prosím o kontrolu

Helcitka · Příspěvekod **Helcitka** » 15 kvě 2015 18:57

a poslední:

RogueKiller V10.6.3.0 [May 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Helčitka [Práva správce]
Started from : C:\Users\Helčitka\Desktop\čištění počítače\RogueKiller.exe
Mód : Prohledat -- Datum : 05/15/2015 18:54:29

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Orphan] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16} -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\htqojxfx (System32\drivers\qcwqi.sys) -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-3997427962-1689263103-3350321464-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4CEEF0D4-04A1-4DE5-B1AA-6BB7018ECF40} | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4CEEF0D4-04A1-4DE5-B1AA-6BB7018ECF40} | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4CEEF0D4-04A1-4DE5-B1AA-6BB7018ECF40} | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nalezeno
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\Hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\Hosts] ::1 localhost

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 4mi1qosj.default : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: HITACHI HTS545032B9A300 +++++
--- User ---
[MBR] 3beb3b11bd624fbb92a88de92d9e9339
[BSP] ce79de9d483880a4948789f16663956f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 258961 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 530766848 | Size: 30973 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594199552 | Size: 15108 MB
User = LL1 ... OK
User = LL2 ... OK

Reklama

Příspěvekod **jerabina** » 15 kvě 2015 19:41

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

Helcitka · Příspěvekod **Helcitka** » 15 kvě 2015 21:31

RogueKiller V10.6.3.0 [May 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Helčitka [Práva správce]
Started from : C:\Users\Helčitka\Desktop\čištění počítače\RogueKiller.exe
Mód : Smazat -- Datum : 05/15/2015 21:29:20

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Orphan] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : ->
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\htqojxfx (System32\drivers\qcwqi.sys) -> Smazáno
[PUM.HomePage] HKEY_USERS\S-1-5-21-3997427962-1689263103-3350321464-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4CEEF0D4-04A1-4DE5-B1AA-6BB7018ECF40} | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4CEEF0D4-04A1-4DE5-B1AA-6BB7018ECF40} | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4CEEF0D4-04A1-4DE5-B1AA-6BB7018ECF40} | DhcpNameServer : 172.30.0.1 192.168.0.1 [(Private Address) (XX)][-] -> Nahrazeno ()
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\Hosts] 127.0.0.1 localhost -> Smazáno
[C:\Windows\System32\drivers\etc\Hosts] ::1 localhost -> Smazáno

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 4mi1qosj.default : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: HITACHI HTS545032B9A300 +++++
--- User ---
[MBR] 3beb3b11bd624fbb92a88de92d9e9339
[BSP] ce79de9d483880a4948789f16663956f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 258961 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 530766848 | Size: 30973 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594199552 | Size: 15108 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_05152015_185429.log - RKreport_SCN_05152015_204847.log

Helcitka · Příspěvekod **Helcitka** » 15 kvě 2015 21:54

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Helčitka on pá 15.05.2015 at 21:35:31,24.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Helčitka\Desktop\čištění počítače\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15.5.2015 21:36:30 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\HandyUpdater deleted successfully
C:\Program Files\SimpleOCR deleted successfully
C:\Program Files\Winamp deleted successfully
C:\Program Files\Common Files\Symantec Shared deleted successfully
C:\PROGRA~2\AVAST Software deleted successfully
C:\PROGRA~2\AWEM deleted successfully
C:\PROGRA~2\EasyCapture deleted successfully
C:\PROGRA~2\Freemake deleted successfully
C:\PROGRA~2\LangSoft deleted successfully
C:\PROGRA~2\Symantec deleted successfully
C:\Users\Helčitka\AppData\Roaming\LangSoft deleted successfully
C:\Users\Helčitka\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Helčitka\AppData\Local\calibre-cache deleted successfully
C:\Users\Helčitka\AppData\Local\Cyberlink deleted successfully
C:\Users\Helčitka\AppData\Local\Ubisoft Game Launcher deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util qualitink deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util qualitink deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util qualitink deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update qualitink deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Update qualitink deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\HELITK~1\AppData\Roaming\Mozilla\Firefox\Profiles\4mi1qosj.default\prefs.js:
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\HELITK~1\AppData\Roaming\Mozilla\Firefox\Profiles\4mi1qosj.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\HELITK~1\AppData\Roaming\Mozilla\Firefox\Profiles\4mi1qosj.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_15.05.2015_2148_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\HandyUpdater not found
C:\Program Files\SimpleOCR not found
C:\Program Files\Winamp not found
C:\Program Files\Windows Live SkyDrive deleted
C:\Users\Helčitka\AppData\Roaming\calibre deleted
C:\windows\system32\appdata deleted
C:\Program Files\SamsungPrinterLiveUpdateInstaller deleted
C:\Users\Helčitka\AppData\Roaming\LSDSet.Txt deleted
C:\PROGRA~2\AlawarWrapper deleted
C:\PROGRA~2\SEC8626.tmp deleted
C:\PROGRA~2\SECCBA8.tmp deleted
C:\PROGRA~2\SECDA7.tmp deleted
C:\windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\windows\system32\config\systemprofile\Searches deleted
C:\Users\HELITK~1\AppData\Roaming\Mozilla\Firefox\Profiles\4mi1qosj.default\Invalidprefs.js deleted
C:\Users\HELITK~1\AppData\Roaming\Mozilla\Firefox\Profiles\4mi1qosj.default\jetpack deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\HELITK~1\AppData\Roaming\Mozilla\Firefox\Profiles\4mi1qosj.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\HELITK~1\AppData\Roaming\Mozilla\Firefox\Profiles\4mi1qosj.default
- Undetermined - C:\Users\HelÄŤitka\AppData\Roaming\Mozilla\Firefox\Profiles\4mi1qosj.default\extensions\zoteroWinWordIntegration@zotero.org
- Undetermined - C:\Users\HelÄŤitka\AppData\Roaming\Mozilla\Firefox\Profiles\4mi1qosj.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Zotero Word for Windows Integration - %ProfilePath%\extensions\zoteroWinWordIntegration@zotero.org
- Seznam litika - %ProfilePath%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Zotero - %ProfilePath%\extensions\zotero@chnm.gmu.edu.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Helčitka\AppData\Roaming\Mozilla\Firefox\Profiles\4mi1qosj.default
DC26A2A219E08DE10320E8B7D5433690 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
E42650C972D21F334EB0D3264941DCD7 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
7B40A8479A10E23E00BD58D32E1CC0A5 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
073A22FDCDAFD513DAD0D972BD2DF76E - c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll - Silverlight Plug-In
9291708CCD967887AF94BE708B43D64D - C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
DC26A2A219E08DE10320E8B7D5433690 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
632F5B29E8C27631E7AC76E330FE2980 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U7
AB87C54CA19675880B0CAE65B8AF140C - C:\windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.70.11
CF25FDD7CA6BC88442A58F74DBB6CFA6 - C:\windows\system32\Adobe\Director\np32dsw_1200112.dll - Shockwave for Director / Shockwave for Director
9AE02005247DA91AB1743F5208DBEF76 - C:\windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
15E298B5EC5B89C5994A59863969D9FF - C:\windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
6D23BB87BCF88731959BF79082D442E6 - c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrlui.dll - Microsoft® Silverlight

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]

Skype for Chromium - Helčitka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
YouTube - C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

==== Chromium Startpages ======================

C:\Users\Helčitka\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.msn.com/?pc=UP97&ocid=UP97DHP",
"urls_to_restore_on_startup": [ "http://www.msn.com/?pc=UP97&ocid=UP97DHP", "http://www.google.com" ]

C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",

==== Chromium Fix ======================

C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0B3E2780-67DA-40C5-AC3B-9B8E6ACE6BF8} Bing Url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox"

==== Reset Google Chrome ======================

C:\Users\Helčitka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Helčitka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Helčitka\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda deleted successfully

==== Empty IE Cache ======================

C:\Users\Helčitka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Helčitka\AppData\Local\Mozilla\Firefox\Profiles\4mi1qosj.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Helčitka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=63 folders=24 33902801 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Helčitka\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\HELITK~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Helčitka\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\L8Z24WA3\a248.e.akamai.net" not found
"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on pá 15.05.2015 at 21:52:52,33 ======================

Helcitka · Příspěvekod **Helcitka** » 15 kvě 2015 21:56

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:56:31, on 15.5.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe
C:\Program Files\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarDriverAdapter_550vista.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office15\MsoSync.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Users\Helčitka\Desktop\čištění počítače\HijackThis.exe
C:\windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
O1 - Hosts: ::1 localhost
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Lenovo SlideNav] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [OnekeyDM] C:\Program Files\Lenovo\OnekeyDM\OnekeyDM.exe
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [StudentDOG] C:\Program Files\Student DOG\StudentDOG.exe -h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Handy Updater] "C:\Program Files\HandyUpdater\HUpdater.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Aktivace aplikace ABBYY PDF Transformer 3.0 – Licenční služba (ABBYY.Licensing.PDFTransformer.Classic.3.0) - ABBYY - C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

--
End of file - 10776 bytes

Helcitka · Příspěvekod **Helcitka** » 15 kvě 2015 21:59

Vypadá to, že problém zmizel...od kroků z předchozího příspěvku se mi to ještě ani jednou nepřesměrovalo jinam ani nevyskočila žádná reklama. Mockrát děkuji za pomoc už jsem z toho byla zoufalá.

Příspěvekod **jerabina** » 16 kvě 2015 00:00

Ještě jeden dotaz před dočištěním, spouští se ti tam hromada programů při startu(skype apod.), mám to povypínat?

Helcitka · Příspěvekod **Helcitka** » 19 kvě 2015 15:13

ne asi ne děkuji

Příspěvekod **jerabina** » 19 kvě 2015 16:50

Tvoje volba.

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Handy Updater] "C:\Program Files\HandyUpdater\HUpdater.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku"

Helcitka · Příspěvekod **Helcitka** » 23 kvě 2015 19:37

# DelFix v1.010 - Logfile created 23/05/2015 at 19:35:59
# Updated 26/04/2015 by Xplode
# Username : Helčitka - HELČITKA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\zoek-results.log
Deleted : C:\Users\Helčitka\Desktop\JRT.txt
Deleted : C:\Users\Helčitka\Desktop\hijackthis.log
Deleted : C:\Users\Helčitka\Downloads\TFC.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

~ Cleaning system restore ...

Deleted : RP #382 [Windows Update | 04/28/2015 11:35:37]
Deleted : RP #383 [Windows Update | 05/02/2015 15:26:47]
Deleted : RP #384 [Windows Update | 05/08/2015 10:33:40]
Deleted : RP #385 [Windows Update | 05/12/2015 10:14:30]
Deleted : RP #386 [Windows Update | 05/13/2015 21:59:43]
Deleted : RP #387 [zoek.exe restore point | 05/15/2015 19:36:08]
Deleted : RP #388 [Windows Update | 05/17/2015 13:41:50]
Deleted : RP #389 [Windows Update | 05/20/2015 20:42:04]

New restore point created !

########## - EOF - ##########

Helcitka · Příspěvekod **Helcitka** » 23 kvě 2015 19:38

opravdu mockrát děkuji :-)

prosím o kontrolu Vyřešeno

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu Vyřešeno

Kdo je online