C:\WINDOWS\system32\cmd.exe

[huhto]

jen doufam že pujde odstranit prosim pomozte

[Reklama]

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

[huhto]

RogueKiller V10.9.4.0 (x64) [Jul 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : B?eta a Milá?ek [Práva správce]
Started from : C:\Users\B?eta a Milá?ek\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 08/10/2015 17:06:18

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤AC

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 2d35d44118884082efb757ce3b7fca33
[BSP] 37a3239771826a9248e70b0b8205f8a7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 299450 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 613480448 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 176938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[huhto]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Býeta a Mil źek on 10.08.2015 at 17:08:52,62.
Microsoft Windows 10 Pro 10.0.10240 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\BETAAM~1\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10.08.2015 17:10:16 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\apps deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\BETAAM~1\AppData\Local\Adobe deleted successfully
C:\Users\BETAAM~1\AppData\Local\Opera Software deleted successfully
C:\Users\BETAAM~1\AppData\Local\PeerDistRepub deleted successfully
C:\Users\BETAAM~1\AppData\Local\VirtualStore deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\apps not found
C:\Users\BETAAM~1\AppData\Local\30559 deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [09.08.2015 00:45]

==== Chromium Look ======================

Google Chrome Version: 44.0.2403.130

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[09.08.2015 00:45]

Seznam Lištička - Email - BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig
Seznam Lištička - Slovník - BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd
OneTab - BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
Avast Online Security - BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Seznam Lištička - Rychlá volba - BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak

==== Chromium Startpages ======================

C:\Users\BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Preferences
,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13083540197943929","lastpingday":"13083663603820442","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"cs","default_locale":"en","description":"Rychlý e-mail s možností vyhledávání a menším množstvím spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_1","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"account_id":"huhto@seznam.cz","last_username":"huhto@seznam.cz"}},"homepage":"http://www.seznam.cz/","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"5243A19AB02392DEEA5E5851D3F062C774E38E517ABD3C4E237CF001F3BF1A1B"},"default_search_provider":{"keyword":"7974E3F99F8746B3E5572CA85C418648DAF0AE925847CEA7D221586F6BF0C205","name":"1307F9D37B9532B39B9F98ECD80FF0F9470EF42C73E6BE2780143F474EAB5E4D","search_url":"E30655D370C1B338C9324EE4C3A2023F7A9DB4C1EEDDCFFCA740B8DC829FCC04"},"default_search_provider_data":{"template_url_data":"E422E2F115CEEB683998D1533504241E52F14D2DDE159A18527C0A1DEE1F3866"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"9FC2C5BE5A34A3DF7943C32F0D513C0D345C334E321AD34DF433386C79DCB800","apdfllckaahabafndbhieahigkjlhalf":"63488821BF4FA800C301F64DB10855AA8C52D08462B754CB9A4B77B7987A3593","bepbmhgboaologfdajaanbcjmnhjmhfn":"EBE890F19D16D2732499901DA3F6A116D389600C35766D56A9967243EABFF4DF","bgjpfhpjcgdppjbgnpnjllokbmcdllig":"16AE1808C1C3D2E16FFF8182A6DAEF024BCB781E3105D5E428BFD7A95D71FF34","blmojkbhnkkphngknkmgccmlenfaelkd":"C23BC49CD1CB955CBAED42F7616774DB7804B0FE2DF2FD200A98413FE6519981","blpcfgokakmgnkcojhhkbfbldkacnbeo":"3424E9919B20EB6833772E97C0347B934123F09D95E4AA998BF73761F883D2DA","chphlpgkkbolifaimnlloiipkdnihall":"B80CCF2CB35FF49DD3BE67229B7B24EF500C6A01A8AB64547D9D6FF18D22A133","coobgpohoikkiipiblmjeljniedjpjpf":"F110B7B154CB6181E2AA69DA2CFABD400A1DD3EC7DF8AAEAE5077DAF65E9AD56","eemcgdkfndhakfknompkggombfjjjeno":"D5925F0FF6FD997F365D042B4F83962EC76E7F8D92CB691A57C1B9DB77415696","ennkphjdgehloodpbhlhldgbnhmacadg":"77703185888D7AADD794B169FBBA80DFB1B3AA729F8B8BBB15D93FC20EB9C0A1","gfdkimpbcpahaombhbimeihdjnejgicl":"C7F5262D5C674801C0BD1C3F6B46AA28C73AD032001F5B249C0D11398174425A","gomekmidlodglbbmalcneegieacbdmki":"9CD52DA4462F3E76B0617ADAE45DBA810FC35E0B7582C1246C88AC095818E115","kmendfapggjehodndflmmgagdbamhnfd":"F2FF456CCD334ECF7D8C891DA5DBDA603648696E7664064CE0ACDD33C16C43E4","mfehgcgbbipciphmccgaenjidiccnmng":"5001BC212EB9CD363179D56AEF2172EA652363547A3EE30471311D88AC79D443","mfffpogegjflfpflabcdkioaeobkgjik":"3F8341368CDD9D4B682FDFCD0A64B9C0467C19E17A9C92422353E67667B9F86D","mgndgikekgjfcpckkfioiadnlibdjbkf":"D3DF56425FFB4BAC8D909424C11C113CAF244A118EE48038E01780B2972F6388","mhjfbmdgcfjbbpaeojofohoefgiehjai":"9E11EEC705D1071796C0BA4CCCD655D66CA47AD46643177216F29C76D7A03222","neajdppkdcdipfabeoofebfddakdcjhd":"ADB6801515505850631E9ECF33E154E54E1A1FB3166ABB886DBDFA50C6C5E317","nkeimhogjdpnpccoofpliimaahmaaome":"E62584B127DF9CF3498D6719E4A57BCE1F8054299D3C5FC38D5BE628C262A11F","nmmhkkegccagdldgiimedpiccmgmieda":"6B82347BAD6228711EAB3D0408F2F29015070348508C4E41E6E0D37BA73EC2B3","olfeabkoenfaoljndfecamgilllcpiak":"02A947B4907CB108ED1FAA1B9721951C0828D11591B8A0DA4FE0506DBA1CEE83","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"7CFA2CAFE2E21FE79D7797CB27AE89120CBF10355C43C1745048E9F0DC614A7E","pjkljhegncpnkpknbcohdijeoejaedia":"033BD7BFECED170AB14D77DE0316C9445A3FAA010789D5EF6D7AEBC5BF28C1EE"}},"google":{"services":{"account_id":"E271E7917D29A5B7788135DD5F51F3D4DED03B237A55353B593DCD47726E00DD","last_username":"FDDB0830AC6E914E9D7378F21D038F84F26E20DCCDD313A17E6792BC6177FF80","username":"0124DC5815E52FD89D5404767E160C6DA50006FC3416B4981EADD2EE0ABCAD9F"}},"homepage":"5FED99C2899C8C94A27558F2459D806C59FDA573C595D82DDC2E6026A822BA72","homepage_is_newtabpage":"E4A4DA57ECB3F109856C7226DF330306C85C9CE6CD387B8B192C4E1D3C9EF9BE","pinned_tabs":"61BD218EA9FCB7F6976212D40C2A352FC1C59A4F219C5459693C4C0748003CCB","prefs":{"preference_reset_time":"B8C21929999CFAF0DBA37C0990137506307047A27848839C05604665C6E19D18"},"profile":{"reset_prompt_memento":"F445AD7F563510FF10CDA8313496F0618536E700646A4E3256419C1734D022A4"},"safebrowsing":{"incidents_sent":"78128DD4AD0C23D03FE06B76A5FC88139BFCD417190EAD64ED12D9713D6F3DDE"},"search_provider_overrides":"7FA38694B3263236EBBE217F3D6EBEFBB126E50F5C6BCD06935CDF9103C7A85A","session":{"restore_on_startup":"795B5714C506CD56173D50F2939A22C40002FCCEE80AE0C598CCAD02239FFFB7","startup_urls":"B9245397AA4AAD40A2935CE081F6BCAE2A0DC5F7E82756CF8567DC4A8F910094"},"software_reporter":{"prompt_reason":"30E4561EDBEA99D34275CD9A0C4934410F68D2B739BEB4FDA6AAC50665D411FE","prompt_seed":"9CD12DD2D5FD252D678234DA19C53BC3E5D981F19FAC9158AA7B31268F47E1E0","prompt_version":"7CAFCD54FA1C32F44A7987800670827355676BADC6CEE258A5BC6DA101BA9B51"},"sync":{"remaining_rollback_tries":"FD633DCBB09290809960938093884E7CD90CDA45EB8D81B384576DFD0AC0D11A"}},"super_mac":"F706352C510835DD35CDA115A4FE3BA5636DC005C1A8A0B9777026DFC1EDAE82"},"session":{"restore_on_startup":4,"startup_urls":["https://www.seznam.cz/"]},"sync":{"remaining_rollback_tries":0}}


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\BETAAM~1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\BETAAM~1\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\BETAAM~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\BETAAM~1\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\BETAAM~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=1 1017 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\BETAAM~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 10.08.2015 at 17:21:10,67 ======================

[huhto]

tak doufam že jsem udělal vše spravně

[jaro3]

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.