Problém s Flesh pamětí

jirkaaa · Příspěvekod **jirkaaa** » 11 čer 2015 12:26

díky moc všem za pomoc, ale když vidím jak je to zdlouhavé chci se zeptat....když naformátuji disk a nainstaluji nový systém, zbavím se viru?

Jirka

Reklama

Příspěvekod **jerabina** » 11 čer 2015 17:21

Ano, viry přeinstalaci systému nepřežijou :-)

Pokud ale nechceš dělat přeinstalaci, tak pokračuj předchozími instrukcemi.

jirkaaa · Příspěvekod **jirkaaa** » 12 čer 2015 23:36

# AdwCleaner v4.206 - Log vytvořen 12/06/2015 v 00:33:14
# Aktualizováno 01/06/2015 by Xplode
# Databáze : 2015-06-09.1 [Server]
# Operační system : Windows 7 Ultimate Service Pack 1 (x64)
# Uživatelské jméno : jirka2 - JIRKA2-PC
# Spuštěno z : C:\Users\jirka2\Desktop\AdwCleaner.exe
# Nastavení : Čištění

***** [ Služby ] *****

Služba Smazáno : APNMCP

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\apn
Složka Smazáno : C:\ProgramData\AskPartnerNetwork
Složka Smazáno : C:\ProgramData\simplitec
Složka Smazáno : C:\ProgramData\b5a5942846b5dec5
Složka Smazáno : C:\Program Files (x86)\AskPartnerNetwork
Složka Smazáno : C:\Users\jirka2\AppData\Local\Temp\apn
Složka Smazáno : C:\Users\jirka2\AppData\Local\AskPartnerNetwork
Složka Smazáno : C:\Users\jirka2\AppData\Local\genienext
Složka Smazáno : C:\Users\jirka2\AppData\Local\Mobogenie
Složka Smazáno : C:\Users\jirka2\AppData\Roaming\newnext.me
Složka Smazáno : C:\Users\jirka2\AppData\Roaming\OpenCandy
Složka Smazáno : C:\Users\jirka2\AppData\Roaming\simplitec
Složka Smazáno : C:\Users\jirka2\AppData\Roaming\Mozilla\Firefox\Profiles\ui3i6hgz.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
Složka Smazáno : C:\ProgramData\kgoejhkdknkhfaeeaflpfcgikkopbkkg
Soubor Smazáno : C:\Windows\System32\roboot64.exe
Soubor Smazáno : C:\Users\jirka2\daemonprocess.txt
Soubor Smazáno : C:\Users\jirka2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cs.reimageplus.com_0.localstorage
Soubor Smazáno : C:\Users\jirka2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cs.reimageplus.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Hodnota Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Hodnota Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5350-4500-76A7-7A786E7484D7}]
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4F524A2D-5350-4500-76A7-7A786E7484D7}]
Hodnota Smazáno : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Hodnota Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4F524A2D-5350-4500-76A7-7A786E7484D7}]
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F96FB2F3-23C5-47E6-9E0A-7B3B4F87CBBE}
Hodnota Smazáno : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Klíč Smazáno : HKCU\Software\AskPartnerNetwork
Klíč Smazáno : HKCU\Software\BI
Klíč Smazáno : HKCU\Software\eSupport.com
Klíč Smazáno : HKCU\Software\Myfree Codec
Klíč Smazáno : HKCU\Software\Softonic
Klíč Smazáno : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Klíč Smazáno : HKLM\SOFTWARE\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Myfree Codec
Klíč Smazáno : HKU\.DEFAULT\Software\AskPartnerNetwork
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Klíč Smazáno : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Data Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Prohlížeče ] *****

-\\ Internet Explorer v8.0.7601.17514

Nastavení Obnoveno : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v38.0.1 (x86 cs)

-\\ Google Chrome v

-\\ Opera v30.0.1835.59

[C:\Users\jirka2\AppData\Roaming\Opera Software\Opera Stable\Web Data] - Smazáno [Search Provider] : hxxp://search.bearshare.com/web?src=opb&systemid=2&q={searchTerms}

*************************

AdwCleaner[R0].txt - [6849 bytů] - [09/06/2015 23:45:07]
AdwCleaner[R1].txt - [6954 bytů] - [10/06/2015 23:29:24]
AdwCleaner[R2].txt - [7026 bytů] - [12/06/2015 00:18:22]
AdwCleaner[S0].txt - [6183 bytů] - [12/06/2015 00:33:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6241 bytů] ##########

---------------------------------------------------------------------------------------------------------------------------------------------------------------

Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows 7 Ultimate x64
Ran by jirka2 on p 12.06.2015 at 1:38:24,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
Successfully deleted: [Folder] C:\ProgramData\DEAlsTTeR [BHO.Multiplug]
Successfully deleted: [Folder] C:\ProgramData\Htmlvalidaatoro [BHO.Multiplug]
Successfully deleted: [Folder] C:\ProgramData\reealdeal [BHO.Multiplug]
Successfully deleted: [Folder] C:\ProgramData\SavveRProoa [BHO.Multiplug]

~~~ FireFox

~~~ Chrome

[C:\Users\jirka2\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\jirka2\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\jirka2\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\jirka2\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 12.06.2015 at 1:42:32,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V10.8.2.0 (x64) [Jun 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : jirka2 [Práva správce]
Started from : C:\Users\jirka2\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 06/12/2015 10:54:50

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[PUP] (X64) HKEY_USERS\RK_jirka_ON_G_CF68\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {EEE6C35B-6118-11DC-9C72-001320C79847} : -> Nalezeno
[PUP] (X86) HKEY_USERS\RK_jirka_ON_G_CF68\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {EEE6C35B-6118-11DC-9C72-001320C79847} : -> Nalezeno
[PUP] (X64) HKEY_USERS\RK_jirka_ON_G_CF68\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {EEE6C35D-6118-11DC-9C72-001320C79847} : -> Nalezeno
[PUP] (X86) HKEY_USERS\RK_jirka_ON_G_CF68\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {EEE6C35D-6118-11DC-9C72-001320C79847} : -> Nalezeno
[Suspicious.Path|VT.MonitoringTool:Win32/Ardamax] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | UPV Start : C:\ProgramData\UPV\UPV.exe [-] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5FF53012-22E9-4991-BECB-5769D7209B41} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA177F87-41E6-41B3-A245-3D4CE4062956} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_D640\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5FFB5936-78E5-44F6-9AD2-F37B46FF7D0E} | DhcpNameServer : 0.0.0.0 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5FF53012-22E9-4991-BECB-5769D7209B41} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BA177F87-41E6-41B3-A245-3D4CE4062956} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_D640\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5FFB5936-78E5-44F6-9AD2-F37B46FF7D0E} | DhcpNameServer : 0.0.0.0 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5FF53012-22E9-4991-BECB-5769D7209B41} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BA177F87-41E6-41B3-A245-3D4CE4062956} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_C9C1\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_C9C1\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_C9C1\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll [x][x][x][x] -> Nalezeno
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_C9C1\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll [x][x][x][x] -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 2 ¤¤¤
[Suspicious.Path|VT.Unknown][Soubor] Dropbox.lnk -- G:\Users\jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [LNK@] G:\Users\jirka\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup -> Nalezeno
[Suspicious.Startup|VT.Unknown][Soubor] Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk -- G:\Users\jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk -> Nalezeno

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CREATE[0] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_POWER[22] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_PNP[27] : Unknown @ 0x27992c0

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUP][FIREFX:Addon] ui3i6hgz.default : Seznam lištička [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 68ce068ea8d593dc91a51f9d5b9fea1d
[BSP] 6c446499266d39871c495fdd2a3bb83b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 253767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 519921664 | Size: 700000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD401LJ ATA Device +++++
--- User ---
[MBR] 5a135f68e9421ecd6c9e1475c8f6153a
[BSP] 753f762c7230a92673960780a268dae8 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 60000 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 122880240 | Size: 321543 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD5000AAKS-00TMA0 ATA Device +++++
--- User ---
[MBR] 1000bc1171e3b10d901783d0f1ccc648
[BSP] 47f1855dae7ac563133f025162c88d6b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 80003 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 163846935 | Size: 396926 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Kingston DT 100 G2 USB Device +++++
--- User ---
[MBR] 2f27b144088190310f2bb761224d57fb
[BSP] b13bd8fd1bff0f48e291c37fd2e10185 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 7638 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Příspěvekod **jaro3** » 13 čer 2015 08:53

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

jirkaaa · Příspěvekod **jirkaaa** » 15 čer 2015 21:39

RogueKiller V10.8.2.0 (x64) [Jun 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : jirka2 [Práva správce]
Started from : C:\Users\jirka2\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 06/12/2015 10:54:50

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 20 ¤¤¤
[PUP] (X64) HKEY_USERS\RK_jirka_ON_G_CF68\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {EEE6C35B-6118-11DC-9C72-001320C79847} : -> Nalezeno
[PUP] (X86) HKEY_USERS\RK_jirka_ON_G_CF68\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {EEE6C35B-6118-11DC-9C72-001320C79847} : -> Nalezeno
[PUP] (X64) HKEY_USERS\RK_jirka_ON_G_CF68\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {EEE6C35D-6118-11DC-9C72-001320C79847} : -> Nalezeno
[PUP] (X86) HKEY_USERS\RK_jirka_ON_G_CF68\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {EEE6C35D-6118-11DC-9C72-001320C79847} : -> Nalezeno
[Suspicious.Path|VT.MonitoringTool:Win32/Ardamax] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | UPV Start : C:\ProgramData\UPV\UPV.exe [-] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5FF53012-22E9-4991-BECB-5769D7209B41} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA177F87-41E6-41B3-A245-3D4CE4062956} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_D640\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5FFB5936-78E5-44F6-9AD2-F37B46FF7D0E} | DhcpNameServer : 0.0.0.0 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5FF53012-22E9-4991-BECB-5769D7209B41} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BA177F87-41E6-41B3-A245-3D4CE4062956} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_D640\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5FFB5936-78E5-44F6-9AD2-F37B46FF7D0E} | DhcpNameServer : 0.0.0.0 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5FF53012-22E9-4991-BECB-5769D7209B41} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BA177F87-41E6-41B3-A245-3D4CE4062956} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_C9C1\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_C9C1\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_C9C1\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll [x][x][x][x] -> Nalezeno
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_C9C1\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\BearShare Applications\MediaBar\Datamngr\x64\IEBHO.dll [x][x][x][x] -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 2 ¤¤¤
[Suspicious.Path|VT.Unknown][Soubor] Dropbox.lnk -- G:\Users\jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [LNK@] G:\Users\jirka\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup -> Nalezeno
[Suspicious.Startup|VT.Unknown][Soubor] Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk -- G:\Users\jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Photosmart 5510 series (Síť).lnk -> Nalezeno

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CREATE[0] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_POWER[22] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x27992c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_PNP[27] : Unknown @ 0x27992c0

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUP][FIREFX:Addon] ui3i6hgz.default : Seznam lištička [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 68ce068ea8d593dc91a51f9d5b9fea1d
[BSP] 6c446499266d39871c495fdd2a3bb83b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 253767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 519921664 | Size: 700000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD401LJ ATA Device +++++
--- User ---
[MBR] 5a135f68e9421ecd6c9e1475c8f6153a
[BSP] 753f762c7230a92673960780a268dae8 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 60000 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 122880240 | Size: 321543 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD5000AAKS-00TMA0 ATA Device +++++
--- User ---
[MBR] 1000bc1171e3b10d901783d0f1ccc648
[BSP] 47f1855dae7ac563133f025162c88d6b : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 80003 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 163846935 | Size: 396926 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Kingston DT 100 G2 USB Device +++++
--- User ---
[MBR] 2f27b144088190310f2bb761224d57fb
[BSP] b13bd8fd1bff0f48e291c37fd2e10185 : Unknown|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 7638 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

----------------------------------------------------------------------------------------------

ComboFix 15-06-09.01 - jirka2 15.06.2015 21:10:38.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3327.2128 [GMT 2:00]
Spuštěný z: c:\users\jirka2\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\jirka2\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\jirka2\AppData\Roaming\Adobe\Flash Player\PureCache\libcurl.dll
c:\users\jirka2\AppData\Roaming\Adobe\Flash Player\PureCache\pthreadGC2.dll
c:\users\jirka2\AppData\Roaming\Adobe\Flash Player\PureCache\zlib1.dll
c:\users\jirka2\AppData\Roaming\Microsoft\Windows\Recent\SDÍLEJ.CZ Manager.appref-ms
c:\users\jirka2\AppData\Roaming\rmi
c:\users\jirka2\AppData\Roaming\rmi\teamspeak-3.0.13.1.exe
c:\windows\PFRO.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
L:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-05-15 do 2015-06-15 )))))))))))))))))))))))))))))))
.
.
2015-06-15 19:20 . 2015-06-15 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-15 17:59 . 2015-06-15 19:23 -------- d-----w- c:\users\jirka2\AppData\Local\Temp
2015-06-15 17:59 . 2015-06-15 17:40 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-15 17:40 . 2015-06-15 17:55 -------- d-----w- C:\zoek_backup
2015-06-15 15:41 . 2015-06-15 19:04 -------- d-----w- c:\users\jirka2\AppData\Local\CrashDumps
2015-06-12 08:18 . 2015-06-15 16:38 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-12 08:18 . 2015-06-12 21:56 -------- d-----w- c:\programdata\RogueKiller
2015-06-12 07:28 . 2015-06-12 07:28 -------- d-----w- c:\users\jirka2\AppData\Local\Adobe
2015-06-12 07:05 . 2015-02-23 09:11 205690 ----a-w- c:\users\jirka2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok.vbs
2015-06-11 23:38 . 2015-06-11 23:38 -------- d-----w- C:\RegBackup
2015-06-11 22:05 . 2015-06-11 22:05 -------- d-----w- c:\windows\system32\SPReview
2015-06-11 21:31 . 2010-11-20 03:33 6656 ----a-w- c:\windows\system32\drivers\cs-CZ\rdvgkmd.sys.mui
2015-06-11 21:31 . 2010-11-20 03:32 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\rdpwd.sys.mui
2015-06-11 21:31 . 2010-11-20 03:25 4096 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbhub.sys.mui
2015-06-11 21:31 . 2010-11-20 03:26 3584 ----a-w- c:\windows\system32\drivers\cs-CZ\tsusbflt.sys.mui
2015-06-11 21:31 . 2010-11-20 03:32 3072 ----a-w- c:\windows\system32\drivers\cs-CZ\GAGP30KX.SYS.mui
2015-06-11 21:31 . 2010-11-20 03:32 4608 ----a-w- c:\windows\system32\drivers\cs-CZ\kbdclass.sys.mui
2015-06-11 21:28 . 2010-11-20 02:19 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-06-11 21:27 . 2010-11-20 03:26 976896 ----a-w- c:\windows\system32\inetcomm.dll
2015-06-11 21:26 . 2010-11-20 03:27 3008000 ----a-w- c:\windows\system32\xpsservices.dll
2015-06-11 09:26 . 2015-06-11 09:26 -------- d-----w- c:\windows\system32\EventProviders
2015-06-11 09:26 . 2015-06-11 09:26 -------- d-----w- C:\0137320219abe1d16a2c
2015-06-09 21:55 . 2015-06-11 23:44 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-09 21:55 . 2015-06-09 21:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-06-09 21:55 . 2015-06-09 21:55 -------- d-----w- c:\programdata\Malwarebytes
2015-06-09 21:55 . 2015-04-14 07:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-09 21:55 . 2015-04-14 07:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-09 21:55 . 2015-04-14 07:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-09 21:45 . 2015-06-11 22:33 -------- d-----w- C:\AdwCleaner
2015-06-09 21:36 . 2015-06-09 21:36 -------- d-----w- c:\users\jirka2\AppData\Local\ATI
2015-06-09 21:34 . 2015-06-09 21:34 -------- d-----w- c:\users\jirka2\AppData\Local\Apps
2015-06-08 23:13 . 2015-06-08 23:13 -------- d-----w- c:\users\jirka2\AppData\Local\Macromedia
2015-06-08 22:53 . 2015-06-08 22:53 -------- d-----w- c:\users\jirka2\AppData\Local\Thunderbird
2015-06-08 22:53 . 2015-06-08 22:53 -------- d-----w- c:\users\jirka2\AppData\Roaming\Thunderbird
2015-06-08 22:53 . 2015-06-08 22:53 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2015-06-08 22:19 . 2015-06-09 21:34 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-06-07 18:43 . 2015-06-11 09:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E34AE10-C964-4935-8608-03A418EA323A}\offreg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-11 21:58 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2015-06-11 21:58 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2015-06-09 22:56 . 2013-06-04 08:11 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-09 22:56 . 2013-06-04 08:11 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-09 09:30 . 2013-06-04 08:34 153256 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-06-09 09:30 . 2013-06-04 08:34 132656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-06-01 13:58 . 2014-05-02 10:57 4475936 ----a-w- c:\windows\system32\MetaViewer64.dll
2015-05-03 07:42 . 2015-01-28 07:32 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-05-03 07:41 . 2015-02-04 09:39 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-06-09 3632472]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-06-04 2892992]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31280256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-06-09 730416]
"MultiScreen"="c:\program files (x86)\MultiScreen\MultiScreen.exe" [2008-06-30 114688]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"Gaming Keyboard"="c:\program files (x86)\Gaming Keyboard\Monitor.exe" [2014-01-16 479232]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-01-19 126712]
"ok"="wscript.exe" [2009-07-14 141824]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-02-12 5564784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\jirka2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ok.vbs [2015-2-23 205690]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nostromo Loadout Manager.lnk - c:\windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe [2014-3-1 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys;c:\windows\SYSNATIVE\drivers\bcgame.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 h643331;DragonRise HID3331 AMD64 Driver;c:\windows\system32\drivers\h643331.sys;c:\windows\SYSNATIVE\drivers\h643331.sys [x]
R3 h643352;DragonRise HID3331 AMD64 Driver;c:\windows\system32\drivers\h643352.sys;c:\windows\SYSNATIVE\drivers\h643352.sys [x]
R3 hid3331;DragonRise HID3331 x86 Driver;c:\windows\system32\drivers\hid3331.sys;c:\windows\SYSNATIVE\drivers\hid3331.sys [x]
R3 hid3352;DragonRise HID3331 x86 Driver;c:\windows\system32\drivers\hid3352.sys;c:\windows\SYSNATIVE\drivers\hid3352.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x]
S3 yukonw7;Ovladač NDIS6.2 Miniport pro řadič Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-04 22:56]
.
2015-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-53819070-3192357531-2814401408-1000Core.job
- c:\users\jirka2\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-01 07:35]
.
2015-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-53819070-3192357531-2814401408-1000UA.job
- c:\users\jirka2\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-01 07:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-06-06 2122224]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\jirka2\AppData\Roaming\Mozilla\Firefox\Profiles\ui3i6hgz.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe
AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe
AddRemove-{bd538030-07d4-4999-a525-7fafa2483f56} - c:\programdata\Package Cache\{bd538030-07d4-4999-a525-7fafa2483f56}\Avira.OE.Setup.Bundle.exe
AddRemove-GoToMeeting - c:\users\jirka2\AppData\Local\Citrix\GoToMeeting\2553\G2MUninstall.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
.
**************************************************************************
.
Celkový čas: 2015-06-15 21:33:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-06-15 19:33
.
Před spuštěním: Volných bajtů: 62 800 285 696
Po spuštění: Volných bajtů: 62 659 833 856
.
- - End Of File - - 4F6D32907CECC599ECEA9733BA69AEE9
A36C5E4F47E84449FF07ED3517B43A31

------------------------------------------------------------------------------------------------------------

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by jirka2 on po 15.06.2015 at 19:40:58,72.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jirka2\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

15.6.2015 19:42:12 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Total_Uninstall_Pro_6.3.1 deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\PROGRA~3\ProgDVB deleted successfully
C:\PROGRA~3\TightVNC deleted successfully
C:\Users\jirka2\AppData\Roaming\Samsung deleted successfully
C:\Users\jirka2\AppData\Roaming\TightVNC deleted successfully
C:\Users\jirka2\AppData\Roaming\Western Digital deleted successfully
C:\Users\jirka2\AppData\Roaming\WinRAR deleted successfully
C:\Users\jirka2\AppData\Local\GHISLER deleted successfully
C:\Users\jirka2\AppData\Local\Samsung deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\RK_jirka_ON_G_245E\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{608105FC-A04E-41D4-A5B4-E772C33B3CCE} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0C06A334-BDBA-440B-A02C-FD8228FAB2F1} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D53ACD3-1771-43de-9C13-CC1F014DEAAD} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19BE41B5-65C8-42DF-B276-7AE0193926AC} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44606278-A44A-4B18-8D36-A5281EFBBA35} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53BD6390-2BEB-4822-A1FB-BF5C4FCDDB5C} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61B35BB6-989E-493F-BAC3-309E322C3C01} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A60DF49-181A-4926-862B-9A3B5C94B5D0} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8237F98E-8BEE-496C-9986-674C5B9E1191} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{891EF23D-E76B-43FE-A7A2-19F7CFDFB21A} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9849C0E6-2293-47B8-BAEA-482844328C7E} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A0C3FC2-FD5A-4EED-B99B-4219665A8384} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4D47627-B827-417A-BC29-13AE915B2C53} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD9071AF-7B56-46FA-A42A-E3F722163288} deleted successfully
HKEY_USERS\S-1-5-21-53819070-3192357531-2814401408-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E97EE1DE-3BBC-4C3B-BD8E-7BF1297820F1} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\jirka2\AppData\Roaming\Mozilla\Firefox\Profiles\ui3i6hgz.default\prefs.js:

Added to C:\Users\jirka2\AppData\Roaming\Mozilla\Firefox\Profiles\ui3i6hgz.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\jirka2\AppData\Roaming\Thunderbird\Profiles\m9bm4bxc.default\prefs.js:

Added to C:\Users\jirka2\AppData\Roaming\Thunderbird\Profiles\m9bm4bxc.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\jirka2\AppData\Roaming\Mozilla\Firefox\Profiles\ui3i6hgz.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_15.06.2015_1955_.backup

ProfilePath: C:\Users\jirka2\AppData\Roaming\Thunderbird\Profiles\m9bm4bxc.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_15.06.2015_1955_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Total_Uninstall_Pro_6.3.1 not found
C:\Users\jirka2\Desktop\MRDownloader – zástupce.lnk not found
C:\Windows\syswow64\appdata deleted
C:\Users\jirka2\AppData\Local\Packages\windows_ie_ac_001\AC\{24C61668-0673-74D9-966B-F2E7F5B7AC9F} deleted
C:\Users\jirka2\AppData\Local\Packages\windows_ie_ac_001\AC\{4CF6E518-842C-D306-2DFF-AF057C6F1B92} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{053314F5-AFBF-E0AE-9F68-15120294C493} deleted
C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{E982036A-AAE6-6B80-D1EF-6E3E86F87F09} deleted
C:\Users\jirka2\.android deleted
C:\found.000 deleted
C:\Users\jirka2\AppData\Roaming\ita.vbs deleted
C:\Users\jirka2\AppData\Roaming\upc.vbs deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\jirka2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok.vbs deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Public\Desktop\Rapidshare Auto Downloader.lnk deleted
C:\Users\jirka2\AppData\Roaming\ccsetup414.exe deleted
C:\Users\jirka2\AppData\Roaming\ita.exe deleted
C:\Users\jirka2\AppData\Roaming\upc.exe deleted
"C:\Windows\Installer\2aaf4789.msi" deleted
"C:\PROGRA~3\hakelohhoeldmjcnomckkagkihagbdpl\hakelohhoeldmjcnomckkagkihagbdpl.crx" deleted
"C:\PROGRA~3\hakelohhoeldmjcnomckkagkihagbdpl\update.xml" deleted
"C:\PROGRA~3\hakelohhoeldmjcnomckkagkihagbdpl" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\jirka2\AppData\Roaming\Mozilla\Firefox\Profiles\ui3i6hgz.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\jirka2\AppData\Roaming\Thunderbird\Profiles\m9bm4bxc.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\jirka2\AppData\Roaming\Thunderbird\Profiles\m9bm4bxc.default
- ThunderBrowse - %ProfilePath%\extensions\ThunderBrowse@thunderbrowse.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\jirka2\AppData\Roaming\Mozilla\Firefox\Profiles\ui3i6hgz.default
626791785FF2A338575E8AF0563D8333 - C:\Windows\npMSDM.dll - Microsoft Download Manager Plugin
2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash
08ACECEB47FAF053C468D8AFE44709AD - C:\Users\jirka2\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update
F71C9E5E3B1CBE60269D873E8313EDA3 - C:\Users\jirka2\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll - Cryptoplus KB – podepisovací modul

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

Bookmark Manager - jirka2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

==== Chromium Startpages ======================

C:\Users\jirka2\AppData\Local\Google\Chrome\User Data\Default\Preferences
png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Users\\jirka2\\AppData\\Local\\Google\\Chrome\\Application\\41.0.2272.118\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"pinned_tabs":[],"prefs":{"preference_reset_time":"13071500356555085"},"protection":{"macs":{"browser":{"show_home_button":"04524DAA413DD05297317A69FA0BC5AA93FAF9BE676092693FDD81859BF4FB5C"},"default_search_provider":{"keyword":"F51A3014D8B0FCCB343A5AFB5A3BCFF713014B830908A89BA29553283136FAD7","name":"D1D551ACE0B8525F4528E91AAF8386DDACFB46CFBB60862FF6E8F5489F400473","search_url":"E1ED5A29AF725F7CB51EF68A6B76A588975660A56977BC6F2AE440BD4B9D34D7"},"default_search_provider_data":{"template_url_data":"561F5B67331C972B54CE263AACC3AFE5DDE6DE61DA2A9267D29A10145BC654DC"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"A7E9E63E278C4C38E68AE42F046E1403DA2B9DE8651065FA42CC83F672109A09","bepbmhgboaologfdajaanbcjmnhjmhfn":"9D4367237EC26E44544FE47F1606132C8FB36551751274DFE1A6FD4B69025434","eemcgdkfndhakfknompkggombfjjjeno":"3842747073C5FD0309DF2665DD537EA96E8ABF13FDEEC4DCC4418AE32D7EDB2B","ennkphjdgehloodpbhlhldgbnhmacadg":"905260C0D6E555CFBAEF4F10B706C1A3F78401BAB6786095AC87009AC4D0308B","flliilndjeohchalpbbcdekjklbdgfkk":"93930EA01CAD07106B635F08C4A408454ADA4608C94BF18CFD8EDB24227AFDD7","gfdkimpbcpahaombhbimeihdjnejgicl":"5B2D017C8F1A02C895E8B75388B44DB0B1638A565EA2FA67BBD0493C21AB278C","gmlllbghnfkpflemihljekbapjopfjik":"DBA5D89186A4EDC67E56AABF10EF24A6A82DCA70FE59465A93DCE5422594FB91","kmendfapggjehodndflmmgagdbamhnfd":"0ACD26BC48D913818A64B958ADBCAD6813028ADF1E1A9AFD6AE682E6AEEF979A","mfehgcgbbipciphmccgaenjidiccnmng":"4AE46BA947E901DA11236C837FC793925F7A0F237D0F8EB94283AB2182C9BBCF","mgndgikekgjfcpckkfioiadnlibdjbkf":"6E2A2EE32FECE3D935E611418B2A6CBD209F6978D7D8F1F0E28113E914E48027","mhjfbmdgcfjbbpaeojofohoefgiehjai":"1FE1EFA7472004C402C2AF2D49C04492215DAB0977858F7D5612CE4F4527330B","neajdppkdcdipfabeoofebfddakdcjhd":"B0257622F697CA1724214DFCDE7F3473D825290622E93C5F5DB73B8FBB24CEF2","nkeimhogjdpnpccoofpliimaahmaaome":"8E30307E5783233386A821AFDAED45BD502D6030DEA5378C158B6A5B84BEB46A","nmmhkkegccagdldgiimedpiccmgmieda":"793E9289D70A0A6B2E0E616E738A04799E1C605E34BAF240CD496CE4A7E310DE","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"3F39C33945139DE29B0BD2F633E56E43F3263D3282EA0F96AA9EB2964026CF31"}},"google":{"services":{"last_username":"7095E18B949617D556E34D890456323DB6B485329583E1421F43FB2383EE9337","username":"6D6D15169ED89573EC86FB8B95C2B6ADA57A5DEA43548731827FA59495419247"}},"homepage":"8D92EC365C53E4D25AB4F842570EC8DBF66DDB6D01FC5C3AFB8D77E865CAAD57","homepage_is_newtabpage":"074C55B6DF11E8C9186C91AFD3A0BF06E9E24FA8A9BAE91B0BFC25995754EEA8","pinned_tabs":"411C9682F741AC5F5F522B5358F268680388B3A6C1E966875E830E28BB9E7485","prefs":{"preference_reset_time":"C2FFB166F8CD5B121FEF79634259508BEEC094A2A7FEC84BC33AA2EACC32AB37"},"profile":{"reset_prompt_memento":"25D4D4A6105B0E7B523A932CFD9664715D1EDE7019C7FAF73E6A65B26E28C83A"},"safebrowsing":{"incidents_sent":"E146140C1B589CCDACD94A2208C9E4F680BF2F81B091550910BA27B25797F3C8"},"search_provider_overrides":"BEF6BA0622261C9610B932C4F77C8D664263CD7DE42613780685A49F1269C5DE","session":{"restore_on_startup":"5606EE65AA90A1E31E430CC1A002C90E340A9074052E09B7CB11D3C232643B16","startup_urls":"1BD86920CB7D08A2C70E80DAC5F0F63F94B2A058D4F5E3C8BD9C3D75013C01F6"},"software_reporter":{"prompt_reason":"FF89AC36FC6D36262CC684CE4CBBB47469ADAD695D0602032434335B9A22058B","prompt_seed":"3490C0C11152FFDE2494597EDB56E224242216D7C84FC3AF79985455B53D8131","prompt_version":"CE768351430F5556F6B54D4F72905140295AC67F953F2CC7C7530C1E6D9F6F94"},"sync":{"remaining_rollback_tries":"FB53D9451C3ECB118559701C2522AEA1967DD8FD372F20BD5707791EC7A69A40"}},"super_mac":"8FE1161F72FDB9B5EF0588F5573E0D4E08376E7623FE310935EA871C765D5C02"},"session":{"startup_urls":["http://www.google.com","http://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=072413"]}}

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\jirka2\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\jirka2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\jirka2\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\jirka2\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\jirka2\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\jirka2\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC0D100 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1D00} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC0D100 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jirka2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\jirka2\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jirka2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\jirka2\AppData\Local\Mozilla\Firefox\Profiles\ui3i6hgz.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\jirka2\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\jirka2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=59 folders=45 46928863 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\jirka2\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\jirka2\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\jirka2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on po 15.06.2015 at 20:48:28,34 ======================

Příspěvekod **jaro3** » 16 čer 2015 08:22

Ještě jednou:
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-53819070-3192357531-2814401408-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-53819070-3192357531-2814401408-1000UA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\users\jirka2\AppData\Local\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\users\jirka2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ok.vbs

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Problém s Flesh pamětí

Re: Problém s Flesh pamětí

Re: Problém s Flesh pamětí

Re: Problém s Flesh pamětí

Re: Problém s Flesh pamětí

Re: Problém s Flesh pamětí

Re: Problém s Flesh pamětí

Kdo je online