Prosím o kotrolu logu :) Vyřešeno

[orogo]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:59:49, on 19. 8. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16384)

FIREFOX: 40.0.2 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Lukáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
D:\Hry a DJing\DJing\Traktor DJ Studio 3\TraktorDJStudio3.exe
D:\Hry a DJing\DJing\Traktor DJ Studio 3\TraktorDJStudio3.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Lukáš\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lukáš\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3520 series.lnk = ?
O4 - Global Startup: Qualcomm Atheros Killer Network Manager.lnk = C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Windows\SysWOW64\MSIService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10150 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[orogo]

# AdwCleaner v5.002 - Logfile created 20/08/2015 at 13:18:53
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Lukáš - NOTEBOOK
# Running from : C:\Users\Lukáš\Desktop\adwcleaner_5.002.exe
# Option : Scan

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\ExpressFiles
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Avg_Update_0814tb
Folder Found : C:\Users\Lukáš\AppData\Local\genienext
Folder Found : C:\Users\Lukáš\AppData\Local\Mobogenie
Folder Found : C:\Users\Lukáš\AppData\Local\Popajar
Folder Found : C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
Folder Found : C:\Users\Lukáš\AppData\Roaming\defaulttab
Folder Found : C:\Users\Lukáš\AppData\Roaming\ExpressFiles
Folder Found : C:\Users\Lukáš\AppData\Roaming\newnext.me
Folder Found : C:\Users\Lukáš\AppData\Roaming\OpenCandy

***** [ Files ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Found : C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
File Found : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Found : HKU\.DEFAULT\Software\DefaultTab
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\Popajar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
Key Found : [x64] HKCU\Software\AVG Security Toolbar
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\Popajar
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Avg Secure Update

***** [ Web browsers ] *****

[C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\prefs.js] [Preference] Found : user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"hxxps://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"hxxp://www.google.com\"},{\"name\":\"Yahoo\",\"value[...]
[C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : chfdnecihphmhljaaejmgoiahnihplgn
[C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : hxxps://mysearch.avg.com/search?cid={2515E603-C697-4AC1-81AC-C3D8320C205B}&mid=82f08c04983647d29d2ef54322aed8e4-2801b45d065fe2538c1ab65ae2d832a32d017034&lang=cs&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-29 16:23:37&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}",
"usage_count": 0
}
},
"extensions": {
"settings": {
"ahfgeienlihckogmohjhadlkjgocpleb": {
"active_permissions": {
"api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "t",
"commands": {

},
"content_settings": [ ],
"creation_flags": 1,
"events": [ ],
"from_bookmark": false,
"from_webstore": false,
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"install_time": "13049916685094304",
"location": 5,
"manifest": {
"app": {
"launch": {
"web_url": "hxxps://chrome.google.com/webstore"
},
"urls": [ "hxxps://chrome.google.com/webstore" ]
},
"description": "Chrome Web Store",
"icons": {
"128": "webstore_icon_128.png",
"16": "webstore_icon_16.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
"name": "Obchod",
"permissions": [ "webstorePrivate", "management" ],
"version": "0.2"
},
"page_ordinal": "n",
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\web_store",
"preferences": {

},
"regular_only_preferences": {

},
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"aohghmighlieiainnegkcijnfilokake": {
"ack_external": true,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "w",
"content_settings": [ ],
"creation_flags": 137,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"initial_keybindings_set": true,
"install_time": "13049916695902470",
"lastpingday": "13062672002974819",
"location": 1,
"manifest": {
"api_console_project_id": "619683526622",
"app": {
"launch": {
"local_path": "main.html"
}
},
"container": "GOOGLE_DRIVE",
"current_locale": "cs",
"default_locale": "en_US",
"description": "Vytvářejte a upravujte dokumenty",
"icons": {
"128": "icon_128.png",
"16": "icon_16.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB",
"manifest_version": 2,
"name": "Dokumenty Google",
"offline_enabled": true,
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "0.7"
},
"page_ordinal": "n",
"path": "aohghmighlieiainnegkcijnfilokake\\0.7_0",
"preferences": {

},
"regular_only_preferences": {

},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"apdfllckaahabafndbhieahigkjlhalf": {
"ack_external": true,
"active_permissions": {
"api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "x",
"content_settings": [ ],
"creation_flags": 137,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"install_time": "13049916697229470",
"lastpingday": "13062672002974819",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxps://drive.google.com/?usp=chrome_app"
},
"urls": [ "hxxp://docs.google.com/", "hxxp://drive.google.com/", "hxxps://docs.google.com/", "hxxps://drive.google.com/" ]
},
"background": {
"allow_js_access": false
},
"current_locale": "cs",
"default_locale": "en_US",
"description": "Disk Google: vytvářejte, sdílejte a ukládejte soubory na jednom místě.",
"icons": {
"128": "128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB",
"manifest_version": 2,
"name": "Disk Google",
"offline_enabled": true,
"options_page": "hxxps://drive.google.com/settings",
"permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
"update_url": "hxxp://clients2.google.com/service/update2/crx",
"version": "6.3"
},
"page_ordinal": "n",
"path": "apdfllckaahabafndbhieahigkjlhalf\\6.3_0",
"preferences": {

},
"regular_only_preferences": {

},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"bepbmhgboaologfdajaanbcjmnhjmhfn": {
"disable_reasons": 1,
"state": 0
},
"blpcfgokakmgnkcojhhkbfbldkacnbeo": {
"ack_external": true,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "z",
"content_settings": [ ],
"creation_flags": 153,
"events": [ ],
"from_bookmark": true,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"install_time": "13049917386451444",
"lastpingday": "13062672002974819",
"location": 1,
"manifest": {
"app": {
"launch": {
"container": "tab",
"web_url": "hxxp://www.youtube.com/?feature=ytca"
},
"web_content": {
"enabled": true,
"origin": "hxxp://www.youtube.com"
}
},
"current_locale": "cs",
"default_locale": "en",
"description": "Nejoblíbenější komunita online videa na světě.",
"icons": {
"128": "128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB",
"manifest_version": 2,
"name": "YouTube",
"permissions": [ "appNotifications" ],
"update_url": "hxxp://clients2.google.com/service/update2/crx",
"version": "4.2.6"
},
"page_ordinal": "n",
"path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0",
"preferences": {

},
"regular_only_preferences": {

},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"chfdnecihphmhljaaejmgoiahnihplgn": {
"ack_settings_bubble": true,
"active_permissions": {
"api": [ "browsingData", "cookies", "downloads", "downloadsInternal", "history", "homepage", "management", "nativeMessaging", "searchProvider", "startupPages", "tabs", "unlimitedStorage", "webNavigation", "webRequest", "webRequestBlocking" ],
"explicit_host": [ "\u003Call_urls>", "chrome://favicon/*" ],
"manifest_permissions": [ ],
"scriptable_host": [ "\u003Call_urls>" ]
},
"commands": {
"_execute_page_action": {
"suggested_key": "Alt+Shift+P",
"was_assigned": true
}
},
"content_settings": [ ],
"creation_flags": 9,
"events": [ ],
"extension_can_script_all_urls": true,
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ "browsingData", "cookies", "downloads", "downloadsInternal", "history", "homepage", "management", "nativeMessaging", "searchProvider", "startupPages", "tabs", "unlimitedStorage", "webNavigation", "webRequest", "webRequestBlocking" ],
"explicit_host": [ "\u003Call_urls>", "chrome://favicon/*" ],
"manifest_permissions": [ ],
"scriptable_host": [ "\u003Call_urls>" ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {

},
"initial_keybindings_set": true,
"install_time": "13062755646660034",
"lastpingday": "13062672002974819",
"location": 1,
"manifest": {
"background": {
"page": "background.html",
"persistent": true
},
"chrome_settings_overrides": {
"homepage": "hxxps://mysearch.avg.com/?rvt=1",
"search_provider": {
"encoding": "UTF-8",
"favicon_url": "hxxps://mysearch.avg.com/favicon.ico",
"is_default": true,
"keyword": "hxxps://mysearch.avg.com",
"name": "AVG Secure Search

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [16164 bytes] ##########

[orogo]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 20. 8. 2015
Čas skenování: 13:35
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.20.03
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Lukáš

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 430227
Uplynulý čas: 18 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 9
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [0c0766a53a51ef4710051d82f50da060],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [0c0766a53a51ef4710051d82f50da060],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [0c0766a53a51ef4710051d82f50da060],
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjbbjfdilbioabojmcplalojlmdngbjl, , [c350c14a4c3ff54181509bb4da29fb05],
PUP.Optional.UpdateCheckerApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\UpdateCheckerApp, , [060ddc2f355675c18b1ca681a45f13ed],
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, , [c44fdd2e7c0fcb6b2ba0b46b40c3a759],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18\SOFTWARE\DefaultTab, , [0112df2c414a89ada54115218a798f71],
PUP.Optional.DefaultTab.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, , [a76c7a9199f242f486ba7ced15eeaf51],
PUP.Optional.Popajar.A, HKU\S-1-5-21-1601099711-3423381135-1255973783-1002\SOFTWARE\POPAJAR, , [947f32d9d6b5a78ff35876b763a04ab6],

Hodnoty registru: 1
PUP.Optional.Popajar.A, HKU\S-1-5-21-1601099711-3423381135-1255973783-1002\SOFTWARE\POPAJAR|UpdateNotifierPath, C:\Users\Lukáš\AppData\Local\Popajar\UpdateChecker\UpdateNotifier.exe, , [947f32d9d6b5a78ff35876b763a04ab6]

Data registru: 2
PUM.Hijack.TaskManager, HKU\S-1-5-21-1601099711-3423381135-1255973783-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Dobré: (0), Špatné: (1),,[8c87799209822d09c1dbc78b808501ff]
PUM.Hijack.Regedit, HKU\S-1-5-21-1601099711-3423381135-1255973783-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Dobré: (0), Špatné: (1),,[37dcb259e7a4f73fc78557fa40c5e61a]

Složky: 11
PUP.Optional.OpenCandy, C:\Users\Lukáš\AppData\Roaming\OpenCandy, , [c64ddc2f3f4c38fe128e2eb86999d62a],
PUP.Optional.OpenCandy, C:\Users\Lukáš\AppData\Roaming\OpenCandy\145DEE1281B94DDEAC17B8E2880E8FB7, , [c64ddc2f3f4c38fe128e2eb86999d62a],
PUP.Optional.NextLive.A, C:\Users\Lukáš\AppData\Roaming\newnext.me, , [4bc825e6cebd85b158bf92569e64e818],
PUP.Optional.NextLive.A, C:\Users\Lukáš\AppData\Roaming\newnext.me\cache, , [4bc825e6cebd85b158bf92569e64e818],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\bitstreams, , [ea29c14a2f5c4ceadcb96088877b0df3],
PUP.Optional.SmileysWeLove.A, C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\jetpack\jid1-vW9nopuIAJiRHw@jetpack, , [8291ee1d3d4e3ff74591f8fedf23a55b],
PUP.Optional.SmileysWeLove.A, C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\jetpack\jid1-vW9nopuIAJiRHw@jetpack\simple-storage, , [8291ee1d3d4e3ff74591f8fedf23a55b],
PUP.Optional.DefaultTab.A, C:\Users\Lukáš\AppData\Roaming\defaulttab, , [a370fb10583351e5ea62e8138b7756aa],
PUP.Optional.DefaultTab.A, C:\Users\Lukáš\AppData\Roaming\defaulttab\defaulttab, , [a370fb10583351e5ea62e8138b7756aa],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, , [868dd2391774f640bae142d346bd867a],

Soubory: 17
PUP.Optional.NextLive.A, C:\Users\Lukáš\AppData\Roaming\newnext.me\nengine.cookie, , [4bc825e6cebd85b158bf92569e64e818],
PUP.Optional.NextLive.A, C:\Users\Lukáš\AppData\Roaming\newnext.me\cache\spark.bin, , [4bc825e6cebd85b158bf92569e64e818],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\diablo130302.cl, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\diakgcn121016.cl, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\libcurl-4.dll, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\libeay32.dll, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\libidn-11.dll, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\librtmp.dll, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\libssh2.dll, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\phatk121016.cl, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\poclbm130302.cl, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\scrypt130511.cl, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\ssleay32.dll, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\zlib1.dll, , [ea29c14a2f5c4ceadcb96088877b0df3],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [ea29c14a2f5c4ceadcb96088877b0df3],
PUP.Optional.SmileysWeLove.A, C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\jetpack\jid1-vW9nopuIAJiRHw@jetpack\simple-storage\store.json, , [8291ee1d3d4e3ff74591f8fedf23a55b],
PUP.Optional.DefaultTab.A, C:\Users\Lukáš\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe, , [a370fb10583351e5ea62e8138b7756aa],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[orogo]

# AdwCleaner v5.002 - Logfile created 20/08/2015 at 16:43:34
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Lukáš - NOTEBOOK
# Running from : C:\Users\Lukáš\Desktop\adwcleaner_5.002.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\ExpressFiles
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[-] Folder Deleted : C:\Users\Lukáš\AppData\Local\genienext
[-] Folder Deleted : C:\Users\Lukáš\AppData\Local\Mobogenie
[-] Folder Deleted : C:\Users\Lukáš\AppData\Local\Popajar
[-] Folder Deleted : C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Folder Deleted : C:\Users\Lukáš\AppData\Roaming\defaulttab
[-] Folder Deleted : C:\Users\Lukáš\AppData\Roaming\ExpressFiles
[-] Folder Deleted : C:\Users\Lukáš\AppData\Roaming\newnext.me
[-] Folder Deleted : C:\Users\Lukáš\AppData\Roaming\OpenCandy

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
[-] File Deleted : C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\invalidprefs.js

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\DefaultTab
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
[-] Key Deleted : HKCU\Software\AVG Security Toolbar
[-] Key Deleted : HKCU\Software\ExpressFiles
[-] Key Deleted : HKCU\Software\Popajar
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE}
[!] Key Not Deleted : [x64] HKCU\Software\AVG Security Toolbar
[!] Key Not Deleted : [x64] HKCU\Software\ExpressFiles
[!] Key Not Deleted : [x64] HKCU\Software\Popajar
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update

***** [ Web browsers ] *****

[-] [C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\prefs.js] [Preference] Deleted : user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"hxxps://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"hxxp://www.google.com\"},{\"name\":\"Yahoo\",\"value[...]
[-] [C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn
[-] [C:\Users\Lukáš\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted :

*************************

:: Proxy settings cleared
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4597 bytes] ##########

[orogo]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows_NT x64
Ran by Luk ç on źt 20. 08. 2015 at 16:52:19,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Luk ç\AppData\Roaming\mozilla\firefox\profiles\2nvwrygt.default\prefs.js

user_pref(avg.wtu.ext.dnsWhiteList, toolbarhome.com,avg.com);
user_pref(avg.wtu.ext.extHomepage, hxxps://mysearch.avg.com?pid=wtu&sg=&ci ... 5d065fe253
user_pref(avg.wtu.ext.extParams, {\action\:\extParams\,\data\:{\searchParams\:{\pid\:\wtu\,\cid\:\{ff2cac7a-647f-4f2d-b36d-e5629393be9b}\,\mid\:\0f09f41d
user_pref(avg.wtu.ext.guardWhiteList, toolbarhome.com,avg.com);
Emptied folder: C:\Users\Luk ç\AppData\Roaming\mozilla\firefox\profiles\2nvwrygt.default\minidumps [20 files]



~~~ Chrome


[C:\Users\Luk ç\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Luk ç\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Luk ç\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Luk ç\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 20. 08. 2015 at 16:54:15,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[orogo]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 20. 8. 2015
Čas skenování: 17:01
Protokol: test.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.20.04
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Lukáš

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 430008
Uplynulý čas: 16 min, 59 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 2
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\fjbbjfdilbioabojmcplalojlmdngbjl, , [bd579576028991a52fccba95a3600df3],
PUP.Optional.UpdateCheckerApp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\UpdateCheckerApp, , [46ce40cb6e1dc175349dfc2b34cf956b],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 2
PUM.Hijack.TaskManager, HKU\S-1-5-21-1601099711-3423381135-1255973783-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Dobré: (0), Špatné: (1),,[61b38e7dd3b83df99433df73f31212ee]
PUM.Hijack.Regedit, HKU\S-1-5-21-1601099711-3423381135-1255973783-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Dobré: (0), Špatné: (1),,[c252729998f363d3beb9024fbf462dd3]

Složky: 4
Trojan.Agent.BCM, C:\Windows\INF\mncudripx, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\bitstreams, , [8b89838815769a9cfbaaae3a897949b7],
PUP.Optional.SmileysWeLove.A, C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\jetpack\jid1-vW9nopuIAJiRHw@jetpack, , [51c3eb20761558de549247afa45eb14f],
PUP.Optional.SmileysWeLove.A, C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\jetpack\jid1-vW9nopuIAJiRHw@jetpack\simple-storage, , [51c3eb20761558de549247afa45eb14f],

Soubory: 14
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\diablo130302.cl, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\diakgcn121016.cl, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\libcurl-4.dll, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\libeay32.dll, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\libidn-11.dll, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\librtmp.dll, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\libssh2.dll, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\phatk121016.cl, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\poclbm130302.cl, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\scrypt130511.cl, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\ssleay32.dll, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\zlib1.dll, , [8b89838815769a9cfbaaae3a897949b7],
Trojan.Agent.BCM, C:\Windows\INF\mncudripx\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [8b89838815769a9cfbaaae3a897949b7],
PUP.Optional.SmileysWeLove.A, C:\Users\Lukáš\AppData\Roaming\Mozilla\Firefox\Profiles\2nvwrygt.default\jetpack\jid1-vW9nopuIAJiRHw@jetpack\simple-storage\store.json, , [51c3eb20761558de549247afa45eb14f],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[orogo]

RogueKiller V10.10.1.0 (x64) [Aug 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10240) 64 bits version
Spuštěno : Normální režim
Uživatel : Luká? [Práva správce]
Started from : C:\Users\Luká?\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 08/20/2015 17:39:17

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1601099711-3423381135-1255973783-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://msi13.msn.com -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1601099711-3423381135-1255973783-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://msi13.msn.com -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bf0a9482-f8bb-44a3-90f9-042774b5f5e3} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f64b930d-24ce-4c38-9901-d57b84246443} | DhcpNameServer : 81.30.241.2 213.195.222.2 ([CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bf0a9482-f8bb-44a3-90f9-042774b5f5e3} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f64b930d-24ce-4c38-9901-d57b84246443} | DhcpNameServer : 81.30.241.2 213.195.222.2 ([CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)]) -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1601099711-3423381135-1255973783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1601099711-3423381135-1255973783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] a4efed1ff2a4a3754dc14f121348841b
[BSP] c048b727fa444e2466d49fdf75336c5e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1230848 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1845248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2107392 | Size: 479688 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 984510464 | Size: 489 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 985511936 | Size: 450 MB
6 - Basic data partition | Offset (sectors): 986433536 | Size: 214615 MB
7 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1425965056 | Size: 19132 MB
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.


Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

[orogo]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 20. 8. 2015
Čas skenování: 20:21
Protokol: 123.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.20.05
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Lukáš

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 430540
Uplynulý čas: 15 min, 57 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 20. 8. 2015
Čas skenování: 20:21
Protokol: 123.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.20.05
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Lukáš

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 430540
Uplynulý čas: 15 min, 57 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[orogo]

RogueKiller V10.10.1.0 (x64) [Aug 17 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10240) 64 bits version
Spuštěno : Normální režim
Uživatel : Luká? [Práva správce]
Started from : C:\Users\Luká?\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 08/20/2015 20:49:25

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1601099711-3423381135-1255973783-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://msi13.msn.com -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1601099711-3423381135-1255973783-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://msi13.msn.com -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bf0a9482-f8bb-44a3-90f9-042774b5f5e3} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f64b930d-24ce-4c38-9901-d57b84246443} | DhcpNameServer : 81.30.241.2 213.195.222.2 ([CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bf0a9482-f8bb-44a3-90f9-042774b5f5e3} | DhcpNameServer : 10.0.0.138 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f64b930d-24ce-4c38-9901-d57b84246443} | DhcpNameServer : 81.30.241.2 213.195.222.2 ([CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)]) -> Nahrazeno ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1601099711-3423381135-1255973783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1601099711-3423381135-1255973783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0x20]) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] a4efed1ff2a4a3754dc14f121348841b
[BSP] c048b727fa444e2466d49fdf75336c5e : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 600 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1230848 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1845248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2107392 | Size: 479688 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 984510464 | Size: 489 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 985511936 | Size: 450 MB
6 - Basic data partition | Offset (sectors): 986433536 | Size: 214615 MB
7 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1425965056 | Size: 19132 MB
User = LL1 ... OK
User = LL2 ... OK