Prosim o kontrolu logu

[Syki7]

RogueKiller V10.9.1.0 (x64) [Jul 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Opera?ní systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spu?t?no : Normální re?im
U?ivatel : Michal [Práva správce]
Started from : C:\Users\Michal\Desktop\RogueKillerX64 (3).exe
Mód : Smazat -- Datum : 07/14/2015 13:01:19

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUP] (X64) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Smazáno
[PUP] (X86) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> ERROR [2]
[PUP] (X64) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> ERROR [2]
[PUP] (X86) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Smazáno

¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \CatalinaGroupUpdateTaskUserS-1-5-21-253112895-946898586-2958512260-1002UA -- C:\Users\Michal\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe (/ua /installsource scheduler) -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlí?e?e : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] f66c7a1b36e54a6b5a76c87716c68bb4
[BSP] b142cdf3ad05668969364a7aa0458f89 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 904950 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1858230272 | Size: 450 MB
6 - Basic data partition | Offset (sectors): 1859151872 | Size: 25600 MB
7 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1911580672 | Size: 20480 MB
User = LL1 ... OK
User = LL2 ... OK

[Reklama]

[Orcus]

Ještě zbytek.

[Syki7]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Michal on Łt 14. 07. 2015 at 22:13:37,73.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Michal\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14. 7. 2015 22:18:10 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AirMyPC deleted successfully
C:\PROGRA~2\Alcohol Soft deleted successfully
C:\PROGRA~2\e5674085-d5e1-4705-9f07-9f81ddd94548 deleted successfully
C:\PROGRA~2\Nov  slo§ka deleted successfully
C:\PROGRA~2\Pando Networks deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\McAfee deleted successfully
C:\Program Files\Paint.NET deleted successfully
C:\Program Files\stinger deleted successfully
C:\PROGRA~3\Logs deleted successfully
C:\PROGRA~3\LumaEmu_SteamCloud deleted successfully
C:\PROGRA~3\Network Settings deleted successfully
C:\Users\Michal\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Michal\AppData\Local\WMTools Downloaded Files deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12A7A6AA-DC40-4CAD-9EFF-4DFE70C8924} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AF6D172-219-4764-905F-4A2DAC94038} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DB09E2-AD1A-47D1-9F9B-BB8ED9C624E5} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FF1F010-B8D-4F04-A917-E961496F1AA2} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22266E1-834D-4DC6-85C7-A594FAB012} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CB82777-D70D-4692-B0AF-C770C56BA44} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D661EB9-458B-4446-9E1-FF8611A44F14} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{35507E9A-B01B-4C49-90F0-6F90384960CD} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3DB4E581-65F6-41F9-B3AE-9EF328DF5F33} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FF9B8A6-CF5-4C2D-8B4F-F544E38904A} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42f0e527-4f69-4985-8a8d-6b3ffcf4fc80} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49AA6350-6318-4D74-A1BC-CB21A0428D43} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FB0A55F-FD27-4D5D-9AF8-72D6C3B1EC7} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FC819B4-EE9D-4F2A-BF3C-D5A030C6D2E} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51F56B7-5C82-418C-81AE-97F79584825} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{532094C6-4133-4EF1-AC70-748C4718BAB} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56FC4EE-8E41-47F8-A7CD-D293D3B2FDE} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B35322C-7197-4A24-A8C3-37BEC84418} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5DDDE7E7-CCB1-457F-9FA2-3313A8488A0} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{646137-41D-4B5E-8EE7-8154876A67E} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AF206BE-AB37-4EAE-9FB8-FABD4E6F43EF} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FF83651-8BC6-4579-9D93-EA307BA5AF3} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72B0933A-48EF-49B9-A89-D9D449C8C49F} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F22EA17-9F21-42BC-BDA4-FE7E6A637D1} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F70EA91-9155-45FB-A9DE-FF79B8A6C5E} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91B627B7-9383-4431-8138-436D3F74D777} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94BA5165-749E-4FAD-AAC3-F1A91C1F46A} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95E0BBFD-BEEF-4361-8D74-D03B20B8BF37} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B1A6C4E-2392-4D06-9520-9F292AFA4DDA} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CE79DC6-D676-46DF-9DEE-897168838546} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A9FB2484-3877-4200-90B1-6B9B1D92129B} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB6E38C7-10C-4622-A5F1-86E05225A0B3} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD06C7A6-5B01-4EAA-8BCE-CE1FF2713CD0} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADE36884-5DEA-46D2-8DF6-CA5ACFA281B4} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2385357-A0AB-42E5-A112-3976667E1E2} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B960A460-C30D-423C-B0DD-D5D13EBBBC62} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ba4083b4-0485-4aca-a040-793ecb29ad33} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA834EBE-E357-4572-8FC3-5C5CB87B398} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C13142B7-D638-4688-8195-BC2B86859EF} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7D24EF2-4114-4BD9-A760-BE17AAF897D8} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7DD2100-C33C-48F0-ADF8-29B3C839F37} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCD8ED4B-DE9A-4B0C-B2F1-C1CC75B24482} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE6383E9-60-4A68-9ED0-A2334155AB6} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CECE5B1C-798E-4FD7-9CC3-80C33331585} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3380CB-620E-4B65-BB8-20652961888} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5095BE5-858E-4C5A-BA69-ACF08E8925F2} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D60420FA-86DF-40F8-9132-25795B36652} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7DFDE1A-30B3-43C9-82C4-92D3A5789311} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB2DAAE6-A1E0-4A42-958-D1F1C63F95E0} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E4455D93-56DA-4DBE-87F1-5F48C58E8EF4} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E47A1230-6DA7-4985-9356-18384B51D90} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E71C9C5B-78A9-4900-8F85-FB227F1F4D9} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9397DD2-2981-4F8E-9FB5-30DD3B15EB9} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EB25BFCF-5047-428F-BA82-93DFA8B41FDC} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EBC6A83-730A-4FCE-B8FB-77A65CB4E22A} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFE73C64-A2AB-4E1B-9BC-2BE6487C11C7} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F82F0934-A9BD-41AC-99AE-A99FB24AC74} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBEB0071-D2E2-4919-933D-5D6E214D116} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD10CC91-41A8-423A-A86-239E3C4FA38A} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF1E51B3-EF21-4CF7-9BD5-4BCAAF4A2A4} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42f0e527-4f69-4985-8a8d-6b3ffcf4fc80} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ba4083b4-0485-4aca-a040-793ecb29ad33} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7DFDE1A-30B3-43C9-82C4-92D3A5789311} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\HjMpY9QV.default\prefs.js:

Added to C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\HjMpY9QV.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AirMyPC not found
C:\PROGRA~2\Alcohol Soft not found
C:\PROGRA~2\e5674085-d5e1-4705-9f07-9f81ddd94548 not found
C:\PROGRA~2\Nov  slo§ka not found
C:\PROGRA~2\Pando Networks not found
"C:\windows\Installer\9c5ee.msi" not found
C:\PROGRA~2\Download Plus deleted
C:\PROGRA~2\Gom VPN Turbocharge your internet deleted
C:\Users\Michal\AppData\Roaming\.mctitangalacticraft deleted
C:\Users\Michal\AppData\Roaming\.technic deleted
C:\PROGRA~3\DivX deleted
C:\search.sqlite deleted
C:\install.exe deleted
C:\Users\Michal\AppData\Roaming\temp.ini deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Michal\AppData\Local\avgchrome deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Michal\AppData\LocalLow\IObit Apps deleted
C:\Users\Michal\AppData\LocalLow\ADSRemoval deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\WINDOWS\Syswow64\Hotspot Shield deleted
C:\WINDOWS\SysWow64\searchplugins deleted
C:\WINDOWS\SysWow64\Extensions deleted
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\HjMpY9QV.default\extensions\abs@avira.com deleted
"C:\Users\Michal\AppData\Local\LumaEmu" deleted
"C:\Users\Michal\AppData\Roaming\PG" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\HjMpY9QV.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Michal\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Michal\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.124

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
icmlaeflemplmjndnaapfdbbnpncnbda - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[01. 05. 2015 11:17]

TM BETA - Michal\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf

==== Chromium Startpages ======================

C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences
jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false}}},"homepage_changed":true,"pinned_tabs":[],"protection":{"homepage":"5342DCF0A43B19E53C89ACEF668679A188E8C61649882DBA4A0BF633AE3F8567","macs":{"browser":{"show_home_button":"F616279E9E0682A42DB1D4BFF082B62F77C18F84DD128F2308740A960D761673"},"default_search_provider":{"keyword":"A1929361ED3369E153954C39D8B1B498B4FAADF93E867D522FD1948E226AF898","name":"F5ECD9C1E75F1E3A220D6D7874A78DB0362F1C430F9F14152D21A31B7FDBABDB","search_url":"DC59438334A9D3B75E9553ADF45A12C25AAE44338D9142BAB86263B53AE7F2FA"},"default_search_provider_data":{"template_url_data":"AEDF80B698BE3B9A0410AC572684CF4CEA23331D52461BF078725B1D1626DF71"},"extensions":{"known_disabled":"B3156A775ECF7A5BB2B79FDB91E820AF38B127FA54F119B96CDC587D8E148ACB","settings":{"agbnjankikoaabjkmfbaceggjliabkbn":"8EBB5FA2C28C404C684F14E3C2F7838275722E0DD4B4D4BF8E7260AA9FD83BCC","ahfgeienlihckogmohjhadlkjgocpleb":"63DF897B5750F1E8DBEEF6B5D81FCA4539D69340010E08550E71F1BD40354D8E","bepbmhgboaologfdajaanbcjmnhjmhfn":"71DDC0F293D386C7448889F6EA5E2B6C95B796977B2CDFF04486612569DF84BD","cflheckfmhopnialghigdlggahiomebp":"11FBC755257521D07B90C0534A70D747EBEAF3824ECAF264409F522102A43A52","dcjcljlkomgdljllhnpkfchiaoejnijb":"7223E4020068DEB4B98FE496A04457E8763205A841C86D1D5B591EDD323C98F4","eemcgdkfndhakfknompkggombfjjjeno":"22435C3D24287A89DBF1708CA499A752F9A0D177752147E84AEA9CE68475804E","ennkphjdgehloodpbhlhldgbnhmacadg":"54CA68052CD6B7CEBFA05CE722F351C2C34DE7A74BDEDCB3C086E7D94D92E0F2","flliilndjeohchalpbbcdekjklbdgfkk":"1E536C2F5443950FB3CDB42E41C91A42CF8CB3B7C172CB1F29F5603BCD9FDDB1","gfdkimpbcpahaombhbimeihdjnejgicl":"18A597BBBF1797E6EAAA4771EC55B259EBB74FBB13C12381CD37E197CDFAE1FE","iclnmlbajnhaegddaimjephnnhfpcmde":"A0F4F12A42981CCAB8AC75D756E7D3C66B5178B431E4D8B870DB1C4BD180C586","kmendfapggjehodndflmmgagdbamhnfd":"76A98C57B99C474ABF41C8D053A00ED6BCE9E5925FFDC16E2BBD6D265F511930","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"0FB07687E95183F2296CCB211A6CF64421931721F120228A7251AE76C0B75E3E","lojpenhmoajbiciapkjkiekmobleogjc":"A5FD85648E4B05E2A7D4223C5CC5CC6072E7FF8BC749D9C924524FA6B71CE6BC","mfehgcgbbipciphmccgaenjidiccnmng":"C9BBB1EFA50CA52404727435F4A311245BAB3860866E6CB8C3FB50CA12B5AE52","mgndgikekgjfcpckkfioiadnlibdjbkf":"08602883652DF47346C0292752D8953D9D94A3A55EFCA3F376B997516A436615","mhjfbmdgcfjbbpaeojofohoefgiehjai":"8576E4112B4E2B1B1E9DB208B74723877AB63980BBCF2185B44E8F7549EEDE95","neajdppkdcdipfabeoofebfddakdcjhd":"43B7FC25C3C8732AB6D06529152E626A12B1C6F03C34801AAE75A171FC185E82","nfengeggddojhakldhlpjdlddgkkjkddabc":"50744760A0BE88A85E50CE51DAC2D5FE7B74C3029AB26726895C096300F642EA","nkeimhogjdpnpccoofpliimaahmaaome":"92124591022C069286B60DF82E0CF9C39717FB3D17160A50C137A5AF4E447D84","nmmhkkegccagdldgiimedpiccmgmieda":"F76DF7133B0EB8F1F44F3CB60010DBC593948DABB2EEB29119447B4579E53DFF","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"82BB138A5F80610A6B7DB537F93A9737250ECDBFAEF6DCB32146B68ECB7EEC00"}},"google":{"services":{"last_username":"C1FEEE448D1E81A182ADBAACA5E2DB512DB86E7DA98458A2DEA8CB0C904DD5FC","username":"8D57C2F0DB39864CBA5AA7E3FD28580109C4EB87012916A16BEB45534972A638"}},"homepage":"AA973C54E58CFB1A20E327F4FAB0EAFDE028984A31AE79B25DA6B1EB5CD75A6F","homepage_is_newtabpage":"5DD7682F8B85FD1195CA31EAB00DD63B300D3B55DDD1D432183002DD6F1981C8","pinned_tabs":"5AC67A5653B9841CF729A3F44B28AD29F4C3ED6C26EE01CAE60B547214982FB9","prefs":{"preference_reset_time":"D5F6F2E60CB982088500E7F65D825428E68F3FE5AFF291117B78C957FC3A9A97"},"profile":{"reset_prompt_memento":"4CD9E4EA75731BDA602EC40644118EE4D53FA4E2AECE4A7E9E2B222C72B9D95D"},"safebrowsing":{"incidents_sent":"8E0D82278573FE13BECEEB66F4A0FDEC45AF0162094E0BF5DD8F72FB3AA822BC"},"search_provider_overrides":"7EE51B989029A40ECD31ABED9D3BB4766A3C16EE8AD712B612BA3F2312EDB843","session":{"restore_on_startup":"BD53A4E8049D71499164EF6C7B0871C9F0427A5443B87F96BA8B217905740886","startup_urls":"5C875EDF703F152DC1987D4718216E20278DCB2C22436D73D811DE5FE089A6D5"},"software_reporter":{"prompt_reason":"72B13E02ADC8FCBE6F178E30350778298752D814EBE8FBD56B0A26901DC38963","prompt_seed":"BE12650FB8256A03640C42CA0CB0E187628D674F75276E581549FBA5D83F6104","prompt_version":"0811FF16BA55D8AB1568A8380D2CBB55E29225732719093E1AB8EB8050C17353"},"sync":{"remaining_rollback_tries":"79766EC6E602C6139FAF56DA660EEF6025766C8861C81B2C45E30C71126571E8"}},"super_mac":"02D5FCF81C9EF49E59CF971097585F1F05A346A849DE0CFF946CE951AE0FCA2A"},"session":{"startup_urls":[]},"software_reporter":{"prompt_reason":0,"prompt_seed":"20150601","prompt_version":"3.21.0"},"sync":{"remaining_rollback_tries":0}}

C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Preferences
orts_spdy":true},"www.googletagmanager.com:443":{"supports_spdy":true},"www.mall.cz:443":{"supports_spdy":true},"www.youtube-nocookie.com:443":{"supports_spdy":true},"www.youtube.com:443":{"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"yt3.ggpht.com:443":{"supports_spdy":true}},"version":3}},"plugins":{"plugins_list":[]},"profile":{"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{},"pref_version":1},"created_by_version":"29.0.1795.60","creation_timestamp":"13077087671642692","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true},"protection":{"macs":{"extensions":null}},"session":{"restore_on_startup":4,"startup_urls":["http://www.mystartsearch.com/?type=hp&ts=1434975773&z=864f9e48478753571ac1548gdzaccz7tamaw1m8mbc&from=wpc&uid=ST1000LM024XHN-M101MBB_S2U5J9DCA12875"],"urls_signature":"9PP2gwTiOy2Ocs59rTThDyD1GQz4uMR0bU7CPJsFEeSm2tfd86TZodMbBLnK8jtV"},"speeddial":{"bookmarks_folder_guid":"99F1D53E-F39E-4382-8516-FA5C375151B7","imported_to_bookmarks":true},"turbo":{"client_id":"349bdfb9587e5abb83f0d68633be2602dd5c619eea04e1681cae134b1a5e2920"}}


==== Chromium Fix ======================

C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.save-video.com_0.localstorage-journal deleted successfully
C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.mystartsearch.com_0.localstorage deleted successfully
C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Local Storage\http_www.mystartsearch.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=MSE1"
"First Home Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"First Home Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.msn.com/?pc=MSE1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1E11E7E9-4722-4BD6-BA48-3A212036FE5D} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Michal\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{1E11E7E9-4722-4BD6-BA48-3A212036FE5D} deleted successfully
HKEY_USERS\S-1-5-21-253112895-946898586-2958512260-1002\Software\Microsoft\Internet Explorer\SearchScopes\{1E11E7E9-4722-4BD6-BA48-3A212036FE5D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1E11E7E9-4722-4BD6-BA48-3A212036FE5D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E11E7E9-4722-4BD6-BA48-3A212036FE5D} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A07A2460258F9394288272DEE4B38029 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0642A70A-F852-4939-8228-27ED4E3B0892} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A07A2460258F9394288272DEE4B38029 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dolby Home Theater v4 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Michal\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Michal\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Michal\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Michal\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=10737 folders=1604 2282068180 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Michal\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Michal\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on st 15. 07. 2015 at 9:15:26,14 ======================

[jerabina]

Poprosím tě o nový log z HJT + info o problémech.

[Syki7]

Předtím sem mnel zalagovanej PC a bál jsem se jestli tam není nějaký vir protože jsem byl nějakou dobu bez antiviru.. + milion reklam na chromu.. a teď je docela rychlejší a reklamy zmizeli :) dík moc

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:30, on 15. 7. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\werfault.exe
C:\Users\Michal\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Bloody2] "C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe" Minimum
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Michal\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - c:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - c:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - c:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - c:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\windows\SysWOW64\ssins.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 11556 bytes

[Orcus]

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno , zelenou fajfku.

[Syki7]

# DelFix v1.010 - Logfile created 15/07/2015 at 18:03:14
# Updated 26/04/2015 by Xplode
# Username : Michal - SYKI
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\log.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Michal\Desktop\AdwCleaner.exe
Deleted : C:\Users\Michal\Desktop\JRT.exe
Deleted : C:\Users\Michal\Desktop\HijackThis.exe
Deleted : C:\Users\Michal\Desktop\hijackthis.log
Deleted : C:\Users\Michal\Desktop\RogueKillerX64 (3).exe
Deleted : C:\Users\Michal\Desktop\TFC.exe
Deleted : C:\Users\Michal\Desktop\zoek.exe
Deleted : C:\Users\Michal\Downloads\JRT (1).exe
Deleted : C:\Users\Michal\Downloads\JRT.exe
Deleted : C:\Users\Michal\Downloads\HijackThis (1).exe
Deleted : C:\Users\Michal\Downloads\HijackThis.exe
Deleted : C:\Users\Michal\Downloads\hijackthis.log
Deleted : C:\Users\Michal\Downloads\RogueKiller.exe
Deleted : C:\Users\Michal\Downloads\RogueKillerX64 (1).exe
Deleted : C:\Users\Michal\Downloads\RogueKillerX64.exe
Deleted : C:\Users\Michal\Downloads\TFC (1).exe
Deleted : C:\Users\Michal\Downloads\TFC (2).exe
Deleted : C:\Users\Michal\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #86 [Installed Nero 9 Essentials 4.4.9.0 | 07/09/2015 10:28:20]
Deleted : RP #87 [Windows Update | 07/12/2015 20:43:42]
Deleted : RP #88 [zoek.exe restore point | 07/14/2015 20:17:25]

New restore point created !

########## - EOF - ##########

[jaro3]

Zkoušet si odinstalovat ten Eset?
Pořád Ti tam běží od něj služba.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)