Prosim o kontrolu logu Vyřešeno

[LuckyB]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:15:28, on 4.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
CHROME: 43.0.2357.81
FIREFOX: 38.0.5 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Lucky\AppData\Roaming\iRadioDesktop\app.exe
C:\Users\Lucky\AppData\Roaming\iRadioDesktop\app.exe
C:\Users\Lucky\AppData\Roaming\iRadioDesktop\app.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Users\Lucky\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lucky\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [TishAyof] regsvr32.exe "C:\ProgramData\TishAyof\RuxuKazk.ycn"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: iRadio.lnk = Lucky\AppData\Roaming\iRadioDesktop\iRadioDesktop.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: AUSC USB IO Service (USBIOService) - Teledyne - C:\Windows\SysWOW64\USBIOService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15011 bytes

[Reklama]

[jerabina]

Ahoj, vítej na fóru PC-HELP!

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[LuckyB]

# AdwCleaner v4.206 - Log vytvořen 04/06/2015 v 16:50:35
# Aktualizováno 01/06/2015 by Xplode
# Databáze : 2015-06-01.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Lucky - LUCKY-PC
# Spuštěno z : C:\Users\Lucky\Desktop\AdwCleaner.exe
# Nastavení : Sken

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files (x86)\HDvidCodec.com
Složka Nalezeno : C:\ProgramData\Babylon
Složka Nalezeno : C:\ProgramData\Partner
Složka Nalezeno : C:\ProgramData\Tarma Installer
Složka Nalezeno : C:\Users\Lucky\AppData\Roaming\ARecEngine
Složka Nalezeno : C:\Users\Lucky\AppData\Roaming\Babylon
Složka Nalezeno : C:\Users\Lucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Složka Nalezeno : C:\Users\Lucky\AppData\Roaming\OpenCandy
Soubor Nalezeno : C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
Soubor Nalezeno : C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Nalezeno : HKCU\Software\1ClickDownload
Klíč Nalezeno : HKCU\Software\APN PIP
Klíč Nalezeno : HKCU\Software\AppDataLow\Software\Crossrider
Klíč Nalezeno : HKCU\Software\BABSOLUTION
Klíč Nalezeno : HKCU\Software\Classes\pokki
Klíč Nalezeno : HKCU\Software\DataMngr
Klíč Nalezeno : HKCU\Software\DataMngr_Toolbar
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ibabylon.cz
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wlogin.icq.com
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Klíč Nalezeno : HKCU\Software\PIP
Klíč Nalezeno : [x64] HKCU\Software\1ClickDownload
Klíč Nalezeno : [x64] HKCU\Software\APN PIP
Klíč Nalezeno : [x64] HKCU\Software\BABSOLUTION
Klíč Nalezeno : [x64] HKCU\Software\DataMngr
Klíč Nalezeno : [x64] HKCU\Software\DataMngr_Toolbar
Klíč Nalezeno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíč Nalezeno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Klíč Nalezeno : [x64] HKCU\Software\PIP
Klíč Nalezeno : HKLM\SOFTWARE\a6d88ab73aea45
Klíč Nalezeno : HKLM\SOFTWARE\Babylon
Klíč Nalezeno : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Prod.cap
Klíč Nalezeno : HKLM\SOFTWARE\DataMngr
Klíč Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\dnllcmllkjofnojidnaknldfehfhehoo
Klíč Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\kkfggacklibaabdomphfdpcodjgihgon
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Klíč Nalezeno : HKLM\SOFTWARE\PIP
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Klíč Nalezeno : [x64] HKLM\SOFTWARE\DeviceVM
Klíč Nalezeno : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v

[C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A06CAC72891F37B4&affID=119776&tsp=4948
[C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A06CAC72891F37B4&affID=119776&tsp=4948
[C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Extension] : dnllcmllkjofnojidnaknldfehfhehoo
[C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Extension] : kkfggacklibaabdomphfdpcodjgihgon
[C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Homepage] : hxxp://www1.delta-search.com/?babsrc=HP ... 6&tsp=4948

*************************

AdwCleaner[R0].txt - [4788 bytů] - [04/06/2015 16:50:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4846 bytů] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 4.6.2015
Čas skenování: 16:57:02
Protokol: 1.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.04.03
Databáze rootkitů: v2015.06.02.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Lucky

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 409233
Uplynulý čas: 11 min, 56 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 17
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [971c0da95e2cc571ced4534a7d86d030],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [971c0da95e2cc571ced4534a7d86d030],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [971c0da95e2cc571ced4534a7d86d030],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, , [b102caecb2d8ad892383eeaf996ab14f],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, , [b102caecb2d8ad892383eeaf996ab14f],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, , [b102caecb2d8ad892383eeaf996ab14f],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, , [b102caecb2d8ad892383eeaf996ab14f],
PUP.Optional.Babylon.A, HKU\S-1-5-21-888528919-1785113793-223553279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [e6cdcfe74644ab8b2025570d33d01de3],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, , [179c11a5b2d894a2cfefc35855af7e82],
PUP.Optional.HDVidCodec.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dnllcmllkjofnojidnaknldfehfhehoo, , [12a14c6abdcdeb4b2f710645ef16d729],
PUP.Optional.FreeHD.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kkfggacklibaabdomphfdpcodjgihgon, , [5d56ddd9b6d40a2cd249d1528c788e72],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-888528919-1785113793-223553279-1001\SOFTWARE\1ClickDownload, , [4271bff7bad0072f41c874d808fdbf41],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-888528919-1785113793-223553279-1001\SOFTWARE\DataMngr, , [486bc7efb3d7191d386178d2877e8f71],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-888528919-1785113793-223553279-1001\SOFTWARE\DataMngr_Toolbar, , [585b8c2ab8d2c175deba2a20d035a65a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-888528919-1785113793-223553279-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [c7ec05b1f595cf6796334618c73e3dc3],
PUP.Optional.Babylon.A, HKU\S-1-5-21-888528919-1785113793-223553279-1001\SOFTWARE\BABSOLUTION\Updater, , [d7dc773f4c3e25110695ae9db84d827e],
PUP.Optional.HDVidCodec.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickDownload, , [bbf81f979bef88ae867f7e364cb78b75],

Hodnoty registru: 2
PUP.Optional.Delta.A, HKU\S-1-5-21-888528919-1785113793-223553279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A06CAC72891F37B4&affID=119776&tsp=4948, , [f9ba1a9c8dfd86b0f25760187b8a2bd5]
PUP.Optional.Babylon.A, HKU\S-1-5-21-888528919-1785113793-223553279-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, , [7a393482d3b7b68096f83da844bfca36]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 5
PUP.Optional.HDVidCodec.A, C:\Users\Lucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com, , [a310476f7b0f082eecb3f952c540bc44],
PUP.Optional.OpenCandy, C:\Users\Lucky\AppData\Roaming\OpenCandy, , [773c179fbdcdbe78bb04ac06f0139a66],
PUP.Optional.OpenCandy, C:\Users\Lucky\AppData\Roaming\OpenCandy\D1526E4F913244F79C84DB7117248404, , [773c179fbdcdbe78bb04ac06f0139a66],
PUP.Optional.TVApp.A, C:\Program Files (x86)\IlemiTVApp.com, , [b7fcdcda25653cfa5d7bb5fda75c15eb],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com, , [bbf81f979bef88ae867f7e364cb78b75],

Soubory: 16
PUP.Optional.CoolMirage.A, C:\Program Files (x86)\hdvidcodec.com\HDVidCodec.exe, , [cae9d7df3753ae88fd3ca0d136d0a060],
PUP.Optional.CrossRider, C:\Program Files (x86)\hdvidcodec.com\HDvidCodecIE.exe, , [6b480bab6e1c3ff72b7cec6c7c8547b9],
PUP.Optional.CoolMirage.A, C:\Program Files (x86)\hdvidcodec.com\hdvidextsetup.exe, , [3e75278f4a4044f2f04999d87393a25e],
PUP.Optional.Delta.A, C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage, , [fbb8a80e1b6f1e18cabafe0a39cb05fb],
PUP.Optional.Delta.A, C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www1.delta-search.com_0.localstorage-journal, , [8c27773f048662d4ec987395f80cb44c],
PUP.Optional.HDVidCodec.A, C:\Users\Lucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk, , [a310476f7b0f082eecb3f952c540bc44],
PUP.Optional.HDVidCodec.A, C:\Users\Lucky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk, , [a310476f7b0f082eecb3f952c540bc44],
PUP.Optional.OpenCandy, C:\Users\Lucky\AppData\Roaming\OpenCandy\D1526E4F913244F79C84DB7117248404\PokkiInstaller.exe, , [773c179fbdcdbe78bb04ac06f0139a66],
PUP.Optional.TVApp.A, C:\Program Files (x86)\IlemiTVApp.com\stv10.crx, , [b7fcdcda25653cfa5d7bb5fda75c15eb],
PUP.Optional.TVApp.A, C:\Program Files (x86)\IlemiTVApp.com\stvtemp.xpi, , [b7fcdcda25653cfa5d7bb5fda75c15eb],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\b.bmp, , [bbf81f979bef88ae867f7e364cb78b75],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\finish.bmp, , [bbf81f979bef88ae867f7e364cb78b75],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\FinishHDVID.exe, , [bbf81f979bef88ae867f7e364cb78b75],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\HDvidCodec10.crx, , [bbf81f979bef88ae867f7e364cb78b75],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\hdvid_temp.bmp, , [bbf81f979bef88ae867f7e364cb78b75],
PUP.Optional.HDVidCodec.A, C:\Program Files (x86)\hdvidcodec.com\uninst.exe, , [bbf81f979bef88ae867f7e364cb78b75],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jerabina]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[LuckyB]

# AdwCleaner v4.206 - Log vytvořen 04/06/2015 v 18:15:30
# Aktualizováno 01/06/2015 by Xplode
# Databáze : 2015-06-01.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Lucky - LUCKY-PC
# Spuštěno z : C:\Users\Lucky\Desktop\AdwCleaner.exe
# Nastavení : Sken

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [4968 bytů] - [04/06/2015 16:50:35]
AdwCleaner[R1].txt - [5026 bytů] - [04/06/2015 17:18:25]
AdwCleaner[R2].txt - [960 bytů] - [04/06/2015 18:02:33]
AdwCleaner[R3].txt - [825 bytů] - [04/06/2015 18:15:30]
AdwCleaner[S0].txt - [4449 bytů] - [04/06/2015 17:19:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [940 bytů] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 4.6.2015
Čas skenování: 17:38:28
Protokol: 1.txt
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.06.04.03
Databáze rootkitů: v2015.06.02.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Lucky

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 409181
Uplynulý čas: 10 min, 15 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.8 (06.03.2015:1)
OS: Windows 7 Home Premium x64
Ran by Lucky on źt 04.06.2015 at 17:57:11,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{083BAE4C-4A8E-48ED-B8C9-9E9A7A1C967D}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{1F94BF07-13EB-42BE-ABEA-6D9F48AAE762}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{2497776F-461A-41D5-8323-8A4AA4A49612}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{33BBA6EC-F6D2-4ABB-9C86-486DA0DCFC6E}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{349EC331-9AAD-43D8-B972-708C1D1F402F}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{433DB42F-FFEF-4FD9-9328-FD48B22E7399}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{4C3C1796-AEBC-47D6-8F27-44BD60E06F33}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{537F4055-DE2B-44EE-BBB6-ECBE8554B124}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{55838CAE-3F06-4656-BB10-C5B72002F50E}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{5E32047D-2420-4151-B315-9347F0630258}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{6A1773C7-19E9-4BC5-9043-9663BCDC1CD4}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{6B6275A4-86DA-4773-A193-6A44AC1673ED}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{6B6F0F68-B99F-4FBC-B585-2BA306C3E6F4}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{7BCCFDE5-CBD1-47EA-80FD-140998990594}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{8098A227-CA84-4EE7-84E9-83AF171C7E8D}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{91212DAB-D7AA-4C29-A850-3AC593C16AFA}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{97706C05-9D64-42B9-BE1F-00C399D20ADE}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{9BD61964-16B5-4A30-B870-6DF0F1D1D252}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{9CC0259C-0AB3-43B4-8E41-78EBDF716E07}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{A262124F-2383-4AF1-9F77-6F5008E6B6E7}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{A627441C-503F-430C-B39C-3E85281CC34A}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{A791CCAF-B23A-494E-94F0-F6651677A46B}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{B8CB2DA5-29CD-4A72-9CC1-0F7283B35578}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{B8E77D2E-19AD-4BAF-B2B1-4ED0FFBCBF64}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{BA80EE25-010F-4065-BCC2-A3C77A0B2911}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{CF5778EC-D576-4ADF-9B34-A74308389A04}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{CFDA01CA-A4BC-43D8-86A3-696011D551AF}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{DA64199F-720C-4490-9B1E-CF01CC5F1086}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{DCCE5F28-C8D9-4496-8B02-FCC9E81227CA}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{E477A965-398A-4F24-9232-816417EFA61F}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{EDE4A3D0-0FB7-4478-AD8D-2ABEC5A37B8B}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{F08B7B95-A829-45BD-BFCE-6810ED576DE4}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{F1CE9164-1CAE-4DB2-8F3F-F41158709BC6}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{F287C456-EB2B-444A-AF57-044D79C7792D}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{F7047D33-5FE2-4F1D-A0F5-82A4D9723302}
Successfully deleted: [Empty Folder] C:\Users\Lucky\appdata\local\{FD7C63DE-41EC-4F70-9716-462C0236A0F3}



~~~ FireFox

Emptied folder: C:\Users\Lucky\AppData\Roaming\mozilla\firefox\profiles\z9hv1sht.default\minidumps [126 files]



~~~ Chrome


[C:\Users\Lucky\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Lucky\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Lucky\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Lucky\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 04.06.2015 at 18:01:19,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V10.8.1.0 (x64) [Jun 3 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Lucky [Práva správce]
Started from : C:\Users\Lucky\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 06/04/2015 18:13:02

¤¤¤ Procesy : 5 ¤¤¤
[Proc.Injected] explorer.exe(1756) -- C:\Windows\Explorer.EXE[7] -> Zastaveno [TermProc]
[Proc.Injected] BJMYPRT.EXE(4120) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[7] -> Zastaveno [TermProc]
[Proc.Injected] hkcmd.exe(1856) -- C:\Windows\System32\hkcmd.exe[7] -> Zastaveno [TermProc]
[Proc.Injected] unsecapp.exe(5960) -- C:\Windows\system32\wbem\unsecapp.exe[7] -> Zastaveno [TermProc]
[Proc.Injected] CNSEMAIN.EXE(6032) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE[7] -> Zastaveno [TermProc]

¤¤¤ Registry : 19 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Setwallpaper : c:\programdata\SetWallpaper.cmd [x] -> Nalezeno
[Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Windows\CurrentVersion\Run | TishAyof : regsvr32.exe "C:\ProgramData\TishAyof\RuxuKazk.ycn" [7][-] -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.bing.com -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.bing.com -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : www.bing.com -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : www.bing.com -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B179F2A-14EE-40DB-8D10-349E452AB4B1} | DhcpNameServer : 13.5.0.10 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C8AB07C-D3AE-45DE-A144-FAF277E02B0D} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B179F2A-14EE-40DB-8D10-349E452AB4B1} | DhcpNameServer : 13.5.0.10 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8C8AB07C-D3AE-45DE-A144-FAF277E02B0D} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2B179F2A-14EE-40DB-8D10-349E452AB4B1} | DhcpNameServer : 13.5.0.10 [UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8C8AB07C-D3AE-45DE-A144-FAF277E02B0D} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][X] -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] z9hv1sht.default : user_pref("network.proxy.type", 4); -> Nalezeno
[PUM.HomePage][FIREFX:Config] z9hv1sht.default : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPKT-80PK4T0 +++++
--- User ---
[MBR] c6a7e9deaba1e182d20eaff50421e212
[BSP] b68f61f8a60fa206fb2655c77543333f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 313006 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 693467136 | Size: 376797 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.


Vlož nový log z HJT + informuj o problémech.

[LuckyB]

RogueKiller V10.8.1.0 (x64) [Jun 3 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Lucky [Práva správce]
Started from : C:\Users\Lucky\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 06/04/2015 19:43:34

¤¤¤ Procesy : 3 ¤¤¤
[Suspicious.Path|VT.Unknown] app.exe(7068) -- C:\Users\Lucky\AppData\Roaming\iRadioDesktop\app.exe[-] -> Zastaveno [TermProc]
[Suspicious.Path|VT.Unknown] app.exe(1756) -- C:\Users\Lucky\AppData\Roaming\iRadioDesktop\app.exe[-] -> Zastaveno [TermThr]
[Suspicious.Path|VT.Unknown] app.exe(5636) -- C:\Users\Lucky\AppData\Roaming\iRadioDesktop\app.exe[-] -> Zastaveno [TermProc]

¤¤¤ Registry : 20 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Setwallpaper : c:\programdata\SetWallpaper.cmd [x] -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Windows\CurrentVersion\Run | TishAyof : regsvr32.exe "C:\ProgramData\TishAyof\RuxuKazk.ycn" [7][-] -> Smazáno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Windows\CurrentVersion\Run | TishAyof : regsvr32.exe "C:\ProgramData\TishAyof\RuxuKazk.ycn" [7][-] -> ERROR [2]
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.bing.com -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.bing.com -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus.msn.com -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : www.bing.com -> Nahrazeno (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : www.bing.com -> Nahrazeno (http://search.msn.com/spbasic.htm)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][X] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][X] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2B179F2A-14EE-40DB-8D10-349E452AB4B1} | DhcpNameServer : 13.5.0.10 [UNITED STATES (US)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C8AB07C-D3AE-45DE-A144-FAF277E02B0D} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2B179F2A-14EE-40DB-8D10-349E452AB4B1} | DhcpNameServer : 13.5.0.10 [UNITED STATES (US)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8C8AB07C-D3AE-45DE-A144-FAF277E02B0D} | DhcpNameServer : 217.195.165.131 217.195.160.10 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2B179F2A-14EE-40DB-8D10-349E452AB4B1} | DhcpNameServer : 13.5.0.10 [UNITED STATES (US)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8C8AB07C-D3AE-45DE-A144-FAF277E02B0D} | DhcpNameServer : 217.195.165.131 217.195.160.10 [X][CZECH REPUBLIC (CZ)] -> Nahrazeno ()

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 3 ¤¤¤
[FIREFX:Addon] z9hv1sht.default : Avast Online Security [wrc@avast.com] -> Smazáno
[PUM.Proxy][FIREFX:Config] z9hv1sht.default : user_pref("network.proxy.type", 4); -> Nahrazeno (0)
[PUM.HomePage][FIREFX:Config] z9hv1sht.default : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPKT-80PK4T0 +++++
--- User ---
[MBR] c6a7e9deaba1e182d20eaff50421e212
[BSP] b68f61f8a60fa206fb2655c77543333f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 313006 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 693467136 | Size: 376797 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06042015_181302.log - RKreport_SCN_06042015_194130.log


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Lucky on źt 04.06.2015 at 19:46:04,01.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lucky\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

4.6.2015 19:47:03 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\Google deleted successfully
C:\Users\Lucky\AppData\Roaming\MAGIX deleted successfully
C:\Users\Lucky\AppData\Local\Axialis deleted successfully
C:\Users\Lucky\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Lucky\AppData\Roaming\Mozilla\Firefox\Profiles\z9hv1sht.default\prefs.js:
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "Google (avast)");
user_pref("browser.search.selectedEngine", "Google (avast)");
user_pref("browser.search.order.1", "Google (avast)");

Added to C:\Users\Lucky\AppData\Roaming\Mozilla\Firefox\Profiles\z9hv1sht.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\MSTS Activity Analysis deleted
C:\PROGRA~3\OberonGameConsole deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-888528919-1785113793-223553279-1001 deleted
C:\Users\Lucky\AppData\Roaming\Mozilla\Firefox\Profiles\z9hv1sht.default\Invalidprefs.js deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Lucky\AppData\Roaming\Mozilla\Firefox\Profiles\z9hv1sht.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22.04.2015 13:55]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Lucky\AppData\Roaming\Mozilla\Firefox\Profiles\z9hv1sht.default
08ACECEB47FAF053C468D8AFE44709AD - C:\Users\Lucky\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[22.04.2015 13:55]

Avast Online Security - Lucky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Startpages ======================

C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Preferences
"was_installed_by_default":false},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webview"],"explicit_host":["https://checkout.google.com/*","https://sandbox.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://checkout.google.com/*","https://sandbox.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13062757045307045","lastpingday":"13062672003865262","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"cs","default_locale":"en","description":"Peněženka Google pro digitální zboží","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Peněženka Google","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://checkout.google.com/","https://sandbox.google.com/checkout/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.0.6.1"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.1_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13048863616133193","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","<all_urls>"],"version":"1.2.0.1"},"path":"C:\\Users\\Lucky\\AppData\\Local\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false}}},"homepage":"","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"4B40E9F0D42452707295D584A0EDD30C1D1107AA4874B070402F97E2CDBBC6B7"},"default_search_provider":{"keyword":"1AD4AAC1CCCAC78B9BF8E7EE970B8B522E370B560D0AFED9D366491380B119FE","name":"49435642491F90001665CDFEE13EECCB5CCB1215DBDFBF8F2EC8D2971199B0AC","search_url":"7866EBD6C63FF6D43FAB7885FD9A282AC099657B16EF893099A5DDF2498E95D9"},"default_search_provider_data":{"template_url_data":"7AE005DD6D97E2D0AB085F4CE2BC59B2321824C5750AE865FFBEC59C5644A92A"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"AC42AA1444EB971610D3E8C99925B4BEA15F608584F3F3BB3B0F6BA89FE12BBA","bepbmhgboaologfdajaanbcjmnhjmhfn":"F8490D1F0D5771D8C26FB9E8695FAB3F97CA738453ED00C946EC45DC1D9D88AD","dnllcmllkjofnojidnaknldfehfhehoo":"89287936F17C002E9C447EC68A90BA6474325EFFAA0591283C12518EEE6F2A2E","eemcgdkfndhakfknompkggombfjjjeno":"CBDF9935D19E7FCED37FAE83FE8EF27C24533AE72B5B4DE19F48DF6E9B87288D","ennkphjdgehloodpbhlhldgbnhmacadg":"681C208D87665FC7AEE7EFEC7C79781FEE30F9AC9335D08701FA00E6AEAD4124","gfdkimpbcpahaombhbimeihdjnejgicl":"EF7DE739CDEA7920EA17CA5FF2875570FFACD2CF6DCDCE15A107AA99607540FD","gomekmidlodglbbmalcneegieacbdmki":"EEB6C4AA58439608C6A35E5D2E9981D8B8BBA772106EE61955CBD23BD7343B41","kkfggacklibaabdomphfdpcodjgihgon":"BAD0B88319C23D376D12C33623D1536401C1F98D1460E518E1850317C9B088E6","kmendfapggjehodndflmmgagdbamhnfd":"85A4B0B2CBB1DCF3EA7938DA23B54107FAD7EA2277AC02C6CEBF56482CA47351","mfehgcgbbipciphmccgaenjidiccnmng":"AD54673118D6758EF7EF2BA509410511746ACB5A4CDEFE462531550D9E23F1D7","mgndgikekgjfcpckkfioiadnlibdjbkf":"D3AADEABAAFAD90C1855F4943A36E8BA78B857E298A56074094328E62D1A3174","mhjfbmdgcfjbbpaeojofohoefgiehjai":"7118C8247A23E526B94A685F5BF7D26D2247EFDCE605E2EACD76EC6C8C7CBDFC","neajdppkdcdipfabeoofebfddakdcjhd":"7304E5C9F4E44D168D61AEAEB9F6B2FF2036F9BE5DE914EFEEDF04A6C786976B","nkeimhogjdpnpccoofpliimaahmaaome":"111A58733FCD39CCCFE8F71D7C033A7D1F01AEEF9D16D9DE9FC92891997C969E","nmmhkkegccagdldgiimedpiccmgmieda":"FFA6FB1AA3C73974D6B9227C83041A9450D6CB63C4F109DBCC2E744239F69D75","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"F36D8AC185B43150AA9E6BAACB43AA79CD713B906A7C20E7A8FDCCC596B8F3E4"}},"google":{"services":{"last_username":"F2DB9A68715D94871A0803719D4F372F0E51A9957872180A9315BB9022655497","username":"142E3C4E501E05D2F9D3208AB9D358F5CFD7B06706EAE03F9ADBF732B2465267"}},"homepage":"CF7FE2CEBA0A83B24D858FDDDC381B3EEBE2565F24F1CDD9E308BFE96A484F67","homepage_is_newtabpage":"88805E9FC6F926501FA390862C5F24AF826CAA3BFF13F3ED151C5D52E97F8772","pinned_tabs":"8A72C52BD2F7B2CB3A6BFFDDB3DCEDFC48AB3FABBB5B755188F71EDA09A1D642","prefs":{"preference_reset_time":"63EABC0FF2059D7A3D6EDC195DFD4D7DA2F7BF575E8A6AFE2039615A8E9077F2"},"profile":{"reset_prompt_memento":"234694B7C39E6647B81DC0AC7D957E2D15EBC2061E964C4C6F33A794F6CCBF80"},"safebrowsing":{"incidents_sent":"FD85A7E48AC79FEC4F0DE388CC127B8682294669C5D82D0458F40DA53146991C"},"search_provider_overrides":"809A6EFD5DE0340F6789544E34EF121F070EF792DCB43589D24F46AC6AC990DD","session":{"restore_on_startup":"40B759E6C4F572506FEF756BD5FA0DCC63430FCCD65105EF8E36235E4B24EBF6","startup_urls":"974B9BEE857AA3C58F235B693711834369E0950BB73BCC8D6D745443118C45C0"},"software_reporter":{"prompt_reason":"4C3B6C2ED82672E3E9DA4AE55E378778F05581970E1A6FEDE54DBB87061E7F08","prompt_seed":"AE9E2FF9CCE5152EFE49B105EEF95C84E65CA98150D98A410B19AB65A8277292","prompt_version":"F85D03F3D84A79B70B8342326D32807F8DFC6015F7E9D0EAE5A13DDA4ABF1C25"},"sync":{"remaining_rollback_tries":"B69580DB996A9D5F6A469FF3D5C45233CE8C90EC1B25D81D3F5A0C6E1030FF6C"}},"super_mac":"B62573252114081271C080D97732A0BA58F17ABABA800903EEA99937D235F809"},"session":{"restore_on_startup":4,"startup_urls":["https://www.seznam.cz/?clid=22668"]},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Old Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-888528919-1785113793-223553279-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Lucky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Lucky\AppData\Local\Mozilla\Firefox\Profiles\z9hv1sht.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Lucky\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=36 folders=6 3686023 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Lucky\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Lucky\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Lucky\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3MQA9UA\bbcdn-bbnaut.ibillboard.com" not found
"C:\Users\Lucky\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3MQA9UA\fbstatic-a.akamaihd.net" not found

==== EOF on źt 04.06.2015 at 20:06:42,86 ======================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:11:16, on 4.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17801)
CHROME: 43.0.2357.81
FIREFOX: 38.0.5 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Lucky\AppData\Roaming\iRadioDesktop\app.exe
C:\Users\Lucky\AppData\Roaming\iRadioDesktop\app.exe
C:\Users\Lucky\AppData\Roaming\iRadioDesktop\app.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Users\Lucky\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lucky\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: iRadio.lnk = Lucky\AppData\Roaming\iRadioDesktop\iRadioDesktop.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: AUSC USB IO Service (USBIOService) - Teledyne - C:\Windows\SysWOW64\USBIOService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14916 bytes


V tuhle chvili se to tvari ze je vsechno OK

[jerabina]

Tak ještě dočistíme

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lucky\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Lucky\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku"

[LuckyB]

# DelFix v1.010 - Logfile created 05/06/2015 at 08:45:47
# Updated 26/04/2015 by Xplode
# Username : Lucky - LUCKY-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\zoek-results.log
Deleted : C:\Users\Lucky\Desktop\AdwCleaner.exe
Deleted : C:\Users\Lucky\Desktop\JRT.exe
Deleted : C:\Users\Lucky\Desktop\HijackThis.exe
Deleted : C:\Users\Lucky\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Lucky\Desktop\TFC.exe
Deleted : C:\Users\Lucky\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #330 [Naplánovaný kontrolní bod | 03/27/2015 14:03:52]
Deleted : RP #331 [Windows Update | 03/31/2015 12:35:54]
Deleted : RP #332 [Windows Update | 04/04/2015 15:19:18]
Deleted : RP #333 [Windows Update | 04/10/2015 06:37:36]
Deleted : RP #334 [Windows Update | 04/14/2015 06:38:07]
Deleted : RP #335 [Windows Update | 04/15/2015 04:48:54]
Deleted : RP #336 [Windows Update | 04/21/2015 13:11:15]
Deleted : RP #337 [avast! antivirus system restore point | 04/22/2015 11:53:30]
Deleted : RP #338 [Windows Update | 04/28/2015 13:11:07]
Deleted : RP #339 [Windows Update | 05/02/2015 08:23:22]
Deleted : RP #340 [Windows Update | 05/05/2015 22:15:04]
Deleted : RP #341 [Windows Update | 05/12/2015 06:42:31]
Deleted : RP #342 [Windows Update | 05/13/2015 05:08:13]
Deleted : RP #343 [Windows Update | 05/19/2015 11:15:07]
Deleted : RP #344 [Windows Update | 05/20/2015 18:14:10]
Deleted : RP #345 [Windows Update | 05/26/2015 11:21:53]
Deleted : RP #346 [Windows Update | 05/30/2015 07:09:53]
Deleted : RP #347 [zoek.exe restore point | 06/04/2015 17:46:44]

New restore point created !

########## - EOF - ##########

Tak uz to opravdu vypada ze je po problemech.
Dekuju moc za pomoc.