Kontrola HiJackThis Vyřešeno

[Peetulice]

Prosím o kontrolu nejde mi načítat některé stránky (hlavně facebook, videa na některých stránkách např. nova) vše kolem naskočí a místo videa je prázdné bílé místo. Celkově se vše načítá pomaleji. Už mě nic nenapadá co zkusit.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:44, on 17.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)

FIREFOX: 38.0.5 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Windows\System32\dinotify.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Users\petra\Desktop\HijackThis.exe
C:\Users\petra\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) - Comodo - C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: vToolbarUpdater18.1.9 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe

--
End of file - 4056 bytes

[Reklama]

[Orcus]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[Peetulice]

# AdwCleaner v4.206 - Log vytvořen 18/06/2015 v 14:12:50
# Aktualizováno 01/06/2015 by Xplode
# Databáze : 2015-06-17.1 [Server]
# Operační system : Windows 7 Ultimate Service Pack 1 (x86)
# Uživatelské jméno : petra - PETRA-PC
# Spuštěno z : C:\Users\petra\Desktop\AdwCleaner.exe
# Nastavení : Čištění

***** [ Služby ] *****

[#] Služba Smazáno : vToolbarUpdater18.1.9

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\AVG SafeGuard toolbar
Složka Smazáno : C:\ProgramData\AVG Secure Search
Složka Smazáno : C:\ProgramData\AVG Security Toolbar
Složka Smazáno : C:\Program Files\Common Files\AVG Secure Search

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Klíč Smazáno : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Klíč Smazáno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíč Smazáno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Klíč Smazáno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Klíč Smazáno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíč Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíč Smazáno : HKLM\SOFTWARE\AVG SafeGuard toolbar
Klíč Smazáno : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Klíč Smazáno : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v38.0.5 (x86 cs)


-\\ Google Chrome v43.0.2357.124


*************************

AdwCleaner[R0].txt - [3495 bytů] - [18/06/2015 14:04:30]
AdwCleaner[S0].txt - [3390 bytů] - [18/06/2015 14:12:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3448 bytů] ##########

[Peetulice]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 18.6.2015
Čas skenování: 14:31:15
Protokol:
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.03.09.05
Databáze rootkitů: v2015.06.15.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: petra

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 265731
Uplynulý čas: 24 min, 8 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jaro3]

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Peetulice]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 7.0.2 (06.18.2015:1)
OS: Windows 7 Ultimate x86
Ran by petra on źt 18.06.2015 at 19:51:38,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E12482E6-BD1C-453B-B33A-49200D5609D9}



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\petra\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\petra\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\petra\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\petra\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 18.06.2015 at 20:08:21,39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Peetulice]

RogueKiller V10.8.4.0 [Jun 15 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : petra [Práva správce]
Started from : C:\Users\petra\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 06/18/2015 20:44:09

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUP] HKEY_USERS\RK_Petra_ON_D_96E2\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TsUsbFlt (System32\drivers\tsusbflt.sys) -> Nalezeno
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub (system32\drivers\tsusbhub.sys) -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: HITACHI HTS541612J9SA00 ATA Device +++++
--- User ---
[MBR] 010bba0e2d804a6f2c3d335bda2f635e
[BSP] 89a5bf9978f3b108fedfaf47e2a2f042 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 39900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81922048 | Size: 74470 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[Orcus]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Co problémy? + nový log z HJT

[Peetulice]

Jo děkuji už se vše lépe načítá, určitě je to o 100% lepší

RogueKiller V10.8.7.0 [Jun 29 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : petra [Administrator]
Started from : C:\Users\petra\Desktop\RogueKiller.exe
Mode : Delete -- Date : 06/29/2015 18:20:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUP] HKEY_USERS\RK_Petra_ON_D_53C5\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Deleted
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub (system32\drivers\tsusbhub.sys) -> Deleted
[PUP] HKEY_LOCAL_MACHINE\RK_System_ON_D_8816\ControlSet001\Services\MgAssistService (D:\Program Files\Mobogenie\MgAssist.exe) -> Deleted
[PUP] HKEY_LOCAL_MACHINE\RK_System_ON_D_8816\ControlSet002\Services\MgAssistService (D:\Program Files\Mobogenie\MgAssist.exe) -> Deleted
[PUM.SearchPage] HKEY_LOCAL_MACHINE\RK_Software_ON_D_3C80\Microsoft\Internet Explorer\Main | Search Page : -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\RK_Petra_ON_D_53C5\Software\Microsoft\Internet Explorer\Main | Search Page : -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] HKEY_USERS\RK_Petra_ON_D_53C5\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] HKEY_LOCAL_MACHINE\RK_Software_ON_D_3C80\Microsoft\Internet Explorer\Main | Default_Search_URL : -> Replaced (http://www.microsoft.com/isapi/redir.dl ... r=iesearch)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FIREFX:Addon] my7y6187.default : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HITACHI HTS541612J9SA00 ATA Device +++++
--- User ---
[MBR] 010bba0e2d804a6f2c3d335bda2f635e
[BSP] 89a5bf9978f3b108fedfaf47e2a2f042 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 39900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81922048 | Size: 74470 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_06182015_204409.log - RKreport_SCN_06292015_181741.log

[Peetulice]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by petra on po 29.06.2015 at 18:40:32,49.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\petra\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== System Restore Info ======================

29.6.2015 18:45:15 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AVG deleted successfully
C:\PROGRA~2\Shared Space deleted successfully
C:\Users\petra\AppData\Local\EmieSiteList deleted successfully
C:\Users\petra\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\found.000 deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted
C:\Users\petra\avast_free_antivirus_setup_online.exe deleted
C:\Users\petra\avast_premier_antivirus_setup_online.exe deleted
"C:\Users\petra\AppData\Local\{59A7952A-D4EE-4B43-B777-5A6D31177A0B}" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-06-18 17:51:55 CA2A8AF1DBAD0F31F9B33A2827DFBC16 207 ----a-w- C:\Windows\tweaking.com-regbackup-PETRA-PC-Windows-7-Ultimate-(32-bit).dat
====== C:\Users\petra\AppData\Local\Temp ====
2015-06-18 18:15:05 E0B8C6B1EA1EF94747E966E9093FB968 1289096 ----a-w- C:\Users\petra\AppData\Local\Temp\dllnt_dump.dll
2015-06-18 17:51:30 FDD26A402322F212DCA153FF8B1FFB6E 78816 ----a-w- C:\Users\petra\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\pcwintech_tasksch.dll
2015-06-18 17:51:30 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\petra\AppData\Local\Temp\jrt\libiconv2.dll
2015-06-18 17:51:30 DC7A3BC0FC185CD68848DC6F7D7B026B 40960 ----a-w- C:\Users\petra\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\SSubTmr6.dll
2015-06-18 17:51:30 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\petra\AppData\Local\Temp\jrt\libintl3.dll
2015-06-18 17:51:30 A107DE2D120C0571B544EEC53D1971AB 1406208 ----a-w- C:\Users\petra\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\TweakingRegistryBackup.exe
2015-06-18 17:51:30 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\petra\AppData\Local\Temp\jrt\pcre3.dll
2015-06-18 17:51:30 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\petra\AppData\Local\Temp\jrt\regex2.dll
2015-06-18 17:51:30 1B128828BF5E4353811B6DA58156B7F4 6656 ----a-w- C:\Users\petra\AppData\Local\Temp\jrt\tweaking.com_registry_backup_portable\files\dosdev.exe
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2015-06-18 18:15:05 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-06-18 12:30:49 04B309A1A653177994630C2773E659F1 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-18 12:30:16 3C21F7E95FFCA33EF1A83AA33D9663CF 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-06-18 12:30:16 167BCE00050B19DA25065335645A3C7A 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-18 12:30:16 155BF99B2B87E0C298CAC3B4B8136D83 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-11 14:33:47 73993B467FF52DCDE00B5BA7DE4A69BC 111850 ----a-w- C:\Windows\System32\drivers\fvstore.dat
2015-05-31 14:53:11 9D0DE10967F197BF57B2A22B07845D27 894560 ----a-w- C:\Windows\System32\drivers\sfi.dat
====== C:\Windows\Tasks ======
2015-05-31 14:53:28 -------- d-----w- C:\Windows\system32\Tasks\COMODO
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-06-17 08:29:03 -------- dc----w- C:\Program Files\Mozilla Maintenance Service
2015-05-31 14:47:15 -------- dc----w- C:\Program Files\Comodo
======= C: =====
====== C:\Users\petra\AppData\Roaming ======
2015-06-23 09:49:16 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\CrashDumps
2015-06-23 07:17:13 -------- d-----w- C:\Users\petra\AppData\Local\Comodo
2015-06-18 12:29:23 -------- d-----w- C:\Users\petra\AppData\Local\Programs
2015-06-18 11:57:21 7708BA26F60FD9ACCD11FC8048BE58B8 108032 ----a-w- C:\Users\petra\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-17 08:29:18 -------- d-----w- C:\Users\petra\AppData\Roaming\Mozilla
2015-06-17 08:29:18 -------- d-----w- C:\Users\petra\AppData\Local\Mozilla
2015-05-31 14:54:39 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Comodo
====== C:\Users\petra ======
2015-06-29 15:54:33 151FF0262867024297999AF082BC8C2D 17853688 ----a-w- C:\Users\petra\Desktop\RogueKiller.exe
2015-06-18 18:15:02 -------- d-----w- C:\ProgramData\RogueKiller
2015-06-18 17:49:06 015B0E018F7CF308E937C8FFC1BF392B 2950477 ----a-w- C:\Users\petra\Desktop\JRT.exe
2015-06-18 12:27:42 6CDEAC78E5677E304477FB36351C3195 21546080 ----a-w- C:\Users\petra\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-18 12:03:29 D56605A4F5CE2DBEBA1540304827B394 2231296 ----a-w- C:\Users\petra\Desktop\AdwCleaner.exe
2015-06-17 08:29:05 -------- d-----w- C:\ProgramData\Mozilla
2015-05-31 14:47:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-05-31 14:44:01 -------- d-----w- C:\ProgramData\Comodo

====== C: exe-files ==
2015-06-29 15:54:33 151FF0262867024297999AF082BC8C2D 17853688 ----a-w- C:\Users\petra\Desktop\RogueKiller.exe
2015-06-23 08:01:27 C29E128D08F09C9AEAABA0B602165262 1063504 ----a-w- C:\Program Files\Google\Update\Install\{204DC140-4489-42FE-9397-256ECFA65F0A}\43.0.2357.130_43.0.2357.124_chrome_updater.exe
2015-06-23 08:01:27 C29E128D08F09C9AEAABA0B602165262 1063504 ----a-w- C:\Program Files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\43.0.2357.130\43.0.2357.130_43.0.2357.124_chrome_updater.exe
2015-06-23 07:11:20 3D40EE1778CBA7B3797654BDA58161A4 54356368 ----a-w- C:\Windows\TEMP\chromodo_setup.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG_UI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AVG_UI"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AVG\\AVG2014\\avgui.exe\" /TRAYONLY"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HotKeysCmds"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\hkcmd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IgfxTray"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxtray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Persistence"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\igfxpers.exe"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03.03.2015 19:28]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [03.03.2015 19:28]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}" ["C:\Program Files\COMODO\COMODO Internet Security\cistray.exe"]
"C:\Windows\system32\tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\system32\tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\system32\tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]
"C:\Windows\system32\tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}" ["C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe"]

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\my7y6187.default
08ACECEB47FAF053C468D8AFE44709AD - C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll - Google Update


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.130


Google Slides - petra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - petra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - petra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - petra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - petra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - petra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - petra\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Preferences
{"browser":{"show_home_button":true},"distribution":{"do_not_launch_chrome":true,"import_home_page":false,"make_chrome_default":true},"first_run_tabs":["http://welcome_page"],"protection":{"macs":{"browser":{"show_home_button":"50F802E99432AF669151A06820D65AE016BC63A5A6C52A7CBED663AE4BE24598"},"default_search_provider":{"keyword":"7B55BE11C8C99DDE0AD8E5BC4A6433D3048F2A3DF448B045CCB64C28C4E861DE","name":"89DFEF88917DF2017684313068C4412169BDD318FA6270963BB637CB5EE9BD98","search_url":"4976017B08B55B858A6909316F675936E1150860471FABBB7F4067224FEA8C0A"},"default_search_provider_data":{"template_url_data":"075C8DDD1B6B6F59FD01F48F6F92D2CA2FA382257CE80DE09CD69000F03A46FA"},"google":{"services":{"last_username":"5BB30AB4BFB1842F267BF6678A3AE8501AA74A0BFB4D0AB37F55D0E7B437B689","username":"65FD71976EFC5469DAC19306421FDF371A149EAD8F2BEC508BA9235AF18AAA76"}},"homepage":"8D93871A16DC3C537DC80482B0B621712D528A4BCE0E69D86BBB44BBE740DA91","homepage_is_newtabpage":"217A0E416265A82F07962EAA51626C015C8D6A2DAF03ACD9E00A69198EA81B01","pinned_tabs":"74EA40B2E46B06ED4940718846FB9302171755DAC9BF10F6C9E0C488FA68AC27","prefs":{"preference_reset_time":"DBE2F6BCEE0C8A261A8F3F71D429123CEBAF5405649A39462C12AC795D46DE4C"},"profile":{"reset_prompt_memento":"94D11D6EBD0CA0F3B5162945503505294CF233AA46E08DB1712F16913D6A40C0"},"safebrowsing":{"incidents_sent":"03DD86F5C6F9B489C0FE2AD6EE28C78EDD89A4B0A11BD85407C267335B1545A0"},"search_provider_overrides":"AD9B9B25E6994E440E201A30C92F728A1C305F52EC0CDB7F32A9ECEDA75E2AE6","session":{"restore_on_startup":"4E36CE189B0485D70225C420A4899C7EB396680A62876488BF26D69785540729","startup_urls":"14D8AF0F30915B8663BCBEA09B10D1C7E9B73BD73C35082F59ECF9F6B14A3367"},"software_reporter":{"prompt_reason":"D1344135D8DFD945CF4756C2A49E9F110993278F9194634CDB445FAAF9419A67","prompt_seed":"89AD77D90504314EA458918668AC632A3E1CC302A32F183EB542823161F3A498","prompt_version":"AFC2529A3B8150E94C8E649488CB3C989420429B36BA7C27294B83BDF9FCE692"},"sync":{"remaining_rollback_tries":"1AF90E7F1434C125C2B3E45CE91F53572B78C5227651EEBA61CA6CDE43801179"}}},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["http://www.google.com/"],"urls_to_restore_on_startup":["http://www.google.com/"]},"sync_promo":{"show_on_first_run_allowed":false}}
{"browser":{"show_home_button":true},"distribution":{"do_not_launch_chrome":true,"import_home_page":false,"make_chrome_default":true},"first_run_tabs":["http://welcome_page"],"protection":{"macs":{"browser":{"show_home_button":"50F802E99432AF669151A06820D65AE016BC63A5A6C52A7CBED663AE4BE24598"},"default_search_provider":{"keyword":"7B55BE11C8C99DDE0AD8E5BC4A6433D3048F2A3DF448B045CCB64C28C4E861DE","name":"89DFEF88917DF2017684313068C4412169BDD318FA6270963BB637CB5EE9BD98","search_url":"4976017B08B55B858A6909316F675936E1150860471FABBB7F4067224FEA8C0A"},"default_search_provider_data":{"template_url_data":"075C8DDD1B6B6F59FD01F48F6F92D2CA2FA382257CE80DE09CD69000F03A46FA"},"google":{"services":{"last_username":"5BB30AB4BFB1842F267BF6678A3AE8501AA74A0BFB4D0AB37F55D0E7B437B689","username":"65FD71976EFC5469DAC19306421FDF371A149EAD8F2BEC508BA9235AF18AAA76"}},"homepage":"8D93871A16DC3C537DC80482B0B621712D528A4BCE0E69D86BBB44BBE740DA91","homepage_is_newtabpage":"217A0E416265A82F07962EAA51626C015C8D6A2DAF03ACD9E00A69198EA81B01","pinned_tabs":"74EA40B2E46B06ED4940718846FB9302171755DAC9BF10F6C9E0C488FA68AC27","prefs":{"preference_reset_time":"DBE2F6BCEE0C8A261A8F3F71D429123CEBAF5405649A39462C12AC795D46DE4C"},"profile":{"reset_prompt_memento":"94D11D6EBD0CA0F3B5162945503505294CF233AA46E08DB1712F16913D6A40C0"},"safebrowsing":{"incidents_sent":"03DD86F5C6F9B489C0FE2AD6EE28C78EDD89A4B0A11BD85407C267335B1545A0"},"search_provider_overrides":"AD9B9B25E6994E440E201A30C92F728A1C305F52EC0CDB7F32A9ECEDA75E2AE6","session":{"restore_on_startup":"4E36CE189B0485D70225C420A4899C7EB396680A62876488BF26D69785540729","startup_urls":"14D8AF0F30915B8663BCBEA09B10D1C7E9B73BD73C35082F59ECF9F6B14A3367"},"software_reporter":{"prompt_reason":"D1344135D8DFD945CF4756C2A49E9F110993278F9194634CDB445FAAF9419A67","prompt_seed":"89AD77D90504314EA458918668AC632A3E1CC302A32F183EB542823161F3A498","prompt_version":"AFC2529A3B8150E94C8E649488CB3C989420429B36BA7C27294B83BDF9FCE692"},"sync":{"remaining_rollback_tries":"1AF90E7F1434C125C2B3E45CE91F53572B78C5227651EEBA61CA6CDE43801179"}}},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["http://www.google.com/"],"urls_to_restore_on_startup":["http://www.google.com/"]},"sync_promo":{"show_on_first_run_allowed":false}}

C:\Users\petra\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
0":{"setting":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://novaplus.nova.cz:80,http://novaplus.nova.cz:80":{"fullscreen":1},"https://www.youtube.com:443,http://www.detskyklub.cz:80":{"fullscreen":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"42.0.2311.90","default_content_settings":{},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Osoba 2","per_host_zoom_levels":{}},"protection":{"macs":{}},"safebrowsing":{"extended_reporting_enabled":true},"savefile":{"default_directory":"C:\\Users\\petra\\Desktop"},"selectfile":{"last_directory":"D:\\Fotky\\bazar"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13073777733599270"},"sync_promo":{"startup_count":9,"user_skipped":true},"translate_accepted_count":{"en":0},"translate_blocked_languages":["cs"],"translate_denied_count":{"en":3},"translate_last_denied_time":1.429602e+12,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
qjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/gcm","https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleapis.com/gcm/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files\\Google\\Chrome\\Application\\42.0.2311.90\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13073777862603679","lastpingday":"13080034801409494","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"cs","default_locale":"en","description":"Rychlý e-mail s možností vyhledávání a menším množstvím spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"50F802E99432AF669151A06820D65AE016BC63A5A6C52A7CBED663AE4BE24598"},"default_search_provider":{"keyword":"7B55BE11C8C99DDE0AD8E5BC4A6433D3048F2A3DF448B045CCB64C28C4E861DE","name":"89DFEF88917DF2017684313068C4412169BDD318FA6270963BB637CB5EE9BD98","search_url":"4976017B08B55B858A6909316F675936E1150860471FABBB7F4067224FEA8C0A"},"default_search_provider_data":{"template_url_data":"075C8DDD1B6B6F59FD01F48F6F92D2CA2FA382257CE80DE09CD69000F03A46FA"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"346B6BCBB0D046DADA72B00EFE6A27A9BB68BB018A862025A3A5975CB96A82A6","ahfgeienlihckogmohjhadlkjgocpleb":"0D8EA391B0B8D78A4E1C35CB18737C6B0969F97D6B99A1763BA524ED0CEB1EE9","aohghmighlieiainnegkcijnfilokake":"5D1515BD4B9930322BF46251467883EB31A8202A694F3C5D39E6119C06DADE84","apdfllckaahabafndbhieahigkjlhalf":"FF210CA79A49B6F5E09EFB6CFC0D18BC9FC9847B288310B6501BF7952BA68782","bepbmhgboaologfdajaanbcjmnhjmhfn":"57F6D71870CF8B3259C82919234FB2FC72D74DDF5006629D92D180A2D51E73A8","blpcfgokakmgnkcojhhkbfbldkacnbeo":"7C842196A97D511EF2EEF402667474F466A7608DEAE1E7DAF233ED27FE3849E1","coobgpohoikkiipiblmjeljniedjpjpf":"BF76CE39856F357D292B66E00870293341925F563EE1475371A58F19BD0D4637","eemcgdkfndhakfknompkggombfjjjeno":"2A42229E3A0F039EBE548884F3714F8A2C7416F0C68CD904CF6D64E29D2FA981","ennkphjdgehloodpbhlhldgbnhmacadg":"153D955CC675E9B8904D6F3C5F128CDAE7394249964946F6CAC3C58604E7644E","eofcbnmajmjmplflapaojjnihcjkigck":"D7114BFD5C83B483B0DA5F334D13F11FFC82C094408BC05E0608962BE1CF404E","felcaaldnbdncclmgdcncolpebgiejap":"DA5840DDF80E302E6739C88F883ACE904F9898433C229C6E1C49CC144EC04393","gfdkimpbcpahaombhbimeihdjnejgicl":"BF019F0DA073C3175EBF80E210DEF565C55E957004C21B4D1D199D062E493BC1","gomekmidlodglbbmalcneegieacbdmki":"1BE2FA213DF49370D49D1BA9767F1E4E0A5F8370D089B45A4ADB0389FC3241AF","kmendfapggjehodndflmmgagdbamhnfd":"1CA3EA45FE93CFCDD00884F63F802227A41B5EFAFA77BB17D96D427A94EFD554","mfehgcgbbipciphmccgaenjidiccnmng":"B586188041F2537545549E3A62DB8E26F72AA1BDF526643578D9F09BA642CF7C","mfffpogegjflfpflabcdkioaeobkgjik":"40C06D5C5A48A8B048043CEC03DA538263F1490120B858D0826AEE4036C7680B","mgndgikekgjfcpckkfioiadnlibdjbkf":"5A6F14BBB9EB5C77DB84AD6EC9C1E9CEEA11FF4DDD17CFAB35605F61E5E0A5DD","mhjfbmdgcfjbbpaeojofohoefgiehjai":"236B578B88818F235E4BC43AB4AFCADFEB3C98E8B74963F85E81500E46160449","neajdppkdcdipfabeoofebfddakdcjhd":"34DAB0DEA7F98749637183067A14C8128D232CA37199676986BB976AF6EB5585","nkeimhogjdpnpccoofpliimaahmaaome":"7F571E9717B3659937B7C0BF02EA978816C9FFEB957022837D5DD79356BD4381","nmmhkkegccagdldgiimedpiccmgmieda":"62B20B84BAC0F2F61C18E7BCA11B96497C615CDC62B45E6E32B8CADB78134AC9","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"03ABC7B8AB88094BCF5CFE2754917A5E75DE115BCBFEDDDF5A88265B61B0CCC8","pjkljhegncpnkpknbcohdijeoejaedia":"B35BF32F61A6809405F6814D617ED8B0C7F65F3790ABD6E3AF662A254FBE3719"}},"google":{"services":{"last_username":"5BB30AB4BFB1842F267BF6678A3AE8501AA74A0BFB4D0AB37F55D0E7B437B689","username":"65FD71976EFC5469DAC19306421FDF371A149EAD8F2BEC508BA9235AF18AAA76"}},"homepage":"8D93871A16DC3C537DC80482B0B621712D528A4BCE0E69D86BBB44BBE740DA91","homepage_is_newtabpage":"217A0E416265A82F07962EAA51626C015C8D6A2DAF03ACD9E00A69198EA81B01","pinned_tabs":"DF7FE15958AB30539B9BAFE585D36D7337647F2E26B40BE8B88BA41D2ED7E4E5","prefs":{"preference_reset_time":"DBE2F6BCEE0C8A261A8F3F71D429123CEBAF5405649A39462C12AC795D46DE4C"},"profile":{"reset_prompt_memento":"94D11D6EBD0CA0F3B5162945503505294CF233AA46E08DB1712F16913D6A40C0"},"safebrowsing":{"incidents_sent":"03DD86F5C6F9B489C0FE2AD6EE28C78EDD89A4B0A11BD85407C267335B1545A0"},"search_provider_overrides":"AD9B9B25E6994E440E201A30C92F728A1C305F52EC0CDB7F32A9ECEDA75E2AE6","session":{"restore_on_startup":"ABD43795CDB1D0DB58DF464C8B1D2EB77CFE7EA311B5F3433F22FB598B5E3C2F","startup_urls":"EDEB5D9F92C339691C52E017FCFA15D98F6DAAA09AA1A53D89F5178B68132533"},"software_reporter":{"prompt_reason":"D1344135D8DFD945CF4756C2A49E9F110993278F9194634CDB445FAAF9419A67","prompt_seed":"89AD77D90504314EA458918668AC632A3E1CC302A32F183EB542823161F3A498","prompt_version":"AFC2529A3B8150E94C8E649488CB3C989420429B36BA7C27294B83BDF9FCE692"},"sync":{"remaining_rollback_tries":"1AF90E7F1434C125C2B3E45CE91F53572B78C5227651EEBA61CA6CDE43801179"}},"super_mac":"BFD28EA8DA55BE8D2F26B81A331E8FCCDE8DC74FBA9F49E7FE5AE1BA938AC8B1"}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Old Start Page"="http://www.google.com"
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?trackid=sp-006"
"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"
"Search Bar"="https://www.google.com/?trackid=sp-006"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Old Start Page"="https://www.google.com/?trackid=sp-006"
"Start Page"="https://www.google.com/?trackid=sp-006"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI deleted successfully

==== Empty IE Cache ======================

C:\Users\petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\petra\AppData\Local\Mozilla\Firefox\Profiles\my7y6187.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\petra\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6 folders=3 11077736 bytes)

==== Empty Temp Folders ======================

C:\Users\petra\AppData\Local\Temp will be emptied at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\petra\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on po 29.06.2015 at 20:13:17,08 ======================

[Peetulice]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:36, on 29.6.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)

FIREFOX: 38.0.5 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Users\petra\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BD5F78C-37AA-4B26-947F-860928925233}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: COMODO Chromodo Update Service (ChromodoUpdater) - Comodo - C:\Program Files\Comodo\Chromodo\chromodo_updater.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe

--
End of file - 3841 bytes

[jerabina]

Tak ještě dočistíme

Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku"