Prosim o kontrolu logu - Notebook zamrzává

[AlastorM]

HijackThis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:57, on 18.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Avast\AvastUI.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Programy\Internet\Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
D:\Programy\HijackThis\hijackthis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [GSplay.exe] D:\Stahov%c3%a1n%c3%ad\GSplay\GSplay.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\Vypalování\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\PRCE~1\MSOFFI~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\PRCE~1\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programy\PRCE~1\MSOFFI~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\PRCE~1\MSOFFI~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{38A3CB67-8835-4733-95A4-359FFD0E1B36}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE65D45-4157-4816-8625-22A56A449841}: NameServer =
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Avast\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Programy\Internet\Skype\Updater\Updater.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe

Předem děkuji

--
End of file - 5423 bytes

[Reklama]

[jerabina]

Podíváme se na to

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[AlastorM]

# AdwCleaner v4.208 - Log vytvořen 18/07/2015 v 22:07:55
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-15.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x86)
# Uživatelské jméno :
# Spuštěno z : F:\Stahování 3\AdwCleaner.exe
# Nastavení : Sken

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files\Check Point Software Technologies LTD
Složka Nalezeno : C:\Users\XXX\AppData\LocalLow\Check Point Software Technologies LTD
Složka Nalezeno : C:\Users\XXX\AppData\Roaming\Check Point Software Technologies LTD

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Nalezeno : HKCU\Software\Google\Chrome\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33E66146-7802-47FB-811D-37E639913E13}
Klíč Nalezeno : HKCU\Software\VIS
Klíč Nalezeno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17728

Nastavení Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://search.zonealarm.com/?src=nt&tbi ... sId=&ver=&

-\\ Mozilla Firefox v39.0 (x86 cs)


-\\ Google Chrome v43.0.2357.134


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R1].txt - [1694 bytů] - [18/07/2015 22:07:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1752 bytů] ##########

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 18.7.2015
Čas skenování: 22:19:01
Protokol:
Správce: Ano

Verze: 2.01.6.1022
Databáze malwaru: v2015.07.18.04
Databáze rootkitů: v2015.07.17.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel:

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 336871
Uplynulý čas: 21 min, 43 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[AlastorM]

Rogue killer
RogueKiller V10.9.1.0 [Jul 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Opera?ní systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spu?t?no : Normální re?im
U?ivatel : uživatel [Práva správce]
Started from : C:\Users\uživatel\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 07/19/2015 11:18:48

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6E97067F-A0B7-44E0-A241-8FF5497D4239} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6E97067F-A0B7-44E0-A241-8FF5497D4239} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6E97067F-A0B7-44E0-A241-8FF5497D4239} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1492769296-2249479302-710929357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlí?e?e : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] bee7so0x.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM321HI ATA Device +++++
--- User ---
[MBR] 985031258d2909d8dfc45eee685329fc
[BSP] aa8f462912199c1edb3d74dc526a183d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 1506 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3084480 | Size: 102390 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 212780925 | Size: 102398 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 422493435 | Size: 98947 MB
User = LL1 ... OK
User = LL2 ... OK

JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Professional x86
Ran by uživatel on ne 19.07.2015 at 10:12:10,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\users\Public\Documents\alawarwrapper



~~~ FireFox

Emptied folder: C:\Users\uživatel\AppData\Roaming\mozilla\firefox\profiles\bee7so0x.default\minidumps [12 files]



~~~ Chrome


[C:\Users\uživatel\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\uživatel\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\uživatel\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\uživatel\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 19.07.2015 at 10:47:03,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW
# AdwCleaner v4.208 - Log vytvořen 19/07/2015 v 10:02:06
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-15.1 [Server]
# Operační system : Windows 7 Professional Service Pack 1 (x86)
# Uživatelské jméno : uživatel
# Spuštěno z : F:\Stahování 3\AdwCleaner.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Program Files\Check Point Software Technologies LTD
Složka Smazáno : C:\Users\uživatel\AppData\LocalLow\Check Point Software Technologies LTD
Složka Smazáno : C:\Users\uživatel\AppData\Roaming\Check Point Software Technologies LTD

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKCU\Software\Google\Chrome\Extensions\kgdcapepedmpopjkmdbjnmmmfgllnfek
Klíč Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33E66146-7802-47FB-811D-37E639913E13}
Klíč Smazáno : HKCU\Software\VIS
Klíč Smazáno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17728

Nastavení Obnoveno : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v39.0 (x86 cs)


-\\ Google Chrome v43.0.2357.134


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R1].txt - [1830 bytů] - [18/07/2015 22:07:55]
AdwCleaner[R2].txt - [1888 bytů] - [19/07/2015 09:55:22]
AdwCleaner[R3].txt - [1946 bytů] - [19/07/2015 10:00:05]
AdwCleaner[S1].txt - [1733 bytů] - [19/07/2015 10:02:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1791 bytů] ##########

CrystalDiskInfo
----------------------------------------------------------------------------
CrystalDiskInfo 6.5.2 (C) 2008-2015 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Professional SP1 [6.1 Build 7601] (x86)
Date : 2015/07/19 11:26:22

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH8M SATA AHCI Controller - 2829 [ATA]
+ ATA Channel 0 (0)
- SAMSUNG HM321HI ATA Device
- HL-DT-ST DVDRAM GSA-T20N ATA Device
- ATA Channel 1 (1)
- ATA Channel 2 (2)
+ Intel(R) ICH8M Ultra ATA Storage Controllers - 2850 [ATA]
- ATA Channel 0 (0)

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HM321HI : 320,0 GB [0/1/0, pd1]

----------------------------------------------------------------------------
(1) SAMSUNG HM321HI
----------------------------------------------------------------------------
Model : SAMSUNG HM321HI
Firmware : 2AJ10001
Serial Number : S24PJ9AB900212
Disk Size : 320,0 GB (8,4/137,4/320,0/320,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 23901 hod.
Power On Count : 1233 krát
Temperature : 34 C (93 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0080h [OFF]
AAM Level : FE00h [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000001 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _89 _89 _25 000000000DB5 Čas na roztočení ploten
04 _99 _99 __0 0000000005DA Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 000000005D5D Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B _99 _99 __0 000000000492 Počet pokusů o překalibrování
0C _99 _99 __0 0000000004D1 Počet cyklů zapnutí zařízení
BF 100 100 __0 000000000257 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _55 __0 002D00050022 Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 100 100 __0 000000000005 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 000000000147 Počet chyb při zápisu sektorů
DF _99 _99 __0 000000000492 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 _45 _45 __0 000000087F1E Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 3450 4A39 4142 3930 3032 3132 2020 2020 2020
020: 0000 4000 0004 3241 4A31 3030 3031 5341 4D53 554E
030: 4720 484D 3332 3148 4920 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1F06 0000 004C 0040
080: 01FF 0028 746B 7F69 6123 7469 BC41 6123 407F 0028
090: 0028 0080 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: EAB0 2542 0000 0000 0000 0000 4000 0000 5002 4E92
110: 0603 21EA 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 6AA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 01 00 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 59 59 B5
020: 0D 00 00 00 00 00 04 32 00 63 63 DA 05 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 5D 5D 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 63 63 92 04 00 00 00 00 00 0C 32 00 63 63 D1
080: 04 00 00 00 00 00 BF 22 00 64 64 57 02 00 00 00
090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
0A0: 00 40 37 22 00 05 00 2D 00 00 C3 3A 00 64 64 00
0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C5 32 00 FC FC 00 00 00 00 00 00 00 C6 30
0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 64 64 05
0E0: 00 00 00 00 00 00 C8 2A 00 64 64 47 01 00 00 00
0F0: 00 00 DF 32 00 63 63 92 04 00 00 00 00 00 E1 32
100: 00 2D 2D 1E 7F 08 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 74 13 00 5B
170: 03 00 01 00 02 53 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[AlastorM]

ComboFix 15-07-18.01 - uživatel 19.07.2015 16:53:03.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.1527.461 [GMT 2:00]
Spuštěný z: c:\users\uživatel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-06-19 do 2015-07-19 )))))))))))))))))))))))))))))))
.
.
2015-07-19 14:27 . 2015-07-19 14:01 24064 ----a-w- c:\windows\zoek-delete.exe
2015-07-19 14:20 . 2015-07-19 14:27 -------- d-----w- C:\zoek
2015-07-19 08:00 . 2015-07-19 08:00 -------- d-----w- c:\users\uživatel\AppData\Local\ElevatedDiagnostics
2015-07-18 20:07 . 2015-07-19 14:01 -------- d-----w- C:\AdwCleaner
2015-07-17 21:28 . 2015-07-17 21:28 -------- d-----w- c:\program files\HD Tune
2015-07-17 21:12 . 2015-07-17 21:12 -------- d-----w- c:\program files\CrystalDiskInfo
2015-07-17 21:11 . 2015-07-17 21:11 -------- d-----w- c:\users\uživatel\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2015-07-17 20:59 . 2015-07-17 20:59 -------- d-----w- c:\program files\OCCTPT
2015-07-10 16:43 . 2015-07-10 16:43 -------- d-----w- c:\users\uživatel\AppData\Roaming\msihmdt
2015-07-10 16:41 . 2015-07-10 16:41 -------- d-----w- c:\program files\Microsoft XNA
2015-07-10 16:32 . 2015-07-10 16:32 -------- d-----w- c:\program files\SimtMHD_1-1-2-57
2015-06-20 06:51 . 2015-06-20 06:51 -------- d-----w- c:\program files\avast software
2015-06-20 06:50 . 2015-06-20 06:50 291312 ----a-w- c:\windows\system32\aswBoot.exe
2015-06-20 06:50 . 2015-06-20 06:50 43112 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-19 13:48 . 2014-07-04 19:24 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-18 20:18 . 2014-11-10 15:12 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-14 21:19 . 2014-05-18 20:46 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-14 21:19 . 2014-05-18 20:46 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-26 18:50 . 2014-06-18 08:33 428120 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-06-20 06:50 . 2014-06-18 08:33 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-06-20 06:50 . 2014-06-18 08:33 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-06-20 06:50 . 2014-06-18 08:33 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-06-20 06:50 . 2014-06-18 08:33 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-06-20 06:50 . 2014-06-18 08:33 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-06-20 06:50 . 2014-06-18 08:33 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-06-20 06:50 . 2014-06-18 08:33 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-06-20 06:50 645144 ----a-w- c:\avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\Vypalování\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AvastUI.exe"="c:\avast\AvastUI.exe" [2015-06-20 5515496]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2014-07-23 134624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- d:\programy\Vypalování\DAEMON Tools Lite\DTLite.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-06-20 106912]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R2 SkypeUpdate;Skype Updater;d:\programy\Internet\Skype\Updater\Updater.exe [2015-06-03 327296]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
R3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb16.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 95616]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 27520]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-04-23 202752]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 V0220Dev;Live! Cam Video IM;c:\windows\system32\DRIVERS\V0220Dev.sys [2007-08-15 198784]
R3 V0220Vfx;V0220Vfx;c:\windows\system32\DRIVERS\V0220Vfx.sys [2007-03-05 7424]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-06-20 787760]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-06-26 428120]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-09-14 243128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-06-20 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-06-20 74976]
S2 MbnExt;Mobile Broadband Extension Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [2014-07-03 93712]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 76544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MbnExt REG_MULTI_SZ MbnExt
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-14 15:27 991048 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.134\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18 21:19]
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-06-20 06:22]
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-06-20 06:22]
.
.
------- Doplňkový sken -------
.
mStart Page = www.google.com
IE: E&xportovat do aplikace Microsoft Excel - d:\programy\PRCE~1\MSOFFI~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\bee7so0x.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-GSplay.exe - d:\stahov%c3%a1n%c3%ad\GSplay\GSplay.exe
AddRemove-zonealarm - c:\users\uživatel\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-07-19 17:17:01
ComboFix-quarantined-files.txt 2015-07-19 15:17
.
Před spuštěním: Volných bajtů: 28 281 327 616
Po spuštění: Volných bajtů: 28 038 582 272
.
- - End Of File - - 5899036C0333B532D50D751C63B981D9
A36C5E4F47E84449FF07ED3517B43A31



RogueKiller V10.9.1.0 [Jul 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : uživatel [Práva správce]
Started from : C:\Users\uživatel\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 07/19/2015 16:00:49

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6E97067F-A0B7-44E0-A241-8FF5497D4239} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6E97067F-A0B7-44E0-A241-8FF5497D4239} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6E97067F-A0B7-44E0-A241-8FF5497D4239} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1492769296-2249479302-710929357-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlí?e?e : 5 ¤¤¤
[FIREFX:Addon] bee7so0x.default : Web Developer [{c45c406e-ab73-11d8-be73-000a95be3b12}] -> Smazáno
[FIREFX:Addon] bee7so0x.default : Flash Video Downloader - YouTube HD Download [4K] [artur.dubovoy@gmail.com] -> Smazáno
[FIREFX:Addon] bee7so0x.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] bee7so0x.default : Avast Online Security [wrc@avast.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] bee7so0x.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM321HI ATA Device +++++
--- User ---
[MBR] 985031258d2909d8dfc45eee685329fc
[BSP] aa8f462912199c1edb3d74dc526a183d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 1506 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3084480 | Size: 102390 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 212780925 | Size: 102398 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 422493435 | Size: 98947 MB
User = LL1 ... OK
User = LL2 ... OK



Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by uživatel on ne 19.07.2015 at 16:01:51,33.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\uživatel\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19.7.2015 16:03:31 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Common Files\Blizzard Entertainment deleted successfully
C:\Program Files\Common Files\PDF Architect deleted successfully
C:\Program Files\Common Files\Symantec Shared deleted successfully
C:\PROGRA~2\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604} deleted successfully
C:\Users\uživatel\AppData\Local\Battle.net deleted successfully
C:\Users\uživatel\AppData\Local\CrashDumps deleted successfully
C:\Users\uživatel\AppData\Local\GHISLER deleted successfully
C:\Users\uživatel\AppData\Local\Instantbird deleted successfully
C:\Users\uživatel\AppData\Local\Oblivion deleted successfully
C:\Users\uživatel\AppData\Local\Opera Software deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1492769296-2249479302-710929357-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A9F603B-51A8-4630-AE99-4BBF01675575} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\bee7so0x.default\prefs.js:
user_pref("browser.startup.homepage", "about:home"about:home);

Added to C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\bee7so0x.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\{CC71B1CB-A2E4-4CF7-8EDB-A0E290BA1604} not found
C:\Users\uživatel\.android deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\bee7so0x.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Avast\WebRep\FF" [20.06.2015 08:50]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\bee7so0x.default
A9E98D1FCB614713E87149FCBE8459F2 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0FFC7C7A12BD7B0465D97E7745287370 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
1F352B5944AF5C2204D9EFF7F845C5AF - C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll - Google Update
3C39B899EB79C85746124ABF44B83587 - C:\Users\uživatel\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.1.0.30401.0.dll - Silverlight Plug-In
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
65F86262898A3C50CBD6BF8A9840A7EA - C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U40
CA8A2850F3BFDF9F98BC91236620B146 - C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.400.26
FD82108FD60B63010325D9AF6F00AF99 - C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll - Shockwave Flash
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\uživatel\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\uživatel\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Google Chrome Version: 43.0.2357.134

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Avast\WebRep\Chrome\aswWebRepChrome.crx[20.06.2015 08:50]

AdBlock - uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Bookmark Manager - uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

==== Chromium Startpages ======================

C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Preferences
work_stats":{"srtt":53569},"supports_spdy":true},"android.clients.google.com:443":{"supports_spdy":true},"apis.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":40385},"supports_spdy":true},"clients1.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":41848}},"clients4.google.com:443":{"network_stats":{"srtt":41848},"supports_spdy":true},"clients5.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":37938}},"clients6.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":37938}},"easylist-downloads.adblockplus.org:443":{"supports_spdy":true},"fonts.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"fonts.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":38396}},"gg.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"history.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"i.ytimg.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":51375},"supports_spdy":true},"lh3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"lh3.googleusercontent.com:443":{"network_stats":{"srtt":51375}},"lh4.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"lh6.googleusercontent.com:443":{"network_stats":{"srtt":42875},"supports_spdy":true},"oauth.googleusercontent.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":51375}},"plus.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":40385}},"r12---sn-2gb7ln7z.googlevideo.com:443":{"alternative_service":[{"port":443,"probability":0.01,"protocol_str":"quic"}]},"s.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":43479}},"s.ytimg.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":41210},"supports_spdy":true},"ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":46226},"supports_spdy":true},"ssl.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":40844},"supports_spdy":true},"support.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":45454}},"support.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":69500},"supports_spdy":true},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":40844}},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":40489},"supports_spdy":true},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true}},"supports_quic":{"address":"10.0.0.1","used_quic":true},"version":3},"network_prediction_options":2},"ntp":{"app_page_names":["Aplikace"]},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"PDFCreator\",\"selectedDestinationOrigin\":\"local\",\"undefined\":{\"version\":\"1.0\",\"printer\":{\"collate\":{\"default\":true},\"color\":{\"option\":[{\"type\":\"STANDARD_COLOR\",\"is_default\":true},{\"type\":\"STANDARD_MONOCHROME\",\"is_default\":false}]},\"copies\":{\"default\":1},\"page_orientation\":{\"option\":[{\"type\":\"PORTRAIT\",\"is_default\":true},{\"type\":\"LANDSCAPE\"}]}}},\"selectedDestinationName\":\"PDFCreator\",\"marginsType\":0,\"customMargins\":null,\"isLandscapeEnabled\":true,\"isHeaderFooterEnabled\":true}"}},"profile":{"avatar_bubble_tutorial_shown":1,"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://[*.]www.facebook.com:443,*":{"setting":1},"https://[*.]www.youtube.com:443,*":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"http://www.wowhead.com:80,*":{"setting":2},"https://www.facebook.com:443,*":{"setting":1}},"media_stream_mic":{"http://www.wowhead.com:80,*":{"setting":2},"https://www.facebook.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{"https://mail.google.com:443,*":{"setting":1}},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://www.wowhead.com:80,*":{"media-stream-camera":2,"media-stream-mic":2},"https://[*.]www.facebook.com:443,*":{"fullscreen":1},"https://[*.]www.youtube.com:443,*":{"fullscreen":1},"https://mail.google.com:443,*":{"notifications":1},"https://www.facebook.com:443,*":{"media-stream-camera":1,"media-stream-mic":1}},"pref_version":1},"created_by_version":"34.0.1847.137","exit_type":"Normal","exited_cleanly":true,"gaia_info_update_time":"13081092193215739","icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"PrvnĂ­ uĹľivatel","password_manager_groups_for_domains":[7,null,null,null,5,null,7],"per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"C:\\Users\\uživatel\\Downloads"},"selectfile":{"last_directory":"D:\\Dokumenty\\Lukáš"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13060000049873043"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"history_delete_directives":true,"managed_user_settings":true,"managed_user_shared_settings":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncT8Q/AdygOlYZjVm/aDKKqg==","sessions":true,"suppress_start":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":3,"user_skipped":true},"translate_accepted_count":{"en":0,"sk":0},"translate_blocked_languages":["cs","en","sk"],"translate_denied_count":{"en":10,"sk":3},"translate_language_blacklist":["sk"],"translate_last_denied_time":1414536141921.713,"translate_site_blacklist":["chrome.angrybirds.com"],"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
pogegjflfpflabcdkioaeobkgjik":"0A005B68EAEF40E5BA1E9EA704C2BF5FFBCE9F29AAD29E47C5F8CE808103FD11","mgndgikekgjfcpckkfioiadnlibdjbkf":"F6ABCC039D5BE42A7A503FE8D070827895050B25951C69A57433997D13B43F89","mhjfbmdgcfjbbpaeojofohoefgiehjai":"53027EFE1EA8ED62E71E8652D3AC73BD3AE1B9B38A006688ABAB0BD1F33CC0F5","neajdppkdcdipfabeoofebfddakdcjhd":"42ECB241BA73D11A0AEB7B27A29A9D902301153BD727892BFB7247E7E72918B7","nkeimhogjdpnpccoofpliimaahmaaome":"DFDC720D021085665DC100E0B04EC9B358491485D4A3715FC3D84C04E8F1E11B","nmmhkkegccagdldgiimedpiccmgmieda":"EB7B2E2DF50E2351EEA94ED92A9145C647E9126CA2A0E9B6C053297D343A0124","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"B879EB5766BFBC31DD3E6A448E7CF44D3FECFBC37C800FD7DEAC4654C43AB564","pjkljhegncpnkpknbcohdijeoejaedia":"50DCD9C285DD86D6951D5BE58601025044F7787F6ED620A1045030B45E92729A"}},"google":{"services":{"last_username":"9FEC36BDBA17830E9E07D2ACEDA635DE89ED9279B7632EA12031C919CF4B0C89","username":"EA5D7A6357C812001457415F31931AA4AADA592352B4C79718E483A20BA6C722"}},"homepage":"6FDBA8DDAFD382637C72D8D195D8E29811257692757FB7C8A4564C661391C62D","homepage_is_newtabpage":"EA81E5A9A5D4F71E77D856743A2684260007478090AD8F451B346852E245DCB7","pinned_tabs":"6C2804C684C0AF5C6CFB076465DB53F58767ED73111E9F03AE906B7D7F7F03BB","prefs":{"preference_reset_time":"87FD9ADC77F720AF5C5AAE9A83F3BD862D7621A92C2F1F9C666E86BBDE0F3A64"},"profile":{"reset_prompt_memento":"DAC0BDA23DA7452A4B24B45D644592B1FC6C65E13A80E59E2D575DA10A95B90A"},"safebrowsing":{"incidents_sent":"D012EABB988FDACA2DC3FE7CAB36BAA5701B7DB907A144AF0FA80ACA63BEBBD5"},"search_provider_overrides":"CECFAF836661D32278B66234696125643C7A23F55C382042450D83A5D5CDD439","session":{"restore_on_startup":"4A37C19BC8D73EDC6B4C8E109B8F6A2FEB8D6DE63FFDC294701792EA0F1EB8D6","startup_urls":"4CB9178DF234B3AC0A5F3B33AF808440E8E255E6326FAF575546FECF35BB70FA"},"software_reporter":{"prompt_reason":"F1673EF1ACA85A0EBF622989F159B258DB7C1C1DFA44137E5B33CEA34C10ADBE","prompt_seed":"C2005E6BAF74C6FF20ECD6DDFCE480DB59D39D91A80E368ABC022A47DF395845","prompt_version":"7B2789BDAA8E04B85969F8940EDEE86BEACC9AC1B34B92D613C13868E99E1029"},"sync":{"remaining_rollback_tries":"3C8ABA04EF9C101693F58239E32EBBBE1CDA19BF751D3DDF97D535D63D718F29"}},"super_mac":"4BE5F026856C6359E866E01B2589B18715097E957DCD5206BBECE8FE38C267E2"},"session":{"restore_on_startup":4,"startup_urls":["http://www.seznam.cz/"]},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Users\uživatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\uživatel\AppData\Local\Mozilla\Firefox\Profiles\bee7so0x.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=49 folders=11 1501108521 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

[Orcus]

Při CF ještě zůstal běžet Windows defender - vypni jej a poté nový Combofix.