Kontrola logu

Jaros · Příspěvekod **Jaros** » 29 zář 2016 15:19

Dobrý den,

prosím o kontrolu logu, ntb využíván v domácnosti starší generací. Objevují se prý chybové hlášky, jednu z nich jsem zaznamenal - Program WinThruster přestal pracovat...

Přikládám log z HJT:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:14:34, on 29.9.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16789)

FIREFOX: 48.0.2 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\taskeng.exe
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\MyDrive Connect\MyDriveConnect.exe
C:\Users\notebook\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\Skypee\Phone\Skype.exe
C:\Users\notebook\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost:8092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [MyDriveConnect.exe] "C:\Program Files\MyDrive Connect\MyDriveConnect.exe"
O4 - HKCU\..\Run: [BingSvc] C:\Users\notebook\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skypee\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O8 - Extra context menu item: Export do &Tahiti - C:\Program Files\LightComp eDoklady Skenováni\iehelper.html
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Služba Google Update (gupdate1ca6eb36e821be5) (gupdate1ca6eb36e821be5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skypee\Updater\Updater.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7324 bytes

a z MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 29.9.2016
Čas skenování: 14:57:30
Protokol: vysledky_mbam.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.09.29.06
Databáze rootkitů: v2016.09.26.02
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: notebook

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 272412
Uplynulý čas: 11 min, 49 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 13
PUP.Optional.ConduitTB, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [08e2db9cb9e1f04658c1a1eeef1335cb],
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, , [cf1be295178357df74e65e4de71df40c],
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, , [cf1be295178357df74e65e4de71df40c],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\conduitEngine, , [40aa8aede8b2e65071c2ace68d76f709],
PUP.Optional.uTorrentBar, HKLM\SOFTWARE\uTorrentBar, , [cd1de196603aec4af6045366867dea16],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2786678, , [a7431661b1e9a393d09e2c6562a19f61],
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [34b68aed8c0e65d1701ff1abed16936d],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\APPDATALOW\SOFTWARE\conduitEngine, , [b33722550e8c86b0d35d6a28768df60a],
PUP.Optional.uTorrentBar, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar, , [0bdfa5d27c1e5bdb2ccc9326b94a42be],
PUP.Optional.ICQ, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}, , [ebffd2a52c6ee254568420853ac90000],
PUP.Optional.Conduit, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [21c9e4932476b3833055f9a305feb44c],
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}, , [eefce88fff9bdd595b59ce215ca77e82],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\conduitEngine, , [04e6f582ecae70c635fdfc965ba8f50b],

Hodnoty registru: 12
PUP.Optional.ConduitTB, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{30F9B915-B755-4826-820B-08FBA6BD249D}, Conduit Engine, , [08e2db9cb9e1f04658c1a1eeef1335cb]
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [cf1be295178357df74e65e4de71df40c],
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D4027C7F-154A-4066-A1AD-4243D8127440}, | ÔJ f@ˇBCŘ t@, , [cf1be295178357df74e65e4de71df40c]
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, , [cf1be295178357df74e65e4de71df40c],
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{00000000-6E41-4FD3-8538-502F5495E5FC}, , [df0be790b4e662d410feb146a4603fc1],
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00000000-6E41-4FD3-8538-502F5495E5FC}, , [df0be790b4e662d410feb146a4603fc1],
PUP.Optional.ConduitTB, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [e208eb8c7228f44241d8444bd52dc43c],
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6f7b661162388da91941446772929070],
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678, , [34b68aed8c0e65d1701ff1abed16936d]
PUP.Optional.ICQ, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}|URL, http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd, , [ebffd2a52c6ee254568420853ac90000]
PUP.Optional.Conduit, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678, , [21c9e4932476b3833055f9a305feb44c]
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}|URL, http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYCZ&apn_uid=482E51CD-C1FE-4F1E-9FD5-04701A53A42C&apn_sauid=CAEB252B-CA41-4F24-A013-58D3CAF6C4E4, , [eefce88fff9bdd595b59ce215ca77e82]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 4
PUP.Optional.uTorrentBar, C:\Users\notebook\AppData\LocalLow\uTorrentBar, , [cd1d79feb1e9092dabcbf3cca26052ae],
PUP.Optional.uTorrentBar, C:\Users\notebook\AppData\LocalLow\uTorrentBar\Logs, , [cd1d79feb1e9092dabcbf3cca26052ae],
PUP.Optional.WinThruster, C:\Program Files\WinThruster, , [57939ddab8e270c62b7252752dd5b64a],
PUP.Optional.Solvusoft, C:\Users\notebook\AppData\Roaming\Solvusoft, , [2cbe383f67337fb7f645ae2d877d956b],

Soubory: 9
PUP.Optional.SysTweak, C:\Program Files\WinThruster\unins000.exe, , [ecfe6c0bf5a5a2946955cdf2a958e818],
PUP.Optional.SysTweak, C:\Program Files\WinThruster\WinThruster.exe, , [e40614638e0c63d3a0f84381827f7090],
PUP.Optional.SysTweak, C:\Windows\System32\roboot.exe, , [de0ca5d21c7ed2649ff9784c5ea39b65],
PUP.Optional.WinWrapper, C:\Users\notebook\Downloads\winamp5666_full_all-70401097.exe, , [9753dd9a1e7c0b2bc16697feb24f936d],
PUP.Optional.WinThruster, C:\Windows\Tasks\WinThruster_DEFAULT.job, , [21c966114753b383d40318df58aba45c],
PUP.Optional.WinThruster, C:\Windows\Tasks\WinThruster_UPDATES.job, , [ba3052254555ff372fa8c03746bd43bd],
PUP.Optional.WinThruster, C:\Program Files\WinThruster\unins000.dat, , [57939ddab8e270c62b7252752dd5b64a],
PUP.Optional.WinThruster, C:\Program Files\WinThruster\unins000.msg, , [57939ddab8e270c62b7252752dd5b64a],
PUP.Optional.ASK.Gen, C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\searchplugins\askcom.xml, , [99512f48aaf025116d669cfe7e86e21e],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Reklama

Příspěvekod **jerabina** » 29 zář 2016 18:59

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Jaros · Příspěvekod **Jaros** » 29 zář 2016 23:15

Log z ADWCleaner:

# AdwCleaner v6.020 - Log soubor vytvořen 29/09/2016 na 22:48:37
# Aktualizováno dne 14/09/2016 z ToolsLib
# Databáze : 2016-09-14.2 [Místní]
# Operační systém : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Uživatelské jméno : notebook - NOTEBOOK-HAVELK
# Beží od : C:\Users\notebook\Desktop\AdwCleaner.exe
# Mod: Skenování
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

Nebyly nalezeny žádné škodlivé služby.

***** [ Adresáře ] *****

Složka nalezena: C:\Users\notebook\AppData\Local\MalwareProtectionLive
Složka nalezena: C:\Users\notebook\AppData\LocalLow\AVG Secure Search
Složka nalezena: C:\Users\notebook\AppData\Roaming\Solvusoft
Složka nalezena: C:\Program Files\WinThruster
Složka nalezena: C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search
Složka nalezena: C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Security Toolbar

***** [ Soubory ] *****

Soubor nalezen: C:\Windows\system32\roboot.exe
Soubor nalezen: C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\searchplugins\Askcom.xml
Soubor nalezen: C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Soubor nalezen: C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\searchplugins\bingp.xml
Soubor nalezen: C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Soubor nalezen: C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL soubory.

***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.

***** [ Zástupce ] *****

Žádné infikovaný zástupce nenalezen.

***** [ Plánovač úloh ] *****

Úkol nalezen: WinThruster
Úkol nalezen: WinThruster_DEFAULT
Úkol nalezen: WinThruster_UPDATES
Úkol nalezen: DriverDoc_UPDATES

***** [ Registry ] *****

Klíč nalezen: HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Klíč nalezen: HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Klíč nalezen: HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Klíč nalezen: HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Klíč nalezen: HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Klíč nalezen: HKLM\SOFTWARE\Classes\Conduit.Engine
Klíč nalezen: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Klíč nalezen: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Klíč nalezen: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Klíč nalezen: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.Protector
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíč nalezen: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíč nalezen: HKLM\SOFTWARE\Classes\Search.BrowserWndAPI
Klíč nalezen: HKLM\SOFTWARE\Classes\Search.BrowserWndAPI.1
Klíč nalezen: HKLM\SOFTWARE\Classes\Search.PugiObj
Klíč nalezen: HKLM\SOFTWARE\Classes\Search.PugiObj.1
Klíč nalezen: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Klíč nalezen: HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota nalezena: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Hodnota nalezena: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Hodnota nalezena: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota nalezena: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Hodnota nalezena: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Klíč nalezen: HKU\.DEFAULT\Software\AVG Secure Search
Klíč nalezen: HKU\.DEFAULT\Software\IGearSettings
Klíč nalezen: HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
Klíč nalezen: HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\APN PIP
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AVG Secure Search
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\YahooPartnerToolbar
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AppDataLow\Toolbar
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AppDataLow\Software\AVG Security Toolbar
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AppDataLow\Software\Conduit
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AppDataLow\Software\conduitEngine
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AVG Security Toolbar
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\ICQ\ICQToolbar
Klíč nalezen: HKU\S-1-5-18\Software\AVG Secure Search
Klíč nalezen: HKU\S-1-5-18\Software\IGearSettings
Klíč nalezen: HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar
Klíč nalezen: HKU\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar
Klíč nalezen: HKCU\Software\APN PIP
Klíč nalezen: HKCU\Software\AVG Secure Search
Klíč nalezen: HKCU\Software\YahooPartnerToolbar
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolbar
Klíč nalezen: HKCU\Software\AppDataLow\Toolbar
Klíč nalezen: HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Klíč nalezen: HKCU\Software\AppDataLow\Software\Conduit
Klíč nalezen: HKCU\Software\AppDataLow\Software\conduitEngine
Klíč nalezen: HKLM\SOFTWARE\AVG Secure Search
Klíč nalezen: HKLM\SOFTWARE\AVG Security Toolbar
Klíč nalezen: HKLM\SOFTWARE\Conduit
Klíč nalezen: HKLM\SOFTWARE\conduitEngine
Klíč nalezen: HKLM\SOFTWARE\ICQ\ICQToolbar
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Data nalezena: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnUpdater
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
Hodnota nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Klíč nalezen: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Klíč nalezen: HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Hodnota nalezena: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Hodnota nalezena: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Hodnota nalezena: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Internetové prohlížeče ] *****

Firefox nastavení nalezeno: [C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\prefs.js] - "avg.install.installDirPath" - "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.799"
Firefox nastavení nalezeno: [C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\prefs.js] - "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w
Firefox nastavení nalezeno: [C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\prefs.js] - "browser.search.defaultengine" - "Ask.com"
Firefox nastavení nalezeno: [C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\prefs.js] - "browser.search.order.1" - "Ask.com"
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium báze.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [15084 Bajtů] - [29/09/2016 22:48:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15159 Bajtů] ##########

Log z MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 29.9.2016
Čas skenování: 22:50:50
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.09.29.11
Databáze rootkitů: v2016.09.26.02
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: notebook

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 272028
Uplynulý čas: 11 min, 29 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 13
PUP.Optional.ConduitTB, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [cf20a5d2a2f877bffe1bbed1fd057c84],
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, , [9c53dd9a108adc5a8ad02b805da74cb4],
PUP.Optional.ASK, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, , [9c53dd9a108adc5a8ad02b805da74cb4],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\conduitEngine, , [a54ad6a1d8c284b22c07dab8cb38639d],
PUP.Optional.uTorrentBar, HKLM\SOFTWARE\uTorrentBar, , [40afea8df3a71f17a6542099c53e4bb5],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2786678, , [01ee1265ff9b082e99d55e336d96dc24],
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [7b74b2c5c2d8f442256ae0bc897ac53b],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\APPDATALOW\SOFTWARE\conduitEngine, , [618efd7aadedcb6be848d8ba897a1ee2],
PUP.Optional.uTorrentBar, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar, , [36b9beb9ccce0a2cc830c1f839ca24dc],
PUP.Optional.ICQ, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}, , [747b9bdcf2a8b68035a5aff6d92a8080],
PUP.Optional.Conduit, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, , [f7f8265122784beb463ffaa2a95a5da3],
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}, , [d916c9ae1b7f0d29d8dcec03c93ada26],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\conduitEngine, , [866993e42b6f4fe7e25099f9ae5553ad],

Hodnoty registru: 12
PUP.Optional.ConduitTB, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{30F9B915-B755-4826-820B-08FBA6BD249D}, Conduit Engine, , [cf20a5d2a2f877bffe1bbed1fd057c84]
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [9c53dd9a108adc5a8ad02b805da74cb4],
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D4027C7F-154A-4066-A1AD-4243D8127440}, | ÔJ f@ˇBCŘ t@, , [9c53dd9a108adc5a8ad02b805da74cb4]
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, , [9c53dd9a108adc5a8ad02b805da74cb4],
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{00000000-6E41-4FD3-8538-502F5495E5FC}, , [6b843e392872e650e727896ef60efc04],
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00000000-6E41-4FD3-8538-502F5495E5FC}, , [6b843e392872e650e727896ef60efc04],
PUP.Optional.ConduitTB, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [ca2531468713a59121f8741bea182bd5],
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [8d6277002a700036d882baf1e71d8878],
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678, , [7b74b2c5c2d8f442256ae0bc897ac53b]
PUP.Optional.ICQ, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}|URL, http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd, , [747b9bdcf2a8b68035a5aff6d92a8080]
PUP.Optional.Conduit, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678, , [f7f8265122784beb463ffaa2a95a5da3]
PUP.Optional.ASK, HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}|URL, http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYCZ&apn_uid=482E51CD-C1FE-4F1E-9FD5-04701A53A42C&apn_sauid=CAEB252B-CA41-4F24-A013-58D3CAF6C4E4, , [d916c9ae1b7f0d29d8dcec03c93ada26]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 4
PUP.Optional.uTorrentBar, C:\Users\notebook\AppData\LocalLow\uTorrentBar, , [c12ef186d2c81521aec81ca3867c4fb1],
PUP.Optional.uTorrentBar, C:\Users\notebook\AppData\LocalLow\uTorrentBar\Logs, , [c12ef186d2c81521aec81ca3867c4fb1],
PUP.Optional.WinThruster, C:\Program Files\WinThruster, , [ce216e090694989e435aba0d26dc35cb],
PUP.Optional.Solvusoft, C:\Users\notebook\AppData\Roaming\Solvusoft, , [618e2a4de8b2fa3c46f5c51648bcb050],

Soubory: 9
PUP.Optional.SysTweak, C:\Program Files\WinThruster\unins000.exe, , [1dd2d2a5e8b2ba7c1ca2f2cdc938bc44],
PUP.Optional.SysTweak, C:\Program Files\WinThruster\WinThruster.exe, , [8a6545321387b284c0d813b1e9184bb5],
PUP.Optional.SysTweak, C:\Windows\System32\roboot.exe, , [5e9179fee9b139fd4e4ab60e46bb25db],
PUP.Optional.WinWrapper, C:\Users\notebook\Downloads\winamp5666_full_all-70401097.exe, , [42ad6017b9e12f0751d6bbda33cea060],
PUP.Optional.WinThruster, C:\Windows\Tasks\WinThruster_DEFAULT.job, , [b23d24536535d165e4f3985fe91a946c],
PUP.Optional.WinThruster, C:\Windows\Tasks\WinThruster_UPDATES.job, , [6c83f97e9efcd95d488fd81f4db6847c],
PUP.Optional.WinThruster, C:\Program Files\WinThruster\unins000.dat, , [ce216e090694989e435aba0d26dc35cb],
PUP.Optional.WinThruster, C:\Program Files\WinThruster\unins000.msg, , [ce216e090694989e435aba0d26dc35cb],
PUP.Optional.ASK.Gen, C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\searchplugins\askcom.xml, , [707f7403adeddd5921b2d5c558ac51af],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **Orcus** » 30 zář 2016 10:14

- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu, se ti objeví hláška, tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

====================================================

- Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
- Klikni na „ Smazat“
- Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Jaros · Příspěvekod **Jaros** » 30 zář 2016 11:49

Log z MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 30.9.2016
Čas skenování: 10:24:09
Protokol: nový sken MBAM.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.09.30.05
Databáze rootkitů: v2016.09.26.02
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: notebook

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 272214
Uplynulý čas: 15 min, 23 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Log z Adw:

# AdwCleaner v6.020 - Log soubor vytvořen 30/09/2016 na 10:54:41
# Aktualizováno dne 14/09/2016 z ToolsLib
# Databáze : 2016-09-14.2 [Místní]
# Operační systém : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Uživatelské jméno : notebook - NOTEBOOK-HAVELK
# Beží od : C:\Users\notebook\Desktop\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

***** [ Adresáře ] *****

[-] Adresář smazán:C:\Users\notebook\AppData\Local\MalwareProtectionLive
[-] Adresář smazán:C:\Users\notebook\AppData\LocalLow\AVG Secure Search
[-] Adresář smazán:C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search
[-] Adresář smazán:C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Security Toolbar

***** [ Soubory ] *****

[-] Soubor smazán:C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] Soubor smazán:C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\searchplugins\bingp.xml
[#] Soubor smazán:C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] Soubor smazán:C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupce ] *****

***** [ Plánovač úloh ] *****

[-] Úlohy smazány:WinThruster
[-] Úlohy smazány:DriverDoc_UPDATES

***** [ Registry ] *****

[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Conduit.Engine
[-] Klíč smazán:HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Klíč smazán:HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Klíč smazán:HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Klíč smazán:HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Klíč smazán:HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Search.BrowserWndAPI
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Search.BrowserWndAPI.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Search.PugiObj
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Search.PugiObj.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Klíč smazán:HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Klíč smazán:HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Hodnota smazána:HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Hodnota smazána:HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
[-] Hodnota smazána:HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Hodnota smazána:HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
[-] Hodnota smazána:HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Hodnota smazána:HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
[-] Hodnota smazána:HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
[-] Klíč smazán:HKU\.DEFAULT\Software\AVG Secure Search
[-] Klíč smazán:HKU\.DEFAULT\Software\IGearSettings
[-] Klíč smazán:HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Klíč smazán:HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\APN PIP
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AVG Secure Search
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\YahooPartnerToolbar
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AppDataLow\Toolbar
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AppDataLow\Software\AVG Security Toolbar
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AppDataLow\Software\Conduit
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\AVG Security Toolbar
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\ICQ\ICQToolbar
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\AVG Secure Search
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\IGearSettings
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\AppDataLow\Software\AVG Security Toolbar
[#] Klíč smazán po restartování:HKCU\Software\APN PIP
[#] Klíč smazán po restartování:HKCU\Software\AVG Secure Search
[#] Klíč smazán po restartování:HKCU\Software\YahooPartnerToolbar
[-] Klíč smazán:HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolbar
[#] Klíč smazán po restartování:HKCU\Software\AppDataLow\Toolbar
[#] Klíč smazán po restartování:HKCU\Software\AppDataLow\Software\AVG Security Toolbar
[#] Klíč smazán po restartování:HKCU\Software\AppDataLow\Software\Conduit
[-] Klíč smazán:HKLM\SOFTWARE\AVG Secure Search
[-] Klíč smazán:HKLM\SOFTWARE\AVG Security Toolbar
[-] Klíč smazán:HKLM\SOFTWARE\Conduit
[-] Klíč smazán:HKLM\SOFTWARE\ICQ\ICQToolbar
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
[-] Data obnovena:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Klíč smazán:HKU\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Klíč smazán po restartování:HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnUpdater
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt
[-] Hodnota smazána:HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Klíč smazán:HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Klíč smazán:HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Klíč smazán:HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[#] Klíč smazán po restartování:HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
[-] Hodnota smazána:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[#] Hodnota smazána po restartování:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[#] Hodnota smazána po restartování:HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Prohlížeče ] *****

[-] Firefox nastavení vyčištěno:"avg.install.installDirPath" - "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.799"
[-] Firefox nastavení vyčištěno:"avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live\\.\\w+ isearch\\.avg\\.com mysearch\\.avg\\.com"
[-] Firefox nastavení vyčištěno:"browser.search.defaultengine" - "Ask.com"
[-] Firefox nastavení vyčištěno:"browser.search.order.1" - "Ask.com"

*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [12701 Bajtů] - [30/09/2016 10:54:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [15240 Bajtů] - [29/09/2016 22:48:37]
C:\AdwCleaner\AdwCleaner[S1].txt - [12792 Bajtů] - [30/09/2016 10:45:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12926 Bajtů] ##########

Junkware se mi vůbec nepodařilo nijak spustit

Log z RogueKiller:

RogueKiller V12.6.4.0 [Sep 26 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : notebook [Práva správce]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mód : Prohledat -- Datum : 09/30/2016 11:17:58 (Duration : 00:21:20)

¤¤¤ Procesy : 1 ¤¤¤
[Proc.RunPE] Skype.exe(2104) -- C:\Program Files\Skypee\Phone\Skype.exe[7] -> Nalezeno

¤¤¤ Registry : 11 ¤¤¤
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.asus.com -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.asus.com -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([Czech Republic][Czech Republic][-]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([Czech Republic][Czech Republic][-]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([Czech Republic][Czech Republic][-]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A78DAD0-8BD9-4F2F-A21B-4E4A31EE336E} | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([Czech Republic][Czech Republic][-]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A78DAD0-8BD9-4F2F-A21B-4E4A31EE336E} | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([Czech Republic][Czech Republic][-]) -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3A78DAD0-8BD9-4F2F-A21B-4E4A31EE336E} | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([Czech Republic][Czech Republic][-]) -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Nalezeno

¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP\{DAF2FC56-3F36-4562-A0CB-3535FE9ED563}.exe (--uninstall=1) -> Nalezeno
[Suspicious.Path] \AVG-Secure-Search-Update_JUNE2013_TB_rmv -- C:\Windows\TEMP\{DAF2FC56-3F36-4562-A0CB-3535FE9ED563}.exe (--uninstall=1) -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 4 ¤¤¤
[PUM.Proxy][FIREFX:Config] fzt8g72r.default : user_pref("network.proxy.type", 1); -> Nalezeno
[PUM.HomePage][FIREFX:Config] fzt8g72r.default : user_pref("browser.startup.homepage", "https://www.centrum.cz/"); -> Nalezeno
[PUM.SearchEngine][FIREFX:Config] fzt8g72r.default : user_pref("browser.search.selectedEngine", "Bing "); -> Nalezeno
[PUM.SearchEngine][FIREFX:Config] fzt8g72r.default : user_pref("browser.search.defaultenginename", "Bing "); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9250320AS +++++
--- User ---
[MBR] 4ced5855829d57c8986e42b74a3c9787
[BSP] 897f10bf4f7c37dd737b7d63ac3c71b7 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 10000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 119237 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 264679424 | Size: 109236 MB
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **jaro3** » 30 zář 2016 21:01

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Jaros · Příspěvekod **Jaros** » 01 říj 2016 13:20

Log z RogueKiller

RogueKiller V12.6.4.0 [Sep 26 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : notebook [Práva správce]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mód : Smazat -- Datum : 10/01/2016 11:21:45 (Duration : 00:19:42)

¤¤¤ Procesy : 1 ¤¤¤
[Proc.RunPE] Skype.exe(2516) -- C:\Program Files\Skypee\Phone\Skype.exe[7] -> Zastaveno [TermProc]

¤¤¤ Registry : 11 ¤¤¤
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.asus.com -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.HomePage] HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.asus.com -> Nahrazeno (http://www.microsoft.com/isapi/redir.dl ... ar=msnhome)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([X][X][-]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([X][X][-]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([X][X][-]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A78DAD0-8BD9-4F2F-A21B-4E4A31EE336E} | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([X][X][-]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3A78DAD0-8BD9-4F2F-A21B-4E4A31EE336E} | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([X][X][-]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3A78DAD0-8BD9-4F2F-A21B-4E4A31EE336E} | DhcpNameServer : 93.93.32.32 93.93.33.33 192.168.1.1 ([X][X][-]) -> Nahrazeno ()
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Nahrazeno (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Nahrazeno (1)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Nahrazeno (1)

¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP\{DAF2FC56-3F36-4562-A0CB-3535FE9ED563}.exe (--uninstall=1) -> ERROR [0]
[Suspicious.Path] \AVG-Secure-Search-Update_JUNE2013_TB_rmv -- C:\Windows\TEMP\{DAF2FC56-3F36-4562-A0CB-3535FE9ED563}.exe (--uninstall=1) -> ERROR [0]

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Nahrán) ¤¤¤
[SSDT:Inl(Hook.SSDT)] ZwDeleteAtom[119] : C:\Windows\System32\win32k.sys @ 0xffffffff9bb2ad69 (call dword [0x82d3db84])

¤¤¤ Webové prohlížeče : 4 ¤¤¤
[PUM.Proxy][FIREFX:Config] fzt8g72r.default : user_pref("network.proxy.type", 1); -> Nahrazeno (0)
[PUM.HomePage][FIREFX:Config] fzt8g72r.default : user_pref("browser.startup.homepage", "https://www.centrum.cz/"); -> Nahrazeno (about:home)
[PUM.SearchEngine][FIREFX:Config] fzt8g72r.default : user_pref("browser.search.selectedEngine", "Bing "); -> Smazáno
[PUM.SearchEngine][FIREFX:Config] fzt8g72r.default : user_pref("browser.search.defaultenginename", "Bing "); -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9250320AS +++++
--- User ---
[MBR] 4ced5855829d57c8986e42b74a3c9787
[BSP] 897f10bf4f7c37dd737b7d63ac3c71b7 : HP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 10000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 119237 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 264679424 | Size: 109236 MB
User = LL1 ... OK
User = LL2 ... OK

Log ze Zoek:

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by notebook on so 01.10.2016 at 11:50:22,72.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\notebook\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1.10.2016 11:51:09 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\GUMCB1B.tmp deleted successfully
C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\Opera deleted successfully
C:\Users\notebook\AppData\Roaming\Samsung deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\UrlSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully
HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully
HKEY_USERS\S-1-5-21-2468744986-3110552355-1160561118-1000\Software\Mozilla\Firefox\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\prefs.js:

Added to C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default

user.js not found
---- Lines Search removed from prefs.js ----
user_pref("extensions.xpiState", "{\"app-profile\":{\"bingsearch.full@microsoft.com\":{\"d\":\"C:\\\\Users\\\\notebook\\\\AppData\\\\Roaming\\\\Mozill
---- FireFox user.js and prefs.js backups ----

prefs_01.10.2016_1210_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\GUMCB1B.tmp not found
C:\Program Files\Opera not found
C:\Windows\system32\appdata deleted
C:\procexp.exe deleted
C:\Users\notebook\AppData\Local\Unity deleted
C:\Users\notebook\AppData\LocalLow\Unity deleted
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted
C:\Windows\system32\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted
C:\Windows\system32\tasks\WinThruster deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\Invalidprefs.js deleted

==== Orphaned Tasks deleted from Registry ======================

AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}"="C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension" [17.09.2016 12:41]

==== Firefox Extensions ======================

ProfilePath: C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default
- Bing Search - %ProfilePath%\extensions\bingsearch.full@microsoft.com.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default
421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
3EE8AE0ECFE5D79DE1737A855AD1E84C - C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll - Google Update
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
A3257C59695BD691B433DFF4B3E36C86 - C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll - Silverlight Plug-In
86AB3794B94C1A54AEC884B2C02DF402 - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll - Java(TM) Platform SE 6 U37
3E21E80D10E1033D9C137440554FF724 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 6.0.370.6
DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
274C5170DF9AFE81421F0728BF301682 - C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrlui.dll - Microsoft® Silverlight

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14.05.2013 13:27]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
fcfenmboojpjinhpgggodefccipikbpd - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
HKCU\SearchScopes\{F369C9EE-8BED-4036-8735-875D5EE81650} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_cs

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu deleted successfully

==== Empty IE Cache ======================

C:\Users\notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\notebook\AppData\Local\Mozilla\Firefox\Profiles\fzt8g72r.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=41 folders=28 39942417 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\notebook\AppData\Local\Temp will be emptied at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

Log z Combofix:

ComboFix 16-09-28.01 - notebook 01.10.2016 12:25:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3062.1195 [GMT 2:00]
Spuštěný z: c:\users\notebook\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skypee
c:\program files\Skypee\desktop.ini
c:\program files\Skypee\Phone\Login.cab
c:\program files\Skypee\Phone\RtmCodecs.dll
c:\program files\Skypee\Phone\RtmMediaManager.dll
c:\program files\Skypee\Phone\RtmPal.dll
c:\program files\Skypee\Phone\RtmPltfm.dll
c:\program files\Skypee\Phone\Skype.exe
c:\program files\Skypee\third-party_attributions.txt
c:\program files\Skypee\Updater\Updater.dll
c:\program files\Skypee\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-09-01 do 2016-10-01 )))))))))))))))))))))))))))))))
.
.
2016-10-01 10:12 . 2016-10-01 09:50 24064 ----a-w- c:\windows\zoek-delete.exe
2016-10-01 10:09 . 2016-10-01 10:12 -------- d-----w- C:\zoek
2016-09-30 09:17 . 2016-10-01 09:21 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-30 09:16 . 2016-09-30 09:17 -------- d-----w- c:\program files\RogueKiller
2016-09-30 09:16 . 2016-09-30 09:16 -------- d-----w- c:\programdata\RogueKiller
2016-09-29 20:46 . 2016-09-30 08:54 -------- d-----w- C:\AdwCleaner
2016-09-29 12:55 . 2016-09-30 08:24 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-29 12:55 . 2016-09-29 12:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-09-29 12:55 . 2016-09-29 12:55 -------- d-----w- c:\programdata\Malwarebytes
2016-09-29 12:55 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-29 12:55 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-29 12:55 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-29 12:34 . 2016-09-29 12:34 -------- d-----w- c:\program files\CCleaner
2016-09-17 11:02 . 2016-09-17 11:02 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{157A8B1A-E3A7-4DEE-90C5-CCDD5FF352DC}\offreg.916.dll
2016-09-17 10:41 . 2016-09-17 10:41 -------- d-----w- c:\program files\MSN Toolbar
2016-09-17 10:41 . 2016-09-17 10:41 -------- d-----w- c:\program files\Bing Bar Installer
2016-09-15 03:06 . 2016-09-15 03:06 -------- d-----w- c:\windows\Branding
2016-09-14 17:43 . 2016-09-14 17:43 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{157A8B1A-E3A7-4DEE-90C5-CCDD5FF352DC}\offreg.988.dll
2016-09-03 12:06 . 2016-09-03 12:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{157A8B1A-E3A7-4DEE-90C5-CCDD5FF352DC}\offreg.928.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\MyDriveConnect.exe" [2014-10-03 1792376]
"BingSvc"="c:\users\notebook\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-11-12 144008]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-08-26 6868696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-23 1833504]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2016-08-31 1402792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^notebook^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk]
path=c:\users\notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk
backup=c:\windows\pss\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-10-28 17:49 1067736 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-03-17 12:32 37232 ----a-w- c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-03-17 12:33 33136 ----a-w- c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-18 02:04 7737344 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-01-12 05:40 98304 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-11-20 00:45 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 13:50 96056 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-11-20 00:45 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-11-20 00:45 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-12-23 10:20 6707744 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-12-23 10:21 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-17 10:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-21 16:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-05 19:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d043beba23f9be.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2015-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d043bee484f97e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2015-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0909fcc572834.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2015-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0c2448f686108.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2015-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e359f340a940.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2015-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f17af4dfc234.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2016-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d130477e2f0120.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2016-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15ebe55585686.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2016-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1ac6a34696bd0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2016-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1e97e5859e05c.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
2014-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-26 16:45]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = hxxp://localhost:8092
IE: Export do &Tahiti - c:\program files\LightComp eDoklady Skenováni\iehelper.html
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 93.93.32.32 93.93.33.33 192.168.1.1
FF - ProfilePath - c:\users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{A8D448F4-0431-45AC-9F5E-E1B434AB2249} - (no file)
HKCU-Run-Skype - c:\program files\Skypee\Phone\Skype.exe
HKLM-Run-NPSStartup - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_ActiveSetup-{10880D85-AAD9-4558-ABDC-2AB1552D831F} - c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(724)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Garmin\Device Interaction Service\GarminService.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2016-10-01 13:06:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-10-01 11:04
.
Před spuštěním: Volných bajtů: 64 591 859 712
Po spuštění: Volných bajtů: 63 943 864 320
.
- - End Of File - - F225C26F4952E0C102ADFC199CAA16F6
5C616939100B85E558DA92B899A0FC36

Příspěvekod **jaro3** » 01 říj 2016 14:41

Odinstaluj:
McAfee Security Scan

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Sophos Virus Removal Tool je praktický softwarový nástroj, který by mohl odstranit infekce, které antivirový program nedetekuje .
Stáhněte si ho zde z některého odkazu:
http://www.majorgeeks.com/mg/get/sophos ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,1.html
http://www.majorgeeks.com/mg/getmirror/ ... ool,2.html

Viry mohou zpomalit počítač, nebo se snaží ukrást vaše data, a ani nevíte , že je máte. Co potřebujete, je rychlý a snadný způsob, jak je najít a zbavit se jich, pokud již máte antivirový program v počítači nainstalován , můžete nainstalovat i nástroj Sophos Virus Removal , který identifikuje a vyčistí zbylé infekce, které mohl Váš antivirový program přehlédnout.
K použití Sophos Virus Removal Tool na něj poklepejte a stiskněte tlačítko „Start scanning“ . Pak bude Sophos Virus Removal Tool vyhledávat a odstraňovat viry, které najde. Může být vyžadován restart.

Jaros · Příspěvekod **Jaros** » 02 říj 2016 14:16

Log:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-10-01 23:32:47
-----------------------------
23:32:47.270 OS Version: Windows 6.0.6002 Service Pack 2
23:32:47.270 Number of processors: 2 586 0xF0D
23:32:47.270 ComputerName: NOTEBOOK-HAVELK UserName: notebook
23:33:18.158 Initialize success
23:33:18.236 VM: initialized successfully
23:33:18.236 VM: Intel CPU virtualization not supported
23:33:29.412 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:33:29.412 Disk 0 Vendor: ST925032 0303 Size: 238475MB BusType: 3
23:33:29.536 Disk 0 MBR read successfully
23:33:29.536 Disk 0 MBR scan
23:33:29.552 Disk 0 Windows VISTA default MBR code
23:33:29.568 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10000 MB offset 2048
23:33:29.583 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119237 MB offset 20482048
23:33:29.583 Disk 0 Partition - 00 0F Extended LBA 109236 MB offset 264679424
23:33:29.630 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 109235 MB offset 264681472
23:33:29.646 Disk 0 scanning sectors +488394752
23:33:29.848 Disk 0 scanning C:\Windows\system32\drivers
23:33:41.533 Service scanning
23:33:59.301 Modules scanning
23:33:59.301 Disk 0 trace - called modules:
23:33:59.535 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
23:33:59.551 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c9f8c0]
23:33:59.566 3 CLASSPNP.SYS[8b3a88b3] -> nt!IofCallDriver -> [0x8577b828]
23:33:59.566 5 acpi.sys[806a56bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86139028]
23:33:59.582 Disk 0 statistics 70958/0/0 @ 3,78 MB/s
23:33:59.582 Scan finished successfully
23:39:05.794 Disk 0 MBR has been saved successfully to "C:\Users\notebook\Desktop\MBR.dat"
23:39:05.794 The log file has been saved successfully to "C:\Users\notebook\Desktop\aswMBR.txt"

Sken z druhého programu ok - váš počítač je čistý.

Příspěvekod **jaro3** » 02 říj 2016 14:45

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d043beba23f9be.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d043bee484f97e.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0909fcc572834.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0c2448f686108.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e359f340a940.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f17af4dfc234.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d130477e2f0120.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15ebe55585686.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1ac6a34696bd0.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1e97e5859e05c.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\Update

Registry::
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Jaros · Příspěvekod **Jaros** » 02 říj 2016 15:20

Log z Combofixu:

ComboFix 16-09-28.01 - notebook 02.10.2016 14:51:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3062.1582 [GMT 2:00]
Spuštěný z: c:\users\notebook\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\notebook\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d043beba23f9be.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d043bee484f97e.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0909fcc572834.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0c2448f686108.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e359f340a940.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f17af4dfc234.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d130477e2f0120.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15ebe55585686.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1ac6a34696bd0.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1e97e5859e05c.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.31.5\GoogleUpdate.exe
c:\program files\Google\Update\1.3.31.5\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.31.5\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.31.5\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.31.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.31.5\GoogleUpdateWebPlugin.exe
c:\program files\Google\Update\1.3.31.5\goopdate.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_am.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_ar.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_bg.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_bn.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_ca.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_cs.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_da.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_de.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_el.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_en.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_es.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_et.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_fa.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_fi.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_fil.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_fr.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_gu.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_hi.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_hr.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_hu.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_id.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_is.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_it.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_iw.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_ja.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_kn.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_ko.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_lt.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_lv.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_ml.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_mr.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_ms.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_nl.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_no.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_pl.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_ro.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_ru.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_sk.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_sl.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_sr.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_sv.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_sw.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_ta.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_te.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_th.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_tr.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_uk.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_ur.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_vi.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.31.5\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.31.5\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.31.5\psmachine.dll
c:\program files\Google\Update\1.3.31.5\psmachine_64.dll
c:\program files\Google\Update\1.3.31.5\psuser.dll
c:\program files\Google\Update\1.3.31.5\psuser_64.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.31.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4844B694-939C-44A1-9454-35D6DFD8F885}\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.112\49.0.2623.112_49.0.2623.110_chrome_updater.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.112\49.0.2623.112_chrome_installer.exe
c:\program files\Google\Update\Download\{55C5DE65-6A64-4389-9730-A102A85977DE}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.7619.1252\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\GoogleUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate1ca6eb36e821be5
-------\Legacy_gupdatem
-------\Legacy_gupdate1ca6eb36e821be5
-------\Legacy_gupdatem
-------\Service_gupdate1ca6eb36e821be5
-------\Service_gupdatem
-------\Service_gupdate1ca6eb36e821be5
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-09-02 do 2016-10-02 )))))))))))))))))))))))))))))))
.
.
2016-10-02 12:59 . 2016-10-02 13:01 -------- d-----w- c:\users\notebook\AppData\Local\temp
2016-10-02 12:59 . 2016-10-02 12:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-01 21:44 . 2016-10-01 21:44 -------- d-----w- c:\programdata\Sophos
2016-10-01 21:41 . 2016-10-01 21:41 -------- d-----w- c:\program files\Sophos
2016-10-01 10:12 . 2016-10-01 09:50 24064 ----a-w- c:\windows\zoek-delete.exe
2016-10-01 10:09 . 2016-10-01 10:12 -------- d-----w- C:\zoek
2016-09-30 09:17 . 2016-10-01 09:21 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-09-30 09:16 . 2016-09-30 09:17 -------- d-----w- c:\program files\RogueKiller
2016-09-30 09:16 . 2016-09-30 09:16 -------- d-----w- c:\programdata\RogueKiller
2016-09-29 20:46 . 2016-09-30 08:54 -------- d-----w- C:\AdwCleaner
2016-09-29 12:55 . 2016-09-30 08:24 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-29 12:55 . 2016-09-29 12:56 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-09-29 12:55 . 2016-09-29 12:55 -------- d-----w- c:\programdata\Malwarebytes
2016-09-29 12:55 . 2016-03-10 12:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-29 12:55 . 2016-03-10 12:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-29 12:55 . 2016-03-10 12:08 24448 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-09-29 12:34 . 2016-09-29 12:34 -------- d-----w- c:\program files\CCleaner
2016-09-17 11:02 . 2016-09-17 11:02 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{157A8B1A-E3A7-4DEE-90C5-CCDD5FF352DC}\offreg.916.dll
2016-09-17 10:41 . 2016-09-17 10:41 -------- d-----w- c:\program files\MSN Toolbar
2016-09-17 10:41 . 2016-09-17 10:41 -------- d-----w- c:\program files\Bing Bar Installer
2016-09-15 03:06 . 2016-09-15 03:06 -------- d-----w- c:\windows\Branding
2016-09-14 17:43 . 2016-09-14 17:43 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{157A8B1A-E3A7-4DEE-90C5-CCDD5FF352DC}\offreg.988.dll
2016-09-03 12:06 . 2016-09-03 12:06 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{157A8B1A-E3A7-4DEE-90C5-CCDD5FF352DC}\offreg.928.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\MyDriveConnect.exe" [2014-10-03 1792376]
"BingSvc"="c:\users\notebook\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-11-12 144008]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-08-26 6868696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-23 1833504]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2016-08-31 1402792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^notebook^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk]
path=c:\users\notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk
backup=c:\windows\pss\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-10-28 17:49 1067736 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-03-17 12:32 37232 ----a-w- c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-03-17 12:33 33136 ----a-w- c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-18 02:04 7737344 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2008-01-12 05:40 98304 ----a-w- c:\program files\ASUS\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-11-20 00:45 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 13:50 96056 ----a-w- c:\program files\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-11-20 00:45 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-11-20 00:45 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-12-23 10:20 6707744 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-12-23 10:21 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-17 10:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-21 16:20 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-12-05 19:12 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = hxxp://localhost:8092
IE: Export do &Tahiti - c:\program files\LightComp eDoklady Skenováni\iehelper.html
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 93.93.32.32 93.93.33.33 192.168.1.1
FF - ProfilePath - c:\users\notebook\AppData\Roaming\Mozilla\Firefox\Profiles\fzt8g72r.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-10-02 15:04
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(728)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Garmin\Device Interaction Service\GarminService.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkový čas: 2016-10-02 15:06:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-10-02 13:06
ComboFix2.txt 2016-10-01 11:07
.
Před spuštěním: Volných bajtů: 64 505 384 960
Po spuštění: Volných bajtů: 64 269 582 336
.
- - End Of File - - BF7E0BDC914A4A35581703FD6510EA8F
5C616939100B85E558DA92B899A0FC36

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:10:50, on 2.10.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16789)

FIREFOX: 49.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\MyDrive Connect\MyDriveConnect.exe
C:\Users\notebook\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Users\notebook\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost:8092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [MyDriveConnect.exe] "C:\Program Files\MyDrive Connect\MyDriveConnect.exe"
O4 - HKCU\..\Run: [BingSvc] C:\Users\notebook\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O8 - Extra context menu item: Export do &Tahiti - C:\Program Files\LightComp eDoklady Skenováni\iehelper.html
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 5253 bytes

Příspěvekod **jaro3** » 03 říj 2016 09:25

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Aktualizuj javu:
http://www.oracle.com/technetwork/java/ ... 33155.html
Java SE Runtime Environment 8

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-8-windows-i586-p.exe nebo
jre-8-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Co problémy?

Kontrola logu Vyřešeno

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Kdo je online