kontrola logu Vyřešeno

[JStep]

Ano, už jsem to zjistil, že jsem to provedl špatně. Teď by to mělo být ok.

RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Started from : D:\Stahovani\RogueKiller.exe
Mód : Smazat -- Datum : 05/27/2015 18:25:06

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUM.Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Smazáno
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} (C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll) -> Smazáno
[PUM.HomePage] HKEY_USERS\S-1-5-21-1617007172-572176229-3530396744-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://connect.garmin.com/transfer/upload -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1617007172-572176229-3530396744-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1617007172-572176229-3530396744-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno

¤¤¤ Antirootkit : 3 (Driver: Nahrán) ¤¤¤
[IAT:Addr(Hook.IEAT)] (explorer.exe @ ole32.dll) msvcrt.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x631c0c1f
[IAT:Addr(Hook.IEAT)] (explorer.exe @ MSONSEXT.DLL) pkmws.dll - lstrcmpiW : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x631c0c8e
[IAT:Addr(Hook.IEAT)] (explorer.exe @ MSONSEXT.DLL) msvcrt.dll - free : C:\Windows\AppPatch\AcSpecfc.DLL @ 0x631c0c1f

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[FIREFX:Addon] svdssga0.default : Video DownloadHelper [{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-1DG142 ATA Device +++++
--- User ---
[MBR] 8ff1820a5e8451148ae76178f213dd29
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 150005 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307210995 | Size: 307839 MB [Windows XP Bootstrap | Windows XP Bootloader]
2 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 937666560 | Size: 3035 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 943883010 | Size: 16057 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_01262015_231227.log - RKreport_SCN_01272015_205909.log - RKreport_DEL_01272015_210101.log - RKreport_SCN_05262015_220531.log
RKreport_SCN_05272015_180939.log - RKreport_DEL_05272015_181015.log - RKreport_DEL_05272015_181025.log - RKreport_DEL_05272015_181026.log
RKreport_SCN_05272015_182324.log

[Reklama]

[jerabina]

Ahoj, teď je to ono, udělej tedy ještě Zoek + nový log z HJT a info o problémech

[JStep]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Jirka on st 27.05.2015 at 18:28:48,20.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jirka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

27.5.2015 18:29:57 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\DsNET Corp deleted successfully
C:\Users\Jirka\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Jirka\AppData\Roaming\Opera Software deleted successfully
C:\Users\Jirka\AppData\Local\CrashDumps deleted successfully
C:\Users\Jirka\AppData\Local\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\svdssga0.default\prefs.js:

Added to C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\svdssga0.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\DsNET Corp not found
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\svdssga0.default\jetpack deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\svdssga0.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\svdssga0.default
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\svdssga0.default
DC26A2A219E08DE10320E8B7D5433690 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
E42650C972D21F334EB0D3264941DCD7 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
08ACECEB47FAF053C468D8AFE44709AD - C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update
F0E80E561C3F715DB01ACCC97B72463A - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
073A22FDCDAFD513DAD0D972BD2DF76E - C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll - Silverlight Plug-In
BE40D3882DCDC3E4BD8B284B8D5F4FDB - C:\Program Files\Garmin GPS Plugin\npGarmin.dll - Garmin Communicator Plug-In
2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash
6D23BB87BCF88731959BF79082D442E6 - C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.81

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 18:22]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Bookmark Manager - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Skype Click to Call - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chromium Startpages ======================

C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Preferences
ports_quic":{"address":"192.168.1.100","used_quic":true},"version":3}},"ntp":null,"partition":{"per_host_zoom_levels":{"2166136261":{"www.svetandroida.cz":-0.5778829311823857}}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"Odeslat do aplikace OneNote 2007\",\"selectedDestinationOrigin\":\"local\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":{\"printer\":{\"color\":{\"option\":[{\"is_default\":true,\"type\":\"STANDARD_COLOR\",\"vendor_id\":\"2\"},{\"type\":\"STANDARD_MONOCHROME\",\"vendor_id\":\"1\"}]},\"dpi\":{\"option\":[{\"horizontal_dpi\":100,\"vertical_dpi\":100},{\"horizontal_dpi\":200,\"vertical_dpi\":200},{\"horizontal_dpi\":300,\"is_default\":true,\"vertical_dpi\":300}]},\"media_size\":{\"option\":[{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},{\"custom_display_name\":\"Tabloid\",\"height_microns\":431800,\"name\":\"NA_LEDGER\",\"vendor_id\":\"3\",\"width_microns\":279400},{\"custom_display_name\":\"Legal\",\"height_microns\":355600,\"name\":\"NA_LEGAL\",\"vendor_id\":\"5\",\"width_microns\":215900},{\"custom_display_name\":\"A3\",\"height_microns\":420000,\"name\":\"ISO_A3\",\"vendor_id\":\"8\",\"width_microns\":297000},{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},{\"custom_display_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"B4 (JIS)\",\"height_microns\":364000,\"name\":\"JIS_B4\",\"vendor_id\":\"12\",\"width_microns\":257000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"Japonská pohlednice\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"43\",\"width_microns\":100000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"Odeslat do aplikace OneNote 2007\",\"dpi\":{\"horizontal_dpi\":300,\"is_default\":true,\"vertical_dpi\":300},\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000}}"}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]ororo.tv,*":{"setting":1},"[*.]www.zkouknito.cz,*":{"setting":1},"http://video.aktualne.cz:80,http://video.aktualne.cz:80":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{"http://www.lidl.cz:80,http://www.lidl.cz:80":{"setting":2},"https://wizzair.com:443,https://wizzair.com:443":{"setting":2},"https://www.alza.cz:443,https://www.alza.cz:443":{"setting":2},"https://www.modrapyramida.cz:443,https://www.modrapyramida.cz:443":{"setting":2}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]ororo.tv,*":{"fullscreen":1},"[*.]www.zkouknito.cz,*":{"fullscreen":1},"http://video.aktualne.cz:80,http://video.aktualne.cz:80":{"fullscreen":1},"http://www.lidl.cz:80,http://www.lidl.cz:80":{"geolocation":2},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://wizzair.com:443,https://wizzair.com:443":{"geolocation":2},"https://www.alza.cz:443,https://www.alza.cz:443":{"geolocation":2},"https://www.modrapyramida.cz:443,https://www.modrapyramida.cz:443":{"geolocation":2}},"pref_version":1},"created_by_version":"40.0.2214.93","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Osoba 1","password_manager_enabled":false,"per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"D:\\Stahovani","type":1},"selectfile":{"last_directory":"D:\\Jirka\\9A foto"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13066864451656823","urls_to_restore_on_startup":null},"translate_accepted_count":{"de":0,"en":0},"translate_blocked_languages":["cs"],"translate_denied_count":{"de":2,"en":1},"translate_last_denied_time":1.422478e+12,"translate_site_blacklist":[],"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
ports_quic":{"address":"192.168.1.100","used_quic":true},"version":3}},"ntp":null,"partition":{"per_host_zoom_levels":{"2166136261":{"www.svetandroida.cz":-0.5778829311823857}}},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"Odeslat do aplikace OneNote 2007\",\"selectedDestinationOrigin\":\"local\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":{\"printer\":{\"color\":{\"option\":[{\"is_default\":true,\"type\":\"STANDARD_COLOR\",\"vendor_id\":\"2\"},{\"type\":\"STANDARD_MONOCHROME\",\"vendor_id\":\"1\"}]},\"dpi\":{\"option\":[{\"horizontal_dpi\":100,\"vertical_dpi\":100},{\"horizontal_dpi\":200,\"vertical_dpi\":200},{\"horizontal_dpi\":300,\"is_default\":true,\"vertical_dpi\":300}]},\"media_size\":{\"option\":[{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},{\"custom_display_name\":\"Tabloid\",\"height_microns\":431800,\"name\":\"NA_LEDGER\",\"vendor_id\":\"3\",\"width_microns\":279400},{\"custom_display_name\":\"Legal\",\"height_microns\":355600,\"name\":\"NA_LEGAL\",\"vendor_id\":\"5\",\"width_microns\":215900},{\"custom_display_name\":\"A3\",\"height_microns\":420000,\"name\":\"ISO_A3\",\"vendor_id\":\"8\",\"width_microns\":297000},{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},{\"custom_display_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"B4 (JIS)\",\"height_microns\":364000,\"name\":\"JIS_B4\",\"vendor_id\":\"12\",\"width_microns\":257000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"Japonská pohlednice\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"43\",\"width_microns\":100000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"Odeslat do aplikace OneNote 2007\",\"dpi\":{\"horizontal_dpi\":300,\"is_default\":true,\"vertical_dpi\":300},\"mediaSize\":{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"is_default\":true,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000}}"}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"[*.]ororo.tv,*":{"setting":1},"[*.]www.zkouknito.cz,*":{"setting":1},"http://video.aktualne.cz:80,http://video.aktualne.cz:80":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{"http://www.lidl.cz:80,http://www.lidl.cz:80":{"setting":2},"https://wizzair.com:443,https://wizzair.com:443":{"setting":2},"https://www.alza.cz:443,https://www.alza.cz:443":{"setting":2},"https://www.modrapyramida.cz:443,https://www.modrapyramida.cz:443":{"setting":2}},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"[*.]ororo.tv,*":{"fullscreen":1},"[*.]www.zkouknito.cz,*":{"fullscreen":1},"http://video.aktualne.cz:80,http://video.aktualne.cz:80":{"fullscreen":1},"http://www.lidl.cz:80,http://www.lidl.cz:80":{"geolocation":2},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://wizzair.com:443,https://wizzair.com:443":{"geolocation":2},"https://www.alza.cz:443,https://www.alza.cz:443":{"geolocation":2},"https://www.modrapyramida.cz:443,https://www.modrapyramida.cz:443":{"geolocation":2}},"pref_version":1},"created_by_version":"40.0.2214.93","exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Osoba 1","password_manager_enabled":false,"per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"D:\\Stahovani","type":1},"selectfile":{"last_directory":"D:\\Jirka\\9A foto"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13066864451656823","urls_to_restore_on_startup":null},"translate_accepted_count":{"de":0,"en":0},"translate_blocked_languages":["cs"],"translate_denied_count":{"de":2,"en":1},"translate_last_denied_time":1.422478e+12,"translate_site_blacklist":[],"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
067B94","nmmhkkegccagdldgiimedpiccmgmieda":"A016AEE33C004D468C0C4F1777BD17EBE671BF825ABF300CDBB5A0BF07BDF8B6","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"2D70BC8E677EC02B8372907DE3DE9BCC1A2DB9C3DF373A1C4BA94A3902C17D8F","pjkljhegncpnkpknbcohdijeoejaedia":"E79D1EB4BC1D419815EB4910A5498953F0EF245307CC0CCA0DBC19A066E18EB3"}},"google":{"services":{"last_username":"BD7E3C119711E634A740ED084E9997CE6E3F3933329696319530BC35A1BD8B12","username":"5B8A7938EFD2E4DA585B64094873628235C3F3A5A0F1DE64D81F2A3D076C34C3"}},"homepage":"40C50E904D107F9710776B8F49DC78D2A7999389FC7C93E00A9E16ABD4696B80","homepage_is_newtabpage":"8F090BD4F3378855DD47D54C3961B733E0A19C58A5E7EE6240BFEC0F06FD38E6","pinned_tabs":"F06244F2FA98CEB1009209F64FA2E4CD08E6EC0B126345B136BEEF372D8889A3","prefs":{"preference_reset_time":"1DF7596B0136121C87C3EA68158D1447C1A61D9646FA82C395194C4D3BE0A230"},"profile":{"reset_prompt_memento":"89864CEB3798A87A951E56F26DC9583B8A9252A4F33DD9F15CCC7E55EAB0BBEA"},"safebrowsing":{"incidents_sent":"EFBEFE524536EDF251309DFB4B991E6E036B70EB2C4E3792A8485BBF1A65C1F9"},"search_provider_overrides":"800841E3BEEE5D4481A24DF87C0DE46F9BCC98B858087C4CB3DB505645A703DB","session":{"restore_on_startup":"99A0DA91D20B56738381D7727219939CD5217A5D2D294DA8DE5FFB5AEBDAB8EA","startup_urls":"83B1956CEDC261CF2C4744FB884CCD4955601F56BB9101082CB9D2EA9C84C9C5"},"software_reporter":{"prompt_reason":"1015D6BE52B24B9F106F0C073A57332EFB6A9B8E734B8BF3C45A3D4360DA8F92","prompt_seed":"98C7F936D808FFB80396C5E9DFC1EA432011A348E74EEA49A7856A074B4EBF6F","prompt_version":"FB1FFFBAA18511A844B0A4E15D2D6D3EDB6ABC84BCE12A4AC551BCAC422EB0E2"},"sync":{"remaining_rollback_tries":"37798CA832D3E3A1B563691E3F5DA338C86E48C1904184D412D70272E68D6B00"}},"super_mac":"16B0E6CD9C54D80B9076B21E0AF5FFA5DBFB91882F6DA84DAAC59C48BD81CE3B"},"session":{"restore_on_startup":4,"startup_urls":["http://www.seznam.cz/"]},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Old Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Old Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jirka\AppData\Local\Mozilla\Firefox\Profiles\svdssga0.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=120 folders=26 22017637 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jirka\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jirka\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on st 27.05.2015 at 18:47:45,95 ======================

[JStep]

Ntb běží bez problémů.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:52:02, on 27.5.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (file missing)
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5357 bytes

[jerabina]

Tak ještě dočistíme

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku"

[JStep]

Mohu se zeptat na tyto 2 položky, která automatická kontrola označuje za špatné: Děkuji.

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
Druh
Zkontrolujte Vaše PC programem Spybot S&D z Kolla.de nebo LSPFix z Cexx.org. Neopravovat! Zkusit opravit s LSPFix z Cexx.org.
Analyzerdetails
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

[jerabina]

Jedná se o legitimní součást Microsoft's Windows Live.

- Zmáčkni Win + R najednou
- vepiš do spuštění "cmd" bez úvozovek. a stiskni Enter.
- do příkazového řádku vepiš "ipconfig /flushdns" bez úvozovek a stiskni Enter.
- Po dokončení restartuj počítač

- Zmáčkni Win + R najednou
- vepiš do spuštění "cmd" bez úvozovek. a stiskni Enter.
- do příkazového řádku vepiš "netsh winsock reset" bez úvozovek a stiskni Enter.
- Po dokončení restartuj počítač

[JStep]

Delfix na 2x, neboť neumím číst...

# DelFix v1.010 - Logfile created 27/05/2015 at 19:06:13
# Updated 26/04/2015 by Xplode
# Username : Jirka - JIRKA-PC
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\zoek-results.log
Deleted : C:\Users\Jirka\Desktop\JRT.txt
Deleted : C:\Users\Jirka\Desktop\HiJackThis.lnk
Deleted : C:\Users\Jirka\Desktop\hijackthis.log
Deleted : C:\Users\Jirka\Desktop\zoek.exe
Deleted : C:\Users\Jirka\Desktop\zoek.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########


# DelFix v1.010 - Logfile created 27/05/2015 at 19:13:51
# Updated 26/04/2015 by Xplode
# Username : Jirka - JIRKA-PC
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Program Files\Trend Micro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #338 [Windows Update | 05/24/2015 20:37:25]
Deleted : RP #339 [Windows Update | 05/25/2015 16:06:37]
Deleted : RP #340 [Installed HiJackThis | 05/25/2015 16:31:00]
Deleted : RP #341 [Removed Java 8 Update 45 | 05/25/2015 17:00:25]
Deleted : RP #342 [Windows Update | 05/25/2015 17:33:23]
Deleted : RP #343 [Windows Update | 05/25/2015 21:19:12]
Deleted : RP #345 [Windows Live Essentials | 05/26/2015 15:30:16]
Deleted : RP #347 [Nainstalováno rozhraní DirectX | 05/26/2015 15:32:49]
Deleted : RP #349 [Nainstalováno rozhraní DirectX | 05/26/2015 15:33:43]
Deleted : RP #351 [Nainstalováno rozhraní DirectX | 05/26/2015 15:34:36]
Deleted : RP #352 [WLSetup | 05/26/2015 15:37:46]
Deleted : RP #353 [Windows Update | 05/26/2015 20:08:02]
Deleted : RP #354 [zoek.exe restore point | 05/27/2015 16:29:29]

New restore point created !

########## - EOF - ##########

[jerabina]

Dobře, proveď ještě mé minulé pokyny a pokud teda nejsou problémy tak to můžeš uzamknout zelenou "fajfkou"

[JStep]

Provedeno. Děkuji za pomoc a věnovaný čas. Hezký večer. J*