HJT log, prevence Vyřešeno

[Renee]

Ahoj, prosím o preventivní kontrolu logu. Počítač sice funguje víceméně dobře, je už to ale stará rachotina a mezi klávesnicí a židlí je tak trochu blbec, takže pro jistotu kontrola zas po půl roce. :) Mockrát děkuju!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:48:18, on 24.7.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QIP\qip.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe
C:\5e4a44efa1a239e4fe52a4ce02d8ae\Setup.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [QIP2005] C:\Program Files (x86)\QIP\qip.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\gssupp~1\assist~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Služba zařazování tisku (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Služba Windows Media Player Network Sharing (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10262 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[Renee]

ADW:

# AdwCleaner v4.208 - Log vytvořen 24/07/2015 v 09:26:15
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-15.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Renee - RENEE-JE-BUH
# Spuštěno z : C:\Users\Renee\Ostatní\Desktop\adwcleaner_4.208.exe
# Nastavení : Sken

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files (x86)\gs supporter
Složka Nalezeno : C:\Users\Renee\AppData\Roaming\OpenCandy
Složka Nalezeno : C:\Users\Renee\AppData\Roaming\RHEng

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Data Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\gssupp~1\assist~1.dll
Data Nalezeno : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - Supporter\Assistant_x64.dll
Klíč Nalezeno : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Klíč Nalezeno : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Klíč Nalezeno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Nalezeno : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Klíč Nalezeno : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Klíč Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}
Klíč Nalezeno : HKLM\SOFTWARE\Trymedia Systems

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v12.0 (cs)


-\\ Google Chrome v43.0.2357.134

[C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://isearch.avg.com/search?cid={0601E1E3-5B52-4991-BA47-351DF10F6227}&mid=854798549efa47d0b3d2a113f06cf7d4-f5c845c6db490679ca6eab25fb85908206edd5fe&lang=cs&ds=st011&pr=sa&d=2012-05-28 19:05:40&v=11.1.0.7&sap=dsp&q={searchTerms}
[C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Homepage] : hxxp://www.seznam.cz/","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"37D5F2B93F18E73F59D465FAAE7FB1232C3538885C7E1E0F4319451662CF3943"},"default_search_provider":{"keyword":"13E26B9C209F9F3E675A3D86D4A9072713EF73BFD507D88876CA1C894419FD0A","name":"F9B44287B487F00A1EBAAA7CEC95D6BE3A8FDB881E3A8AE826496660A809B283","search_url":"BAE8B271407E274572AF839B148C9ECFB3F6431D2950FE879063B758C13663D8"},"default_search_provider_data":{"template_url_data":"3B0C211977BF3365394D56CC55787E22301D682ED56C9D946AE80E23A59071A2"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"625A043365CFA5724B45A345F50CCE90B7BD9DEC2ACF40481DABE02351D39B6B","bepbmhgboaologfdajaanbcjmnhjmhfn":"4F04B60ED8B4DDC10036EEB24F5449914DE80A78C2F33034342626892E6857A2","blpcfgokakmgnkcojhhkbfbldkacnbeo":"4C8802DB9A1D8C9449DBD708A400D102B0719F5ACA4614C9C34EF9B554A94827","bpeljgffcopafeidfoemmmdaajkepadp":"E97008F726CD1747BCBD78ACD320E5E9F6E3B2221F8B3DABF06691871AB3DF36","cehdakiococlfmjcbebbkjkfjhbieknh":"B653BC5FCC23F88B64E5D43E044A1325B90AAC649D36165901C6D5DCC6304831","coobgpohoikkiipiblmjeljniedjpjpf":"4C0D709CA1CC6647D7211B747FE51BBF4DA7B1C421C54C33EE455B010ABDCFA7","edgbhipncfdgcekflcoelhmnkcfdfjcl":"ECC794D754EE69DE8F5A3A76FA4FACE9A9BD6C018B4A5AC28034F19CA499775E","eemcgdkfndhakfknompkggombfjjjeno":"188DA8FEBD224D35181C001DD125819263EB3680128A8B832BBEEE698D3B3B38","efjjgphedlaihnlgaibiaihhmhaejjdd":"615614390CB173ABBD500F8F364F44005231A21C811601C7A464D3CE674274FF","ennkphjdgehloodpbhlhldgbnhmacadg":"BC1B25E075DD9C493A25DE7506AD8AA1A67DAEF3AE9E451F1BE5A897C3BA5134","fnjbmmemklcjgepojigaapkoodmkgbae":"6D9115A1CB75104E032954D66231A8005924F49BF7CD9ADD09A94CC37E9E728B","gfdkimpbcpahaombhbimeihdjnejgicl":"94B2525232D01E8B3B7286CF6021C3AD967B9F843128ADCFF28C25C4D622053E","gighmmpiobklfepjocnamgkkbiglidom":"A8CDC5F33BBA65711DFE64BCCCF850ED450AA0CF7B307ECBB53C027217E637FF","gomekmidlodglbbmalcneegieacbdmki":"46A92B6FEBC4121FECC0DA6FCAC52AF77D0933BC66169AE06CC76BD69E7E34D3","gpdfjahpadlpfnfheehpddpcllihfkmm":"0E36A9FDABDD52C260E39DD1F64CA03F2B831808133E592F1F0B41B7E642E90E","icmlaeflemplmjndnaapfdbbnpncnbda":"A5C2B69E76D9928EF01BEC0ADA476244612C789BF385E85ACB4DF57048E6AB61","jfchnphgogjhineanplmfkofljiagjfb":"D6BFE4C5BA89A6ECBE23F4696E86BA8A082FF579C089DC852E9319087F05D915","kmendfapggjehodndflmmgagdbamhnfd":"0524001C06C3D49D2336F6AE732461AD6B24EAC7E2754454ACFA5EFD9354B517","mabenbhpjlchigbbpafligkdnlhjbmel":"3C5216AD58DD99675E56063DCC761C0CE56C5F5A814F84B25AACD5743F29EE5A","mblbciejcodpealifnhfjbdlkedplodp":"B3CFAA693A76C24870D11C3815E6B9A5667382B6804A16D44C5236CEB3C2C055","mfehgcgbbipciphmccgaenjidiccnmng":"A49B186DE5F6B1F2B3D27B279C97700E1F6A5FF1F5253609D75C03D64DD255C9","mgndgikekgjfcpckkfioiadnlibdjbkf":"4F1147F452A4C4D95F878F4E88C5F19812751D47FCA9BC33414435B255477511","mhjfbmdgcfjbbpaeojofohoefgiehjai":"F70CE74085E4A22B099B8095395AC9D3604D61BC05D1BEDEA3E1D490D7451F0F","mhpdbcnfpodnaefldpdohoibdajcfabp":"30EBE57163DED093EAFA8FE5BF3DE38B140B6F794F1512FC58410A047F1E4FBA","neajdppkdcdipfabeoofebfddakdcjhd":"6208DD62E969B21983C98B44E9733F937E229FE34DFFC44B20CDD620C18CC624","nkeimhogjdpnpccoofpliimaahmaaome":"FC766B265133D5B6833CFBC4EB8B55C12369A4B340BAEDF8E08D239B3F8E430E","nmmhkkegccagdldgiimedpiccmgmieda":"C1F1B0CE45CAEB2B1047516FB1F52E3E7F0ABF401B7604015F34C453B9D3BBC6","nneajnkjbffgblleaoojgaacokifdkhm":"47C208F258F5C9C4DE695C4B1F7651AF728A5ABB0A7A88AD4657D0D41DC9120D","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"273151C37F922A351ADE03F4623BDE27B2F2A341DEA40C767D7BD02005C89A94","pjkljhegncpnkpknbcohdijeoejaedia":"FE23303E2A0D296A2738A7C3FD676F4D5C84AD2B1E000C27BF8EDA36F425992A"}},"google":{"services":{"last_username":"01578A258765FF1E6A7F749023916E86ACB3758D87AF11A710CF24571199E3FD","username":"2F982AF4589FDD73DC2176631FB57BC327388E9811A17E6271DDE3C2C24A74A1"}},"homepage":"ED8022F3B2A614F47D5B7290766049A2A232F8C28FB23FA3AEE21FE1A1DA515C","homepage_is_newtabpage":"4C02F11074CD19898E1A474A21F56B10446D7C62ED3C124431E61C24D823A5DB","pinned_tabs":"74109E4EE342E883A8F618D56ED137954410563B9CE17638C79AE08612151BB6","prefs":{"preference_reset_time":"6838B46B4966FAE091D221E593F2CADEE03030EAD5403251D940C36423F730C8"},"profile":{"reset_prompt_memento":"B6AADCA14E3F411351C2D73D572116F9A651FCEB50F212E982976D9BF420CE29"},"safebrowsing":{"incidents_sent":"959B02EFA8822FC74978B0793A4E48FB3E5C5CF47F582B47078C3A6990B5F9C5"},"search_provider_overrides":"121F9A886502722579D0AD2FF77E15A181FBDF2A310BDA56CA6E0C804DA0A1B2","session":{"restore_on_startup":"49F062F710E2EC0D84E771512763DE06F91CD0D17B3AA9325BAB130807861D29","startup_urls":"F5CB24515AC1B28D0EAC2AB5B40EFCD9620EC63117BDE5DE37A17896862F27D6"},"software_reporter":{"prompt_reason":"D037281B00FAAAB575114CE94F9A91468D24A318CD46582AD902DB2BE7825F35","prompt_seed":"0267E908453C3C674C5FFD9B17270EF3C6E7FBEC5167C5D641DB5E56A9B39686","prompt_version":"E376B9C1171103031B7A74DC34ACA05963719BF61C4E0E0ED32A2A23B328042A"},"sync":{"remaining_rollback_tries":"98155875E4E96D4EC3880BE874C78D58CA96ECB78CFE2B809427F2AF5D52E553"}},"super_mac":"24647CDE9B584A76369036E2F04058CDA8219ADF2BC2402E9D94E7B8ED5FD535"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://isearch.avg.com/?cid={0601E1E3-5B52-4991-BA47-351DF10F6227}&mid=854798549efa47d0b3d2a113f06cf7d4-f5c845c6db490679ca6eab25fb85908206edd5fe&lang=cs&ds=st011&pr=sa&d=2012-05-28 19:05:40&v=11.1.0.7&sap=hp
[C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Nalezeno [Startup_URLs] : F5CB24515AC1B28D0EAC2AB5B40EFCD9620EC63117BDE5DE37A17896862F27D6"},"software_reporter":{"prompt_reason":"D037281B00FAAAB575114CE94F9A91468D24A318CD46582AD902DB2BE7825F35","prompt_seed":"0267E908453C3C674C5FFD9B17270EF3C6E7FBEC5167C5D641DB5E56A9B39686","prompt_version":"E376B9C1171103031B7A74DC34ACA05963719BF61C4E0E0ED32A2A23B328042A"},"sync":{"remaining_rollback_tries":"98155875E4E96D4EC3880BE874C78D58CA96ECB78CFE2B809427F2AF5D52E553"}},"super_mac":"24647CDE9B584A76369036E2F04058CDA8219ADF2BC2402E9D94E7B8ED5FD535"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://isearch.avg.com/?cid={0601E1E3-5B52-4991-BA47-351DF10F6227}&mid=854798549efa47d0b3d2a113f06cf7d4-f5c845c6db490679ca6eab25fb85908206edd5fe&lang=cs&ds=st011&pr=sa&d=2012-05-28 19:05:40&v=11.1.0.7&sap=hp

*************************

AdwCleaner[R0].txt - [8643 bytů] - [24/07/2015 09:26:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8701 bytů] ##########

[Renee]

MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 24.7.2015
Čas skenování: 9:32
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.24.03
Databáze rootkitů: v2015.07.22.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Renee

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 371477
Uplynulý čas: 33 min, 34 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 3
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [eba89c49dcae3cfaf50a4c4b74907789],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}, , [8e05994ce5a5d4625bfa0e8829db59a7],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [029104e194f6c96d1ce342559c68ea16],

Hodnoty registru: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [eba89c49dcae3cfaf50a4c4b74907789]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [029104e194f6c96d1ce342559c68ea16]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 4
PUP.Optional.OpenCandy, C:\Users\Renee\AppData\Roaming\OpenCandy, , [0c87c61fe1a9b4823300706721e18779],
PUP.Optional.OpenCandy, C:\Users\Renee\AppData\Roaming\OpenCandy\05827130C7D247D4A7A5E2E6959B7EC4, , [0c87c61fe1a9b4823300706721e18779],
PUP.Optional.Supporter.A, C:\Program Files (x86)\GS Supporter, , [880b4d9811797eb8e18811dd7c869070],
PUP.Optional.BlueOcean.A, C:\ProgramData\BlueOcean\Setup, , [553e964f5337270f49c640afec1658a8],

Soubory: 10
Trojan.SProtector, C:\Program Files (x86)\GS Supporter\trz26B2.tmp, , [c7cce5002d5dca6c0340de3a6b96be42],
Trojan.SProtector, C:\Program Files (x86)\GS Supporter\trz428C.tmp, , [d6bdd114870344f2a79cdd3b35ccc13f],
Trojan.SProtector, C:\Program Files (x86)\GS Supporter\trz82F6.tmp, , [f2a14a9bb6d40e2877cc21f700011ce4],
Trojan.SProtector, C:\Program Files (x86)\GS Supporter\trzC83F.tmp, , [6e25a1445139df57e3b53500e120e818],
Trojan.SProtector, C:\Program Files (x86)\GS Supporter\trzC89E.tmp, , [7a19eef76624e55163e1eb2d9d64649c],
PUP.Optional.Supporter.A, C:\Program Files (x86)\GS Supporter\trz26B2.tmp, , [880b4d9811797eb8e18811dd7c869070],
PUP.Optional.Supporter.A, C:\Program Files (x86)\GS Supporter\trz428C.tmp, , [880b4d9811797eb8e18811dd7c869070],
PUP.Optional.Supporter.A, C:\Program Files (x86)\GS Supporter\trz82F6.tmp, , [880b4d9811797eb8e18811dd7c869070],
PUP.Optional.Supporter.A, C:\Program Files (x86)\GS Supporter\trzC83F.tmp, , [880b4d9811797eb8e18811dd7c869070],
PUP.Optional.Supporter.A, C:\Program Files (x86)\GS Supporter\trzC89E.tmp, , [880b4d9811797eb8e18811dd7c869070],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Renee]

ADW:

# AdwCleaner v4.208 - Log vytvořen 24/07/2015 v 12:16:56
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-15.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Renee - RENEE-JE-BUH
# Spuštěno z : C:\Users\Renee\Ostatní\Desktop\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Program Files (x86)\gs supporter
Složka Smazáno : C:\Users\Renee\AppData\Roaming\OpenCandy
Složka Smazáno : C:\Users\Renee\AppData\Roaming\RHEng

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}
Klíč Smazáno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíč Smazáno : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Klíč Smazáno : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Klíč Smazáno : HKLM\SOFTWARE\Trymedia Systems
Data Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\gssupp~1\assist~1.dll
Data Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - Supporter\Assistant_x64.dll

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v12.0 (cs)


-\\ Google Chrome v43.0.2357.134

[C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Homepage] :
[C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Startup_URLs] : F5CB24515AC1B28D0EAC2AB5B40EFCD9620EC63117BDE5DE37A17896862F27D6"},"software_reporter":{"prompt_reason":"D037281B00FAAAB575114CE94F9A91468D24A318CD46582AD902DB2BE7825F35","prompt_seed":"0267E908453C3C674C5FFD9B17270EF3C6E7FBEC5167C5D641DB5E56A9B39686","prompt_version":"E376B9C1171103031B7A74DC34ACA05963719BF61C4E0E0ED32A2A23B328042A"},"sync":{"remaining_rollback_tries":"98155875E4E96D4EC3880BE874C78D58CA96ECB78CFE2B809427F2AF5D52E553"}},"super_mac":"9035D04D945D8C8454E3F430B4FC7F108DAF733AF1F0FBC804B2E48A3C2B18CD"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://isearch.avg.com/?cid={0601E1E3-5B52-4991-BA47-351DF10F6227}&mid=854798549efa47d0b3d2a113f06cf7d4-f5c845c6db490679ca6eab25fb85908206edd5fe&lang=cs&ds=st011&pr=sa&d=2012-05-28 19:05:40&v=11.1.0.7&sap=hp

*************************

AdwCleaner[R0].txt - [8783 bytů] - [24/07/2015 09:26:15]
AdwCleaner[R1].txt - [8220 bytů] - [24/07/2015 12:15:53]
AdwCleaner[S0].txt - [2660 bytů] - [24/07/2015 12:16:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2718 bytů] ##########

[Renee]

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by Renee on p  24.07.2015 at 12:22:11,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Renee\Appdata\Local\{4186B6BB-6A1E-492C-9593-56A3336AD157}



~~~ Chrome


[C:\Users\Renee\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Renee\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Renee\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Renee\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  24.07.2015 at 12:36:36,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Renee]

MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 24.7.2015
Čas skenování: 12:38
Protokol: mbam.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.24.04
Databáze rootkitů: v2015.07.22.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Renee

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 370867
Uplynulý čas: 30 min, 35 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Do karantény, [c2d23fa6a8e281b5a5777127788c60a0],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Do karantény, [7b192eb70387f640cb513f59669ee020],

Hodnoty registru: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Do karantény, [c2d23fa6a8e281b5a5777127788c60a0]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Do karantény, [7b192eb70387f640cb513f59669ee020]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 1
PUP.Optional.BlueOcean.A, C:\ProgramData\BlueOcean\Setup, Do karantény, [4f4513d279110c2ab478747b778b55ab],

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Renee]

RogueKiller:

RogueKiller V10.9.3.0 (x64) [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Renee [Práva správce]
Started from : C:\Users\Renee\Ostatní\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 07/24/2015 13:27:30

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\Renee\AppData\Local\Temp\ALSysIO64.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\Renee\AppData\Local\Temp\ALSysIO64.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\Renee\AppData\Local\Temp\ALSysIO64.sys) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A} | DhcpNameServer : 188.175.124.254 94.74.192.252 ([X][X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A} | DhcpNameServer : 188.175.124.254 94.74.192.252 ([(Unknown Country?) (XX)][X]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A} | DhcpNameServer : 188.175.124.254 94.74.192.252 ([X][X]) -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5055GSXN +++++
--- User ---
[MBR] a4292b01354702e108e3f548f3780813
[BSP] ff613acdde63499a65df77e0af498375 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 238470 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 489207808 | Size: 238069 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SONY Mass storage USB Device +++++
--- User ---
[MBR] df22171d68366bc5439a6d5e9e32d977
[BSP] 19c5c922c20cd0f0716c3776b3ce30bc : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] HIBER (0xa0) [VISIBLE] Offset (sectors): 4284574052 | Size: 854113 MB
1 - [XXXXXX] UNKNOWN (0x64) [VISIBLE] Offset (sectors): 168689525 | Size: 953964 MB
2 - [XXXXXX] UNKNOWN (0x6a) [VISIBLE] Offset (sectors): 778201452 | Size: 1314189 MB
3 - [XXXXXX] UNKNOWN (0x75) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Renee]

RogueKiller (pardon za ten připojenej telefon před chvílí, já jelito nabíjel baterku....):

RogueKiller V10.9.3.0 (x64) [Jul 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Renee [Práva správce]
Started from : C:\Users\Renee\Ostatní\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 07/24/2015 16:13:42

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\Renee\AppData\Local\Temp\ALSysIO64.sys) -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\Renee\AppData\Local\Temp\ALSysIO64.sys) -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\Renee\AppData\Local\Temp\ALSysIO64.sys) -> Smazáno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A} | DhcpNameServer : 188.175.124.254 94.74.192.252 ([X][X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A} | DhcpNameServer : 188.175.124.254 94.74.192.252 ([X][X]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A} | DhcpNameServer : 188.175.124.254 94.74.192.252 ([(Unknown Country?) (XX)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhostSmazáno

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5055GSXN +++++
--- User ---
[MBR] a4292b01354702e108e3f548f3780813
[BSP] ff613acdde63499a65df77e0af498375 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 400 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 821248 | Size: 238470 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 489207808 | Size: 238069 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[Renee]

ZOEK:


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Renee on p  24.07.2015 at 16:15:29,49.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Renee\Ostatní\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24.7.2015 16:20:13 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\DVDVideoSoft deleted successfully
C:\PROGRA~2\Hi-Rez Studios deleted successfully
C:\PROGRA~2\InstallJammer Registry deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\Pando Networks deleted successfully
C:\PROGRA~2\Pinnacle deleted successfully
C:\PROGRA~2\Ubisoft deleted successfully
C:\PROGRA~3\BioWare deleted successfully
C:\PROGRA~3\BlueOcean deleted successfully
C:\PROGRA~3\Freemake deleted successfully
C:\PROGRA~3\Sony Ericsson deleted successfully
C:\Users\Renee\AppData\Roaming\My Games deleted successfully
C:\Users\Renee\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Renee\AppData\Local\GameSpy deleted successfully
C:\Users\Renee\AppData\Local\Unity deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\hfvzcg6f.default\prefs.js:

Added to C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\hfvzcg6f.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Borderlands The Pre-Sequel not found
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\DVDVideoSoft not found
C:\PROGRA~2\Hi-Rez Studios not found
C:\PROGRA~2\InstallJammer Registry not found
C:\PROGRA~2\Pando Networks not found
C:\PROGRA~2\Pinnacle not found
C:\PROGRA~2\Ubisoft not found
C:\Users\Renee\.android deleted
C:\install.exe deleted
C:\Users\Renee\AppData\Roaming\trace_FilterInstaller.1.txt deleted
C:\Users\Renee\AppData\Roaming\trace_FilterInstaller.txt deleted
C:\Users\Renee\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt deleted
C:\PROGRA~3\InstallMate deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\hfvzcg6f.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21.07.2015 19:06]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.134

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fnjbmmemklcjgepojigaapkoodmkgbae - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx[08.02.2011 02:17]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17.03.2015 19:40]
jfmjfhklogoienhpfnppmbcbjfjnkonk - No path found[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx[08.02.2011 02:17]

AdBlock - Renee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Chromium Startpages ======================

C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Preferences
s":["script.js"],"matches":["http://*/*","https://*/*"],"run_at":"document_end"}],"current_locale":"cs","default_locale":"en","description":"Increase performance and video formats for your HTML5 \u003Cvideo>","icons":{"128":"divx128x128.png","48":"divx48x48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgKGj4sjJKwOs1NkcicEV4Rkq2kpG7jM+u/UGvcCzxtLTjUIbJ80v6eoI33XmcwiKILCymnIX591nlTXDOI+eHeHUAY42f3SIeh/bDlea9T6MMJXW1Fh7ZuG30QKivxtzwKSSgrspwbBTauN6Rq3FGoDrv2L9rNwmYBrUPA8Z4awIDAQAB","name":"DivX Plus Web Player HTML5 \u003Cvideo>","permissions":["tabs"],"version":"2.1.1.94"},"path":"nneajnkjbffgblleaoojgaacokifdkhm\\2.1.1.94_0","preferences":{},"regular_only_preferences":{},"state":2,"was_installed_by_default":false,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/*","https://*.googleusercontent.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13082206761928603","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/gcm","https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleapis.com/gcm/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.134\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"37D5F2B93F18E73F59D465FAAE7FB1232C3538885C7E1E0F4319451662CF3943"},"default_search_provider":{"keyword":"13E26B9C209F9F3E675A3D86D4A9072713EF73BFD507D88876CA1C894419FD0A","name":"F9B44287B487F00A1EBAAA7CEC95D6BE3A8FDB881E3A8AE826496660A809B283","search_url":"BAE8B271407E274572AF839B148C9ECFB3F6431D2950FE879063B758C13663D8"},"default_search_provider_data":{"template_url_data":"3B0C211977BF3365394D56CC55787E22301D682ED56C9D946AE80E23A59071A2"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"E6DD1A8DA5F1809BAA0445F81A5BA1D733390D2AEC0754DC32CC2494CBC49C72","bepbmhgboaologfdajaanbcjmnhjmhfn":"4F04B60ED8B4DDC10036EEB24F5449914DE80A78C2F33034342626892E6857A2","eemcgdkfndhakfknompkggombfjjjeno":"8A99041D0B39AE9C07748EA4710130C3F7FEB6140784460C96A2ED25CFD4D767","ennkphjdgehloodpbhlhldgbnhmacadg":"830DD3E4DD474BDF045CBE8AB6EE3BA91A6F2CCC2684326DE1A530C7D39CFEE3","fnjbmmemklcjgepojigaapkoodmkgbae":"FB737BC0049F9056D944D71E6609CA42C6654FC4CAEAFF510846C5B76E3EEE0A","gfdkimpbcpahaombhbimeihdjnejgicl":"D75F989D45449A52E63FD9AC1CB55FBC329DD1F9DF0ACB8518C3150F3DBA8F99","gighmmpiobklfepjocnamgkkbiglidom":"B75B80ECA8C7CFD1673CE73D4E0F202C7B83C992A411599B4AB55105607D0ED0","gomekmidlodglbbmalcneegieacbdmki":"7C31BE518631A4732E6CF7ED2CCD4EC57DE0EAA37DE469513C66951B9A59A8EE","kmendfapggjehodndflmmgagdbamhnfd":"DB324ED965F944E80083C09C5B44FE0E10EED9A0934A19A3F3DD2FAED7E0AA8B","mfehgcgbbipciphmccgaenjidiccnmng":"34969348FB64604E23BA07E7FAB73C7FDBE62C58610D928A523332D405B216D1","mgndgikekgjfcpckkfioiadnlibdjbkf":"8AA12D4BC0FF7E9F58A00D0E24DD12499D52BD2EF5F10E45C0BF012D0F03E64F","mhjfbmdgcfjbbpaeojofohoefgiehjai":"9EF01807A49A0A8A393761CE599171A09FD2F37A16668521E8E6E071E89D0942","neajdppkdcdipfabeoofebfddakdcjhd":"F7BFBCC69C1A05C8928103CC2DDD0C9114ABB883736394C417DD2FDC032AFACB","nkeimhogjdpnpccoofpliimaahmaaome":"85EC624E08F7419FAE2BF9D4F2D7BF2ED4DB6B7A3ACD4FF10C48619E2A9C9BF2","nneajnkjbffgblleaoojgaacokifdkhm":"BF24C14B9F56F301ABECF4BD1B812F4B815DE23DAF71605C05D2CEB44D467C71","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"F0E605055BAD768EEBD071AF7422D4F0EA2C8CE685AAF3500398ACE9FD4A58C4"}},"google":{"services":{"last_username":"7B14943E7F41EBED4BB8D94A6EC120409FD26B5955B840571B39E87E417C5CA2","username":"D73A42C0845868488182D1E90E3FA5F49B04A8CBC08E4C3C2CD3868AFE5DEAF9"}},"homepage":"E2C406E480C5D8196151D48FC35CE29B2F267AC1C8E7C08F18A40AE74A147A73","homepage_is_newtabpage":"DEF55D4B069C6942ECC29B8FF470B6C1DF34E27C37EEEA6C6DF596F9AB03DBA4","pinned_tabs":"74109E4EE342E883A8F618D56ED137954410563B9CE17638C79AE08612151BB6","prefs":{"preference_reset_time":"6838B46B4966FAE091D221E593F2CADEE03030EAD5403251D940C36423F730C8"},"profile":{"reset_prompt_memento":"B6AADCA14E3F411351C2D73D572116F9A651FCEB50F212E982976D9BF420CE29"},"safebrowsing":{"incidents_sent":"959B02EFA8822FC74978B0793A4E48FB3E5C5CF47F582B47078C3A6990B5F9C5"},"search_provider_overrides":"121F9A886502722579D0AD2FF77E15A181FBDF2A310BDA56CA6E0C804DA0A1B2","session":{"restore_on_startup":"FD04D68A592B34376F7BEEE68EA732D69D3B66451D65EBF205E0C72993FB3C3D","startup_urls":"EADF54AB60013B7F8FDC12D0023848EA5E833EE4E24E9BC2535F6D0853F519CD"},"software_reporter":{"prompt_reason":"D037281B00FAAAB575114CE94F9A91468D24A318CD46582AD902DB2BE7825F35","prompt_seed":"0267E908453C3C674C5FFD9B17270EF3C6E7FBEC5167C5D641DB5E56A9B39686","prompt_version":"E376B9C1171103031B7A74DC34ACA05963719BF61C4E0E0ED32A2A23B328042A"},"sync":{"remaining_rollback_tries":"D9D7E05D20993B6F553853B31D8450DEF7B86BBF599D603022EAE957193491D1"}},"super_mac":"4D376EFF8001AB36527D9DD9629AA951BC189694B1F58F962B5A01A73BB97072"}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"
{8F03F7D7-77CF-4CB2-B6B5-0EDE85D86312} Amazon Url="http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2"
{B8D6ABE8-47E1-4F1F-9DE6-BB77CC8BFA4B} eBay Url="http://rover.ebay.com/rover/1/710-71511-9400-6/4?satitle={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\d1168939-7377-42e6-a074-3edb7db0b9bd deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Renee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Renee\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=5 2544624 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Renee\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Renee\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on p  24.07.2015 at 16:42:48,76 ======================