Prosím o kontrolu logu Vyřešeno

[mnouckk]

Zdravím, prosím o kontrolu logu. Předpokládám nějakou havěť, která mi sama odesílá pofidérní zprávy na Skypu. Jelikož koukám, že základní postup je stále stejný, přikládám logy:

HiJackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:12, on 21.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal

Running processes:
C:\Users\mnouckk\AppData\Roaming\uTorrent\utorrent.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\mnouckk\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Dare-U mouse] "C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\mnouckk\AppData\Roaming\uTorrent\utorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
O23 - Service: MSI_Trigger_Service - MICRO-STAR INTERNATIONAL CO., LTD. - C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - c:\postgreSQL\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11529 bytes

[Reklama]

[mnouckk]

Adw Cleaner:

# AdwCleaner v4.208 - Log vytvoøen 21/07/2015 v 16:59:13
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-15.1 [Server]
# Operaèní system : Windows 7 Ultimate Service Pack 1 (x64)
# Uživatelské jméno : mnouckk - MNOUCKK-PC
# Spuštìno z : C:\Users\mnouckk\Desktop\AdwCleaner.exe
# Nastavení : Èištìní

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Soubor Smazáno : C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_akaelkiagnbfcccfnmbimdbplecgbikh_0
Soubor Smazáno : C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\akaelkiagnbfcccfnmbimdbplecgbikh

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíè Smazáno : HKCU\Software\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh

***** [ Prohlížeèe ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Google Chrome v43.0.2357.134


*************************

AdwCleaner[R0].txt - [4760 bytù] - [21/07/2015 16:40:20]
AdwCleaner[R1].txt - [1249 bytù] - [21/07/2015 16:56:13]
AdwCleaner[R2].txt - [1305 bytù] - [21/07/2015 16:58:31]
AdwCleaner[S0].txt - [4467 bytù] - [21/07/2015 16:42:10]
AdwCleaner[S1].txt - [1227 bytù] - [21/07/2015 16:59:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1285 bytù] ##########

[mnouckk]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 21.7.2015
Čas skenování: 17:05
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.21.04
Databáze rootkitů: v2015.07.17.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: mnouckk

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 490365
Uplynulý čas: 37 min, 20 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 1
PUP.Optional.OpenCandy, C:\Users\mnouckk\AppData\Roaming\uTorrent\utorrent.exe, 5116, , [8fd9ba2a8ffbd46202d1d9d0739146ba]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 5
PUP.Optional.OpenCandy, HKU\S-1-5-21-701642952-2800314590-2487764554-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uTorrent, "C:\Users\mnouckk\AppData\Roaming\uTorrent\utorrent.exe" /MINIMIZED, , [8fd9ba2a8ffbd46202d1d9d0739146ba]
PUP.Optional.OpenCandy, HKU\S-1-5-21-701642952-2800314590-2487764554-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uTorrent, "C:\Users\mnouckk\AppData\Roaming\uTorrent\utorrent.exe" /MINIMIZED, , [8fd9ba2a8ffbd46202d1d9d0739146ba]
PUP.Optional.OpenCandy, HKU\S-1-5-21-701642952-2800314590-2487764554-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uTorrent, "C:\Users\mnouckk\AppData\Roaming\uTorrent\utorrent.exe" /MINIMIZED, , [8fd9ba2a8ffbd46202d1d9d0739146ba]
PUP.Optional.OpenCandy, HKU\S-1-5-21-701642952-2800314590-2487764554-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uTorrent, "C:\Users\mnouckk\AppData\Roaming\uTorrent\utorrent.exe" /MINIMIZED, , [8fd9ba2a8ffbd46202d1d9d0739146ba]
Riskware.Keygen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AutoKMS, C:\Windows\AutoKMS.exe, , [b3b50dd790fad462e6e8e5c8bf4158a8]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 2
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinem Plus 2.4cV30.05, , [3f29dd072169d462380ed435c1421be5],
PUP.Optional.1ClickMovieDownload.A, C:\Users\mnouckk\AppData\LocalLow\ClickMovie1-Downloaderv10, , [5f09f8ec2b5feb4b705b3aae48ba758b],

Soubory: 5
PUP.Optional.OpenCandy, C:\Users\mnouckk\AppData\Roaming\uTorrent\utorrent.exe, , [8fd9ba2a8ffbd46202d1d9d0739146ba],
Riskware.Keygen, C:\Windows\AutoKMS.exe, , [b3b50dd790fad462e6e8e5c8bf4158a8],
PUP.Optional.OpenCandy, C:\Users\mnouckk\AppData\Roaming\uTorrent\updates\3.4.0_30596.exe, , [234594507f0b989e53809e0b07fd6997],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinem Plus 2.4cV30.05\bgNova.html, , [3f29dd072169d462380ed435c1421be5],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\Cinem Plus 2.4cV30.05\5b5af870-a995-428b-86ba-5c7b7b590fe7.crx, , [3f29dd072169d462380ed435c1421be5],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jaro3]

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[mnouckk]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 21.7.2015
Čas skenování: 17:55
Protokol: 111.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.21.04
Databáze rootkitů: v2015.07.17.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: mnouckk

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 491434
Uplynulý čas: 36 min, 42 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Ultimate x64
Ran by mnouckk on Łt 21.07.2015 at 18:37:01,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\AlawarWrapper
Successfully deleted: [Folder] C:\Users\mnouckk\AppData\Roaming\AlawarEntertainment
Successfully deleted: [Folder] C:\users\Public\Documents\alawarwrapper



~~~ Chrome


[C:\Users\mnouckk\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\mnouckk\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\mnouckk\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\mnouckk\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 21.07.2015 at 19:03:02,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[mnouckk]

RogueKiller V10.9.3.0 (x64) [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : mnouckk [Práva správce]
Started from : C:\Users\mnouckk\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 07/21/2015 19:14:40

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9305D101-8461-4D31-9268-26EC7648263C} | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9305D101-8461-4D31-9268-26EC7648263C} | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9305D101-8461-4D31-9268-26EC7648263C} | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 6 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader1.local
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader2.local
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader3.local
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader4.local
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader5.local
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader6.local

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000VX000-1CU162 ATA Device +++++
--- User ---
[MBR] 6a4a6ace220a17808329ad72da9d1873
[BSP] 18397a9c8e1d6b184db5842162858ce6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 478008 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 978962432 | Size: 475858 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

[mnouckk]

RogueKiller V10.9.3.0 (x64) [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : mnouckk [Práva správce]
Started from : C:\Users\mnouckk\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 07/21/2015 22:12:06

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9305D101-8461-4D31-9268-26EC7648263C} | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9305D101-8461-4D31-9268-26EC7648263C} | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9305D101-8461-4D31-9268-26EC7648263C} | DhcpNameServer : 77.48.100.254 212.80.66.7 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 6 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader1.local Smazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader2.local Smazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader3.local Smazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader4.local Smazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader5.local Smazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bettrader6.local Smazáno

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000VX000-1CU162 ATA Device +++++
--- User ---
[MBR] 6a4a6ace220a17808329ad72da9d1873
[BSP] 18397a9c8e1d6b184db5842162858ce6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 478008 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 978962432 | Size: 475858 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[mnouckk]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by mnouckk on Łt 21.07.2015 at 22:14:02,29.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\mnouckk\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21.7.2015 22:18:42 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\AnvSoft deleted successfully
C:\PROGRA~2\PokerStars.ES deleted successfully
C:\PROGRA~2\PSQLINSTALL deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Anvsoft deleted successfully
C:\Users\Guest\AppData\Roaming\DAEMON Tools Lite deleted successfully
C:\Users\mnouckk\AppData\Roaming\join.me deleted successfully
C:\Users\mnouckk\AppData\Roaming\Opera Software deleted successfully
C:\Users\mnouckk\AppData\Local\Opera Software deleted successfully
C:\Users\mnouckk\AppData\Local\Secunia PSI deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\AnvSoft not found
C:\PROGRA~2\PokerStars.ES not found
C:\PROGRA~2\PSQLINSTALL not found
C:\PROGRA~2\Anydo Extension deleted
C:\Users\mnouckk\.android deleted
C:\PROGRA~2\Pro Evolution Soccer 2015 deleted
C:\Users\mnouckk\AppData\Roaming\Car1367.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car155A.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car156A.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car15A3.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car1751.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car1756.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car17BF.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car1969.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car1980.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car1B6B.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car1D46.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car1F5A.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car1F72.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car206.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car213.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car23.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car251D.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car2CCE.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car2E9B.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car2F01.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car30F3.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car3325.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car34E7.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car3907.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car3A9C.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car3BE.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car3EA3.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car400.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car4047.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car438.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car444D.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car4489.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car4643.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car4856.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car4A2D.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car4A48.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car4A66.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car4C36.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car4C45.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car5212.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car5436.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car55D4.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car5792.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car59CD.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car5DF9.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car61C5.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car61C7.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car63F9.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car6571.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car65A3.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car6B54.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car6CF8.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car6D60.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car6D66.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car6F4D.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car7163.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car7334.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car7363.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car7564.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car7754.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car796F.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car7979.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car7B23.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car7B2D.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car7F18.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car84CA.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car86F6.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car8A65.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car8C54.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car8EB9.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car9075.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car9090.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car90AC.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car9498.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car9663.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car96C5.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car9899.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car9A4D.tmp deleted
C:\Users\mnouckk\AppData\Roaming\Car9C6C.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarA01A.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarA053.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarA250.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarA253.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarA5DD.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarABF6.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarAE0E.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarAE19.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarB1BA.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarB3B7.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarB5E3.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarB787.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarBB41.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarBBE6.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarBF6D.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarC180.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarC185.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarC36C.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarC36F.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarC93A.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarC998.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarCB59.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarCB63.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarCD50.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarCF40.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarD0B9.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarD140.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarD48.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarD552.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarD705.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarD739.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarDAC0.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarE094.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarE2A5.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarE67D.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarE864.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarF06D.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarF84.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarFA50.tmp deleted
C:\Users\mnouckk\AppData\Roaming\CarFE26.tmp deleted
C:\Users\mnouckk\AppData\Roaming\YoudaGames deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\mnouckk\AppData\Local\TempFullTiltPokerEuSetup.exe deleted
"C:\Users\mnouckk\AppData\Roaming\lOpSah3IK72fr" deleted
"C:\Users\mnouckk\AppData\Roaming\OL" deleted

==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\mnouckk\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[27.05.2014 18:03]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]

Angry Birds - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
Bob Marley - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\alpnhingmddeadgmgjbfefmaanaeifak
PicMonkey - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm
Pixlr Editor - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk
Top-Instagram.com - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklgnpfdgkjdifefanobeihjaobiepda
Anydo Extension - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem
Angry Birds - mnouckk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj
WOT - mnouckk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - mnouckk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
ClixAddon - mnouckk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjnhcgkngeeahimbfhejeaiijecekhba

==== Chromium Startpages ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",

C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Preferences
gins":1},"[*.]www.pokerarena.cz,*":{"fullscreen":1,"popups":1},"[*.]www.pokerman.cz,*":{"fullscreen":1},"[*.]www.poslatsms.cz,*":{"plugins":1},"[*.]www.presnycas.cz,*":{"plugins":1},"[*.]www.skill7.fr,*":{"popups":1},"[*.]www.sosal.cz,*":{"plugins":1},"[*.]www.sport.cz,*":{"plugins":1},"[*.]www.systemrequirementslab.com,*":{"plugins":1},"[*.]www.tubeoffline.com,*":{"plugins":1},"[*.]www.utorrent.cz,*":{"plugins":1},"[*.]www.youtube.com,*":{"fullscreen":1},"[*.]x.playok.com,*":{"plugins":1,"popups":1},"http://eu1.badoo.com:80,http://eu1.badoo.com:80":{"geolocation":1,"last_used":{"geolocation":1424559143.158708}},"http://onair.evropa2.cz:80,http://onair.evropa2.cz:80":{"geolocation":2},"http://player.vimeo.com:80,http://www.pokerarena.cz:80":{"fullscreen":1},"http://spankbang.com:80,http://www.dlouha-videa.cz:80":{"fullscreen":1},"http://technet.idnes.cz:80,http://technet.idnes.cz:80":{"fullscreen":1},"http://www.carrefour.sk:80,http://www.klikmail.sk:80":{"geolocation":2},"http://www.ceskatelevize.cz:80,*":{"media-stream-camera":2,"media-stream-mic":2},"http://www.cezregiony.cz:80,http://www.cezregiony.cz:80":{"geolocation":2},"http://www.czc.cz:80,http://www.czc.cz:80":{"geolocation":1},"http://www.databazafiriem.eu:80,http://www.klikmail.sk:80":{"geolocation":2},"http://www.euronics.cz:80,http://www.euronics.cz:80":{"geolocation":2},"https://[*.]client.casi.cz:443,*":{"popups":1},"https://[*.]cz.unibet.com:443,*":{"popups":1},"https://[*.]igames.bosscasinos.com:443,*":{"plugins":1},"https://[*.]imageshack.com:443,*":{"popups":1},"https://[*.]poker.bwin.com:443,*":{"plugins":1,"popups":1},"https://[*.]secure.brainjuicer.com:443,*":{"popups":1},"https://[*.]signin.ebay.com:443,*":{"plugins":1},"https://[*.]stalker-shop.com:443,*":{"plugins":1},"https://localbitcoins.com:443,https://localbitcoins.com:443":{"geolocation":1},"https://plus.google.com:443,*":{"last_used":{"media-stream-mic":1424985828.047075},"media-stream-mic":1},"https://secure.join.me:443,*":{"last_used":{"media-stream-mic":1431677851.963695},"media-stream-mic":1},"https://support.office.com:443,https://support.office.com:443":{"fullscreen":1},"https://www.zaimo.cz:443,https://www.zaimo.cz:443":{"geolocation":1,"last_used":{"geolocation":1424200762.677612}},"https://youtube.googleapis.com:443,https://drive.google.com:443":{"fullscreen":1}},"pref_version":1},"default_content_setting_values":{"cookies":1,"geolocation":2},"default_content_settings":{},"exit_type":"Normal","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-2nBoe8hEfTY/AAAAAAAAAAI/AAAAAAAAABY/lwff75IT4nc/s256-c/photo.jpg","gaia_info_update_time":"13081907227161196","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Výchozí profil","password_manager_groups_for_domains":[5],"per_host_zoom_levels":{}},"protection":{"macs":{"extensions":null}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":true,"reporting_enabled":false},"savefile":{"default_directory":"C:\\Users\\mnouckk\\Desktop\\Bet-Arena"},"selectfile":{"last_directory":"C:\\Users\\mnouckk\\Desktop\\Bet-Arena"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13042139729472101"},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Search Engines","Sessions","Apps","App settings","Extension settings","History Delete Directives","Synced Notifications","Dictionary","Favicon Images","Favicon Tracking","Priority Preferences","Managed Users","Managed User Shared Settings","Articles","App List","Tabs","Encryption keys"],"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAdp5Z25EQckKiKN6BVZ8FuQAAAAACAAAAAAAQZgAAAAEAACAAAAAxX44EqC7Ho2ir2NAhNL7F+Km1+svQC/6TFrktoh1yhAAAAAAOgAAAAAIAACAAAABNCG5ni9JqoWkdvHiHTnLbB97pDnGpt56K1hZ4qXM33kAAAAAGCmLSSbeKQ21T1xp19uQe4xgMM7VhUokVGjKNHsSNulxWEmdK98xAC3uVr2rgVwve0dfFbXWJSLvIDvEAN0j6QAAAAMs9SwAQlejwUR4sX9iTgYqXb6Y6VIPsu1aHcoCzzsvH+HfZlSDASbDdynNNCt6K0waWFBjhMUlapSMUXu5jtJs=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13054387115884404","has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAdp5Z25EQckKiKN6BVZ8FuQAAAAACAAAAAAAQZgAAAAEAACAAAABe9FYp4sr+FoHxoWtyDOjesbR6ZQqEgFouLfYET88t4gAAAAAOgAAAAAIAACAAAADadlHxqtuHVR967BC0unoA4cooFr7LnuHdqmo/9KLjyVAAAADkcmfqqQh1W5HvUBdvGzq566T+V2VYKLnyiEjwsc3rZAd02p3eJqrQKooNnLGEoJu7+wr/loZ14MO43KEgHNB5QXkP8/m6uhIb3k4EkNEKdUAAAACxoHEJE5OorAvm6UnQ9SMjtxPRISHczjo0CgCo3tppF1dgGoyTsHp0UNZta8lXtE/7S3cVovFQTtvjQRM3xwOv","last_synced_time":"13081983246471775","managed_user_settings":false,"managed_user_shared_settings":false,"managed_user_whitelists":false,"managed_users":false,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncw8lkrbNy2zV5ycTv60q7gA==","sessions":true,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"user_skipped":true},"synced_notification":{"first_run":false},"translate_accepted_count":{"ar":0,"bg":0,"de":0,"el":0,"en":0,"es":7,"fr":6,"hu":0,"it":4,"iw":0,"ja":1,"ko":1,"ms":1,"nl":0,"pl":1,"pt":9,"ro":0,"ru":9,"sk":0,"sl":0,"th":0,"tr":0,"und":1,"vi":4,"zh-CN":14,"zh-TW":11},"translate_blocked_languages":["cs","de","en","sk"],"translate_denied_count":{"ar":1,"bg":1,"de":3,"el":1,"en":6,"es":0,"fr":0,"hu":2,"it":0,"iw":1,"ja":0,"ko":0,"ms":0,"nl":2,"pl":0,"pt":0,"ro":1,"ru":0,"sk":3,"sl":1,"th":1,"tr":1,"und":0,"vi":0,"zh-CN":0,"zh-TW":0},"translate_language_blacklist":["en","sk","de"],"translate_last_denied_time":1415115965684.817,"translate_too_often_denied":true,"translate_whitelists":{"es":"cs","fr":"cs","it":"cs","ru":"cs","vi":"cs","zh-CN":"cs"},"zerosuggest":{"cachedresults":""}}
l":true,"exclude_from_sideload_wipeout":true}}},"google":{"services":{"last_username":"mnouckk@gmail.com","username":"mnouckk@gmail.com"}},"homepage":"http://www.google.com/","homepage_changed":true,"homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"8383EED10032AFD841F11A7D93C907638F44CF64279508CD3AC65A903150BD70"},"default_search_provider":{"keyword":"91833B097CE0744945A1B0ACBB8B652F35D1C258D1774A11E8086E8F3CE0E1F7","name":"DBD45E339133C20D7447C5CA4C37B8F4B087F0F7F042EFAEE76BB2E814A906C2","search_url":"7AE534EB0E0F6242ACAC827572D428031635A94DF96AD18F56A4F18086ED6EFD"},"default_search_provider_data":{"template_url_data":"22A4903C94F5802FCF7A3CFCC9D373B966B3F59FBCA29D1F16D1A61AC1012F55"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"26FE4988CC4BF4959B4F75CC962D76338F97383C30D490FD175BAC57A75E0B9A","akaelkiagnbfcccfnmbimdbplecgbikh":"3063ECDD52E1FBF10B212A2052B62A6A94E903C7E9B7BDC1D3C2BD38E5737AE2","aknpkdffaafgjchaibgeefbgmgeghloj":"60A87DF2AC0EB9156CBF01AD9D92EFAFF5EAE3A79FF80992AABB3868727D6FA5","aohghmighlieiainnegkcijnfilokake":"3E1D420A962FE896C4E456773D259D10D23BF96CCBE2CD05F570569BA9C27AA6","apdfllckaahabafndbhieahigkjlhalf":"4660B00DD0098565555E8FA329EC02B442D8F6BCFAE87CAB2B0C3F6662EA80C8","bepbmhgboaologfdajaanbcjmnhjmhfn":"A2227AA244EE3C81D170ADEA233B1F8029EB4F4DDA15F893DD0E9642DA4B65BF","bhmmomiinigofkjcapegjjndpbikblnp":"9774290109D98B5E9EDB0E82DAFCF4FE60AD4C36DCC3BC954A913A775E3F17C5","blpcfgokakmgnkcojhhkbfbldkacnbeo":"F00B29A58BC2873DFEF1E715DA157C2782FA4EDEAB7CC318CD624BC5BEE29E23","coobgpohoikkiipiblmjeljniedjpjpf":"7A0564B983FDA76B4B5FDF964702C489C94920A7A893B2DDA0A2AE6E9C52BE55","eemcgdkfndhakfknompkggombfjjjeno":"64D791663A08A55922F16F271CECEAA0B56AB658C79BE3AEA9122967C85E1909","ennkphjdgehloodpbhlhldgbnhmacadg":"EA9487E5EC4C0511D61EDEF2CD8ACC9E735F18203F20B60B97A56DB73B3D4E5F","gfdkimpbcpahaombhbimeihdjnejgicl":"C5E658FBFA2AEBC7C074B179BDEAF7C68292C9E68E4360CEBA92C51E0F3D1CC0","gighmmpiobklfepjocnamgkkbiglidom":"E6D747FEA2F09DAADCBDB04CD2E23F60C98358E2E42E856679A75025A7977A2C","hjnhcgkngeeahimbfhejeaiijecekhba":"203A5ACBF2C8FB3F15844FE1612BC33FAA1AE6CEF578921073BBF2E323921FE3","kmendfapggjehodndflmmgagdbamhnfd":"C1577B6C61080EA6706AA91E7AD4911AA3C402627320E9A98A21B60A96E3AD9B","knipolnnllmklapflnccelgolnpehhpl":"C9FDF3477A035AFD8D6C202BDD7F6A136273FD5DE6603D36D6D602769FDD5C72","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"F224852FA90D07328EB87B5ED0CF8F03CDC9E17CB5525E1FB73BBDF31104A755","lmjegmlicamnimmfhcmpkclmigmmcbeh":"EC7F7B2AD13E364F607DBF915654746909E3D6ED25EBE6653CFCDAF644255BBF","mfehgcgbbipciphmccgaenjidiccnmng":"607BEEC45EA968DBF5CE676059A758F4C222B915D3A57C9978B81D4E0789C2C6","mfffpogegjflfpflabcdkioaeobkgjik":"90C6D70D7527F26CB7524E31FCDEC6E354D4EC052F3FB02DE06E7AEFF324DAC5","mgndgikekgjfcpckkfioiadnlibdjbkf":"9A5330993ED9918D6DCEAF995BD644750DDDB3F24F1786C79558CC532B43A27A","mhjfbmdgcfjbbpaeojofohoefgiehjai":"69186EAEA1B69E6599F211C7285939011A5791F2081B9B49EEDF72861AA128B0","neajdppkdcdipfabeoofebfddakdcjhd":"762431D74620F4864A72E2F6F7225AD911775A210E2D5A46681151E1940BA100","nhhdgipkbgjblbgjlbakfffjbffpdblo":"BD1904E015F39ED3411C7516B994206F28300F3F2B6DBD21707CFD9A2606889F","nkeimhogjdpnpccoofpliimaahmaaome":"DDE49C3A09B8DADE30EEE73F2FC1E623224C7A396462622B3A5D57DBF9A8C6A5","nmmhkkegccagdldgiimedpiccmgmieda":"9E298E6092A596CFD77DDA43D6CB55334950E78D71CD16BD8BC8313F986E7E5F","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"BAE364F05FD7C95F8ACEBB500BD274E153646B59C996127A7253EF471E7FEC1F","pjkljhegncpnkpknbcohdijeoejaedia":"863F20AC90FEE3BFC23664E409C3A0B32230A653194D438A25FCEFDC39C3F7EC"}},"google":{"services":{"last_username":"DFE76D3494B13FF6C36048B185C8A2E12B63B559999D4A68A898CC34AEA52593","username":"CB0FCD388399BE97D956F3D230CC2AC48ED4832AE89E9797BA3D9B0587B35E21"}},"homepage":"D7EE0A86DE45B7C019765C69788D154893747176CD0E93F9EE5DC3CB139F4AB3","homepage_is_newtabpage":"EBB7B8BBE69307AB37E0882981D3A274CD0CCA6477DD4D0FDD3569D5F832AA2C","pinned_tabs":"5FA3C962B7AD7126E63333DDB1E2F01AA188A85C8601F5B755F05005AB3FA990","prefs":{"preference_reset_time":"846C2680EF8A7A92AE5C72625DD35123421A0E4FE90EC9468BA3FE5F1E5A8775"},"profile":{"reset_prompt_memento":"C91E90A3E4E28E06519F895DE217EAE6BBDF1486A107C0A9B6571BC804B655C6"},"safebrowsing":{"incidents_sent":"3148306CBA680FC9E47E3CC2B191EAFB65E1A2935D715F69F409D3E19D72A3E7"},"search_provider_overrides":"43B990C2C4DDFF34439BB93E44D1A98A34571A26D5650DD215EE656FCADA6B42","session":{"restore_on_startup":"FAB3CECC54D5D901C80EE10A80E015196D4F0567E119A4D20533479EEAD49E10","startup_urls":"D1ECAB808B42B73124FC3B34C5629AFC2C9E6C3AE755C0EEE0980E739F571447"},"software_reporter":{"prompt_reason":"6698B586D9612049356727403716A58259DE81FB2F0CDF601B58BBE39B70DF34","prompt_seed":"A2C0F1D3D0F2797887967AFE33549E97ED08DEC745BF176EC516A5C411CB5B98","prompt_version":"EE98A41BBFA03BBE042C4B1524B8B164F9953F8659F0FCF04BB80CBAC0BD6364"},"sync":{"remaining_rollback_tries":"D3AEC86FBC54B7CEADBFE776DCEE73F69FA79C59BA274BEB96CE60584A3CDDE0"}},"super_mac":"E4CD0162DF347B2567C3EFACD227348DB10B2F1BB716C5606CD019C41FE48D9F"},"session":{"restore_on_startup":5,"startup_urls":[]},"sync":{"remaining_rollback_tries":0}}


==== Chromium Fix ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== Reset Google Chrome ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\mnouckk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\mnouckk\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=352 folders=38 8751910982 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\mnouckk\AppData\Local\Temp will be emptied at reboot
C:\Users\postgres\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\mnouckk\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Łt 21.07.2015 at 22:37:30,63 ======================

[jerabina]

Poprosím tě o nový log z HJT + info o problémech.

[mnouckk]

Pc je znatelně rychlejší, což je super. Jinak, hlavní problém byl ten (asi virus) u Skypu, kdy odesílal sám zprávy s proklikem na adult stránky, maskované jako obrázek. A z Chromu mi zmizely všechny rozšíření (Adblok a Web Trust) - mohu nainstalovat zpátky?



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:07:44, on 21.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\mnouckk\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Dare-U mouse] "C:\Program Files (x86)\uRage Illuminated Driver\Monitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-701642952-2800314590-2487764554-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-701642952-2800314590-2487764554-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-701642952-2800314590-2487764554-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-701642952-2800314590-2487764554-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
O23 - Service: MSI_Trigger_Service - MICRO-STAR INTERNATIONAL CO., LTD. - C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - c:\postgreSQL\bin\pg_ctl.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11958 bytes

[jaro3]

Až po vyčištění si to doinstaluj.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-701642952-2800314590-2487764554-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-701642952-2800314590-2487764554-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.