2015
Čas skenování: 15:04:02
Protokol:
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.11.03
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Mikey

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 355183
Uplynulý čas: 10 min, 59 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.MyStartSearch.A, C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\search.json, Dobré: (), Špatné: (mystartsearch), Nahrazeno,[2f202942becc9f970af4a695c046b848]

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Evesoon · Příspěvekod **Evesoon** » 11 dub 2015 15:20

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by Mikey on so 11.04.2015 at 15:16:36,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update surftastic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util surftastic

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Mikey\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Mikey\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\Mikey\AppData\Roaming\mozilla\firefox\profiles\u4mif9g1.default\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "wpc");
user_pref("browser.search.searchengine.uid", "ST1000DM003-9YN162_S1DAJRT3XXXXS1DAJRT3");
user_pref("extensions.9SAgET4ZFxRNilWa.scode", "(function(){try{if(window.self.location.href.indexOf(\"pdr9qjnGpjw6qjr6rdrEpjU8qa\")>-1){return;}}catch(e){}try{var d=[[\"trian
user_pref("extensions.Gnmp7uaecNmFZyaA.scode", "(function(){try{if(window.self.location.href.indexOf(\"pdr9qjnGpjw6qjr6rdrEpjU8qa\")>-1){return;}}catch(e){}try{var d=[[\"trian
user_pref("extensions.Gnmp7uaecNmFZyaA.url", "hxxp://progamessafecard.in/sync2/?q=hfZ9ofV9CShEAen0rjkHpihTB6lKDzt4okqAtNtVh7n0rjkErHaFrjg8qjwEtMFHhd9FqjaHrdrFrHk8qdsMDMlGojUMA
user_pref("extensions.jTxokGNZ5RZ8Ccde.scode", "(function(){try{if(window.self.location.href.indexOf(\"pdr9qjnGpjw6qjr6rdrEpjU8qa\")>-1){return;}}catch(e){}try{var d=[[\"trian
user_pref("extensions.wsaaxx83AfqQ5see.scode", "(function(){try{if(window.self.location.href.indexOf(\"pdr9qjnGpjw6qjr6rdrEpjU8qa\")>-1){return;}}catch(e){}try{var d=[[\"trian
Emptied folder: C:\Users\Mikey\AppData\Roaming\mozilla\firefox\profiles\u4mif9g1.default\minidumps [18 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 11.04.2015 at 15:20:02,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Evesoon · Příspěvekod **Evesoon** » 11 dub 2015 16:07

RogueKiller V10.5.9.0 (x64) [Apr 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Mikey [Práva správce]
Started from : C:\Users\Mikey\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 04/11/2015 16:06:11

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RzSurroundVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe") -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RzSurroundVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe") -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RzSurroundVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe") -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ATA ST1000DM003-9YN1 SCSI Disk Device +++++
--- User ---
[MBR] e0851636c8e54396d4517d39aed19215
[BSP] 84a29e5c8b996dda98e9e5577ecdaef1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic- Compact Flash +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

============================================
RKreport_SCN_04112015_160224.log

Příspěvekod **jerabina** » 11 dub 2015 19:43

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

Evesoon · Příspěvekod **Evesoon** » 11 dub 2015 21:10

RogueKiller V10.5.9.0 (x64) [Apr 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Mikey [Práva správce]
Started from : C:\Users\Mikey\Desktop\věci\RogueKillerX64.exe
Mód : Smazat -- Datum : 04/11/2015 21:08:49

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RzSurroundVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe") -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RzSurroundVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe") -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RzSurroundVADStreamingService ("C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe") -> Smazáno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 6 ¤¤¤
[FIREFX:Addon] u4mif9g1.default : Seznam lištička [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Smazáno
[FIREFX:Addon] u4mif9g1.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] u4mif9g1.default : PreiCEChooP [kXP8Z@UJThMM.net] -> Smazáno
[FIREFX:Addon] u4mif9g1.default : youtubeadblocker [3Z@j.org] -> Smazáno
[FIREFX:Addon] u4mif9g1.default : PricceChOOp [lrArMucMC@k.com] -> Smazáno
[FIREFX:Addon] u4mif9g1.default : DoigiSaver [C@PL8eV.net] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ATA ST1000DM003-9YN1 SCSI Disk Device +++++
--- User ---
[MBR] e0851636c8e54396d4517d39aed19215
[BSP] 84a29e5c8b996dda98e9e5577ecdaef1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953766 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- SD/MMC +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic- Compact Flash +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

============================================
RKreport_SCN_04112015_160224.log - RKreport_SCN_04112015_160611.log - RKreport_SCN_04112015_210132.log

Evesoon · Příspěvekod **Evesoon** » 11 dub 2015 21:37

Zatím žádné problémy nenastaly . RAM je na normálních % využití .
Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by Mikey on so 11.04.2015 at 21:12:19,81.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mikey\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11.4.2015 21:13:26 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\CDisplay deleted successfully
C:\PROGRA~2\Company deleted successfully
C:\PROGRA~2\DAUM deleted successfully
C:\PROGRA~2\Deskshare deleted successfully
C:\PROGRA~2\Hi-Rez Studios deleted successfully
C:\PROGRA~2\Seznam.cz deleted successfully
C:\PROGRA~2\Winamp deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\PROGRA~3\Codemasters deleted successfully
C:\PROGRA~3\Hi-Rez Studios deleted successfully
C:\PROGRA~3\offpholakiijgfeepekgoocfodnapido deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Orbit deleted successfully
C:\PROGRA~3\poboajboceealkgggalggaiojkgongad deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully
C:\Users\Mikey\AppData\Roaming\BitTorrent deleted successfully
C:\Users\Mikey\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Mikey\AppData\Roaming\Opera Software deleted successfully
C:\Users\Mikey\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Mikey\AppData\Local\Oblivion deleted successfully
C:\Users\Mikey\AppData\Local\Opera Software deleted successfully
C:\Users\Mikey\AppData\Local\Ubisoft Game Launcher deleted successfully
C:\Users\Mikey\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DA1FDD62-294E-45C9-A4C5-722CF1F34073} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A21702A-3267-420E-A41-77F59723349} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AEF4458-CCCC-4030-86AB-249EC1885BCB} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B9861B0-3AE1-4E50-9C4B-BA4F4F8BA28C} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D058E66-C879-45B7-AD1B-5E94F5C147EF} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{240383CD-9242-4AD3-BC7C-F5E6A1BB85D} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27237FD-223F-4BEB-80F1-56F7AFE86587} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{278468A6-3F85-4D8E-B130-72FAC43F059} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{290E4F93-A352-4418-83B9-41AB28A5C70} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C8183B3-B846-41DC-8287-963F3691DB4} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3037F80B-4564-400B-B02-44AAEB2F5D3} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33D1A739-7D68-420E-ADA8-ABBCFFC3A91} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39CB5EFF-B378-4099-82E0-46BC56DBF451} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FF77D67-9517-4BAD-9CA5-B1C1B133314D} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{420B54AE-E673-4E08-93EC-2FF127E57F5C} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44C02038-8A5-48F6-9EAB-F5A63EC78B33} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{536224B8-B20D-4FB2-A522-B628E49DF61E} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{593A10D0-ECDE-4703-8B47-A352CFBD743D} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60BEEC0B-4984-49ED-9BB7-E5B52134E95} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69DBA419-D567-48CB-9FBE-6C5EBEDD9F0} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B7EB1C1-1257-4E0D-ADFA-2EF8A7B5AFB} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FC4E51B-EB2-422B-882C-EE3185237B92} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{81CB9E59-EC95-447A-B218-58E86FC787BE} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91024F9D-E172-464D-B859-367665F3E8} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FBFCB8A-194E-45D0-9E1A-747548F5D219} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B12D5ECB-4D3D-4C10-B887-B5C85FCC3F3} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3EFCD7E-5211-4AF5-948D-41F1E848168} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD68B3C-B45A-4A7F-BB69-9DAA962B1D} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C13AFC8E-EF6C-4BB7-88D6-AB31038A777} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3363B82-61C0-479B-999C-FC609F67DCF} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C771808C-77FA-4DD6-BA8A-B2F2329968C} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8A3B8D4-A098-4241-AFA2-5C7BD2A72DA} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D2F0CD5B-295D-45AD-8545-764F46F8D3F} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D46982E7-BA15-481B-81B9-BB395FBA5FC8} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D56EE6F1-4CF5-4F4E-9FF0-FBD4D0AC6911} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1BE13B8-232-4162-916F-B31DD52B86D} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E481116E-A673-4A4A-9713-6F127543383D} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E745689F-735C-4F51-9A63-FC2D095EEA} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC5091DF-12BC-4C9F-B1B8-88A1DF89137} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ECBD65A1-A9A9-43E6-B3A2-6E33261CBB91} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0EA54E-D57C-4858-B883-78EED0ADF8DC} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F543C2F5-F8F0-4743-8196-60837B5FDD5C} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5B56281-5AD8-496A-A8A3-6E774FEC59CE} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F73C4B35-65C0-49C7-AA7A-5620478FB690} deleted successfully
HKEY_USERS\S-1-5-21-3414898666-3012124195-2524543126-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE2D5B5-8A08-47E7-A725-B3ED38F7EAEF} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\prefs.js:
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js:

Added to C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- Lines extensions.9SAgET4ZFxRNilWa removed from prefs.js ----
user_pref("extensions.9SAgET4ZFxRNilWa.epoch", "1427636206");
user_pref("extensions.9SAgET4ZFxRNilWa.url", "http://veterants.net/sync2/?q=hfZ9ofbEBM0ZtNbPhd9Fqjr4tMqLDe49CNU0n8OMCMlNhd9FqjaHrdwFqTk9rTCMBzqUojw8rd
---- Lines extensions.Gnmp7uaecNmFZyaA removed from prefs.js ----
user_pref("extensions.Gnmp7uaecNmFZyaA.epoch", "1427636206");
---- Lines extensions.jTxokGNZ5RZ8Ccde removed from prefs.js ----
user_pref("extensions.jTxokGNZ5RZ8Ccde.epoch", "1427636207");
user_pref("extensions.jTxokGNZ5RZ8Ccde.url", "http://safesitte.com/sync2/?q=hfZ9oeFEAHnMCyVUojw8rHUMg708BNmGWj8deShGheDUojw8rdrEpdw7qdn8pihIC7n0rjkErH
---- Lines extensions.wsaaxx83AfqQ5see removed from prefs.js ----
user_pref("extensions.wsaaxx83AfqQ5see.epoch", "1427636206");
user_pref("extensions.wsaaxx83AfqQ5see.url", "http://downloadnicesuperguru.in/sync2/?q=hfZ9ofbEBM0ZtNbPhd9Fqjr4tMqLDe49CNU0n8OMCMlNhd9FqjaHrdwFqTk5rTs
---- FireFox user.js and prefs.js backups ----

prefs_11.04.2015_2126_.backup

ProfilePath: C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

prefs_11.04.2015_2126_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\CDisplay not found
C:\PROGRA~2\Company not found
C:\PROGRA~2\DAUM not found
C:\PROGRA~2\Deskshare not found
C:\PROGRA~2\Hi-Rez Studios not found
C:\PROGRA~2\Seznam.cz not found
C:\PROGRA~2\Winamp not found
C:\PROGRA~3\offpholakiijgfeepekgoocfodnapido not found
C:\PROGRA~3\poboajboceealkgggalggaiojkgongad not found
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found
C:\PROGRA~3\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found
"C:\Windows\Installer\dc06bd.msi" not found
C:\PROGRA~2\CacheList deleted
C:\PROGRA~2\Themes for Facebook deleted
C:\Users\Mikey\AppData\Roaming\.minecraft deleted
C:\PROGRA~3\{92de0479-6644-4fcf-92de-e047966411e5} deleted
C:\PROGRA~3\{96d005f9-c021-3578-96d0-005f9c0217e7} deleted
C:\PROGRA~3\7895969682911285681 deleted
C:\Users\Mikey\.android deleted
C:\PROGRA~2\Splashtop deleted
C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\install.exe deleted
C:\Users\Mikey\AppData\Roaming\appdataFr3.bin deleted
C:\Users\Mikey\AppData\Roaming\extensions deleted
C:\Users\Mikey\AppData\Roaming\Wondershare deleted
C:\Users\Mikey\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\Users\Mikey\AppData\Roaming\LogFile.txt deleted
C:\Users\Mikey\AppData\Roaming\trace_FilterInstaller.1.txt deleted
C:\Users\Mikey\AppData\Roaming\trace_FilterInstaller.txt deleted
C:\Users\Mikey\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt deleted
C:\Users\Mikey\AppData\Roaming\ProductData deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Mikey\AppData\Local\Wondershare deleted
C:\Users\Mikey\AppData\Local\cache deleted
C:\Users\Mikey\AppData\LocalLow\IObit Apps deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Mikey\Documents\Add-in Express deleted
"C:\ProgramData\droidcam-settings" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Mikey\AppData\Roaming\Mozilla\Firefox\Profiles\u4mif9g1.default
DDC58F83CB93B89F7261CDFCFC6E7832 - C:\Users\Mikey\AppData\Roaming\rcru\plugins\nprcplugin.dll - Raidcall plugin
AF661355EBAB898EB92D5454AEF93CE0 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.400.43
43583AB4DFD406F4C188342F41B1F91C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll - Shockwave Flash
0302BD49CFF9780E77342871BFB8A54C - C:\Users\Mikey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118) [z-db]

HD for YouTubeâ„˘ - Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf
TastyPlug - Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\faccgibalfdoihmenknhpfhldkmgaang
AdBlock - Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Bookmark Manager - Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Facebook Unseen - Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop
Batman - Mikey\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgghlcjcfcfclibjbkpgiojmdbcmfmk

==== Chromium Startpages ======================

C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.seznam.cz/",
"startup_urls": [ "", "http://search.b1.org/?bsrc=4hcxr&chid=c167991", "http://isearch.avg.com/?cid={619F98BC-F15D-4660-A520-4CF9EA12B5BF}&mid=86e3a5b5aa6d47d3a4a13120d30a5464-b43916e1ccfd32ffa15aac98ffab6643fb63b359&lang=cz/browser=all&ds=is015&pr=sa&d=2013-02-19 17:52:13&v=14.2.0.1&pid=avg&sg=&sap=hp", "http://search.chatzum.com", "http://mysearch.avg.com/?cid={0C929525-420B-4FE0-BDF7-D1F5E27493D4}&mid=b054d23a54a547efb7571f0a6d99b101-b43916e1ccfd32ffa15aac98ffab6643fb63b359&lang=en&ds=ag011&pr=sa&d=2013-05-22 14:36:20&v=15.2.0.5&pid=safeguard&sg=3&sap=hp" ]

==== Chromium Fix ======================

C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B81E7B68E952A0439A9CC3E76A38D4A deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6B7E18B8-59E8-40A2-939A-CCE3673AD8A4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\8B81E7B68E952A0439A9CC3E76A38D4A deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 7 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 8 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent Sync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VNT deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WTFast Tray deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mikey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2377 folders=553 316926170 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Mikey\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Mikey\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 11.04.2015 at 21:33:50,95 ======================

svchost.exe prosím o kontrolu logu

svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Re: svchost.exe prosím o kontrolu logu

Kdo je online