log z MbAM:
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 4. 6. 2015
Čas skenování: 19:52:45
Protokol: log1.txt
Správce: Ano
Verze: 2.01.6.1022
Databáze malwaru: v2015.06.04.04
Databáze rootkitů: v2015.06.02.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Nerissa
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 414858
Uplynulý čas: 31 min, 5 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 9
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Do karantény, [9123585e4149999d444e84fed035867a],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Do karantény, [1e969521dcae8babab203cab758e02fe],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Do karantény, [bafab8fef9917bbbd6bc7c06f51050b0],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Do karantény, [ded6397d3b4f8da961edf68728dd9c64],
PUP.Optional.AppLid.A, HKU\S-1-5-21-1834309096-558221076-1079066713-1001\SOFTWARE\App Lid-nv-ie, Do karantény, [2193ad09c5c589ada193fb05f2122fd1],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1834309096-558221076-1079066713-1001\SOFTWARE\CinemaPlus-3.2cV05.05-nv-ie, Do karantény, [694b7343f397a39335f9e41aa95aee12],
PUP.Optional.GeForce.A, HKU\S-1-5-21-1834309096-558221076-1079066713-1001\SOFTWARE\Ge-Force-nv-ie, Do karantény, [b6fe932381090531415744329f668f71],
PUP.Optional.Sense.A, HKU\S-1-5-21-1834309096-558221076-1079066713-1001\SOFTWARE\Sense-nv-ie, Do karantény, [e0d4dadcdcaee551012a2f48ed1841bf],
PUP.Optional.ReImageRepair.A, HKU\S-1-5-21-1834309096-558221076-1079066713-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Do karantény, [9024a412f6941e180b61265d976e5aa6],
Hodnoty registru: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Do karantény, [9123585e4149999d444e84fed035867a]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Do karantény, [bafab8fef9917bbbd6bc7c06f51050b0]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 2
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\bitstreams, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Soubory: 29
Riskware.BitcoinMiner, C:\Users\Nerissa\AppData\Roaming\omc_trollkill\setup.rar, Do karantény, [a311d0e672182d09a49af880c33e2cd4],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncaulj.exe, Do karantény, [4371b1052f5bbb7bb6d795f2f60c4cb4],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncbsdxi.exe, Do karantény, [30848a2cdfabc4725934b8cfdc26ba46],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncjvfsbm.exe, Do karantény, [773d08aeef9b53e3c2cb7c0b6d9510f0],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncsqty.exe, Do karantény, [cce8c7ef1f6b1e181b7252355ca65da3],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncaulj.exe, Do karantény, [486c4076addd90a698f023758b77d030],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncbsdxi.exe, Do karantény, [8331dcda692182b4493f960251b16f91],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncjvfsbm.exe, Do karantény, [cee6575fdab0a88e8cfc8315966c6d93],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncsqty.exe, Do karantény, [5064a0164b3f2d092c5cfb9d04fe9868],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncaulj.exe, Do karantény, [00b4a4126f1b3ff7aae9c480a16028d8],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncbsdxi.exe, Do karantény, [a90bfcba5d2d1521e8abe3616e93619f],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncjvfsbm.exe, Do karantény, [8a2af4c21c6ed85e4e45bb89b849d927],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncsqty.exe, Do karantény, [ecc854627b0f70c6573c2321f40db54b],
PUP.Proxy.BCM, C:\Users\Public\Windows\mining_proxy.exe, Do karantény, [91237640078373c3c1a52eea43bd16ea],
Malware.Trace, C:\Windows\Inf\ntvdm.inf, Do karantény, [c0f42b8b7812bf774457c7850bfa8c74],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\diablo130302.cl, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\diakgcn121016.cl, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\libcurl-4.dll, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\libeay32.dll, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\libidn-11.dll, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\librtmp.dll, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\libssh2.dll, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\mnciysen.exe, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\phatk121016.cl, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\poclbm130302.cl, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\scrypt130511.cl, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\ssleay32.dll, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\zlib1.dll, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Trojan.Agent.BCM, C:\Windows\Inf\mnciysen\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, Do karantény, [92227d397a1066d0ce7fd2e3ac572cd4],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
prosím o kontrolu logu Vyřešeno
Re: prosím o kontrolu logu
log z RK:
RogueKiller V10.8.1.0 (x64) [Jun 3 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : Nerissa [Práva správce]
Started from : C:\Users\Nerissa\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 06/04/2015 20:51:20
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1834309096-558221076-1079066713-1001\Software\Microsoft\Windows\CurrentVersion\Run | HAP Start : C:\ProgramData\HAP\HAP.exe [x] -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1834309096-558221076-1079066713-1001\Software\Microsoft\Windows\CurrentVersion\Run | HAP Start : C:\ProgramData\HAP\HAP.exe [x] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.192.60.6 213.192.60.5 [CZECH REPUBLIC (CZ)][X] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.192.60.6 213.192.60.5 [CZECH REPUBLIC (CZ)][X] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92B9F215-B61B-4EBA-9263-80C2EECA6AD4} | DhcpNameServer : 213.192.60.6 213.192.60.5 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{92B9F215-B61B-4EBA-9263-80C2EECA6AD4} | DhcpNameServer : 213.192.60.6 213.192.60.5 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] fa8afa78410628fb0cfa17d1abc14e45
[BSP] 83a159612f5474722c6760cb859bc0e0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 461048 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 945842176 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 946763776 | Size: 14653 MB
User = LL1 ... OK
User = LL2 ... OK
RogueKiller V10.8.1.0 (x64) [Jun 3 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : Nerissa [Práva správce]
Started from : C:\Users\Nerissa\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 06/04/2015 20:51:20
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1834309096-558221076-1079066713-1001\Software\Microsoft\Windows\CurrentVersion\Run | HAP Start : C:\ProgramData\HAP\HAP.exe [x] -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1834309096-558221076-1079066713-1001\Software\Microsoft\Windows\CurrentVersion\Run | HAP Start : C:\ProgramData\HAP\HAP.exe [x] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.192.60.6 213.192.60.5 [CZECH REPUBLIC (CZ)][X] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.192.60.6 213.192.60.5 [CZECH REPUBLIC (CZ)][X] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92B9F215-B61B-4EBA-9263-80C2EECA6AD4} | DhcpNameServer : 213.192.60.6 213.192.60.5 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{92B9F215-B61B-4EBA-9263-80C2EECA6AD4} | DhcpNameServer : 213.192.60.6 213.192.60.5 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] fa8afa78410628fb0cfa17d1abc14e45
[BSP] 83a159612f5474722c6760cb859bc0e0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 461048 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 945842176 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 946763776 | Size: 14653 MB
User = LL1 ... OK
User = LL2 ... OK
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Dobře 
Už nyní by to mělo běžet citelně rychleji.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vlož nový log z HJT + informuj o problémech.
Už nyní by to mělo běžet citelně rychleji.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts; klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vlož nový log z HJT + informuj o problémech.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: prosím o kontrolu logu
log z RK:
RogueKiller V10.8.1.0 (x64) [Jun 3 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : Nerissa [Práva správce]
Started from : C:\Users\Nerissa\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 06/05/2015 15:13:17
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1834309096-558221076-1079066713-1001\Software\Microsoft\Windows\CurrentVersion\Run | HAP Start : C:\ProgramData\HAP\HAP.exe [x] -> ERROR [0]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1834309096-558221076-1079066713-1001\Software\Microsoft\Windows\CurrentVersion\Run | HAP Start : C:\ProgramData\HAP\HAP.exe [x] -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : [X][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92B9F215-B61B-4EBA-9263-80C2EECA6AD4} | DhcpNameServer : [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{92B9F215-B61B-4EBA-9263-80C2EECA6AD4} | DhcpNameServer : [CZECH REPUBLIC (CZ)][X] -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] fa8afa78410628fb0cfa17d1abc14e45
[BSP] 83a159612f5474722c6760cb859bc0e0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 461048 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 945842176 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 946763776 | Size: 14653 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_06042015_205120.log - RKreport_SCN_06052015_151105.log - RKreport_DEL_06052015_151305.log
RogueKiller V10.8.1.0 (x64) [Jun 3 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : Nerissa [Práva správce]
Started from : C:\Users\Nerissa\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 06/05/2015 15:13:17
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1834309096-558221076-1079066713-1001\Software\Microsoft\Windows\CurrentVersion\Run | HAP Start : C:\ProgramData\HAP\HAP.exe [x] -> ERROR [0]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1834309096-558221076-1079066713-1001\Software\Microsoft\Windows\CurrentVersion\Run | HAP Start : C:\ProgramData\HAP\HAP.exe [x] -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : [X][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{92B9F215-B61B-4EBA-9263-80C2EECA6AD4} | DhcpNameServer : [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{92B9F215-B61B-4EBA-9263-80C2EECA6AD4} | DhcpNameServer : [CZECH REPUBLIC (CZ)][X] -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] fa8afa78410628fb0cfa17d1abc14e45
[BSP] 83a159612f5474722c6760cb859bc0e0 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 461048 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 945842176 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 946763776 | Size: 14653 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_06042015_205120.log - RKreport_SCN_06052015_151105.log - RKreport_DEL_06052015_151305.log
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
OK, ještě Zoek.
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: prosím o kontrolu logu
log ze zoeku:
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Nerissa on p 05. 06. 2015 at 15:19:01,80.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nerissa\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
5. 6. 2015 15:22:18 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\RelayTurbo deleted successfully
C:\Users\Nerissa\AppData\Roaming\omc_trollkill deleted successfully
C:\Users\Nerissa\AppData\Roaming\Opera Software deleted successfully
C:\Users\Nerissa\AppData\Local\CrashDumps deleted successfully
C:\Users\Nerissa\AppData\Local\Opera Software deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/?trackid=sp-006");
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "Google (avast)");
user_pref("browser.search.selectedEngine", "Google (avast)");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006");
Added to C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\RelayTurbo not found
C:\PROGRA~2\TooManyTabs for Chrome deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-1834309096-558221076-1079066713-1001 deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default\jetpack deleted
"C:\Users\Nerissa\AppData\Roaming\7lX0uELV93v1PewkNnYaFJl2j" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04. 05. 2015 15:53]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default
- Undetermined - %ProfilePath%\extensions\jid1-rs90nxQtPi3Asg@jetpack.xpi
- X-Forwarded-For Header - %ProfilePath%\extensions\jid1-vasLCl9ZsexfAQ@jetpack.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default
D395F537D081C919C2FD97F7DDDA4174 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Nerissa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
==== Chromium Look ======================
Google Chrome Version: 43.0.2357.81
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04. 05. 2015 15:53]
Comodo Drag&Drop Service - Nerissa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Nerissa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - Nerissa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
==== Chromium Startpages ======================
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Preferences
col_str":"quic"}],"network_stats":{"srtt":76113},"supports_spdy":true},"spreadsheets.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":22658},"supports_spdy":true},"ssl.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":15597},"supports_spdy":true},"static.wixstatic.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"static1.freebitco.in:443":{"supports_spdy":true},"stats.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":139734},"supports_spdy":true},"syndication.twitter.com:443":{"supports_spdy":true},"t0.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"t2.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"themes.googleusercontent.com:443":{"supports_spdy":true},"tpc.googlesyndication.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":14083},"supports_spdy":true},"tpc.googlesyndication.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":33375}},"translate.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"translate.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"translate.google.cz:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"translate.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"uds.googleusercontent.com:443":{"network_stats":{"srtt":87739}},"vk.com:443":{"supports_spdy":true},"wad.ojooo.com:443":{"supports_spdy":true},"webtransfer-finance.com:443":{"supports_spdy":true},"wiki.wireshark.org:443":{"supports_spdy":true},"worker-blobs.crowdprocess.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www-fc-opensocial.googleusercontent.com:443":{"network_stats":{"srtt":85609}},"www.bdswiss.com:443":{"supports_spdy":true},"www.blogblog.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.blogger.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":147064},"supports_spdy":true},"www.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":77459},"supports_spdy":true},"www.google-analytics.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.co.uk:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":29662},"supports_spdy":true},"www.google.co.uk:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":27164},"supports_spdy":true},"www.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.cz:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":33118},"supports_spdy":true},"www.google.cz:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.de:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":52455},"supports_spdy":true},"www.google.de:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googleadservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":18161},"supports_spdy":true},"www.googleadservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":36481}},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":31217},"supports_spdy":true},"www.googletagmanager.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.googletagmanager.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":74122},"supports_spdy":true},"www.googletagservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":13383}},"www.gptplanet.com:443":{"supports_spdy":true},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":15597},"supports_spdy":true},"www.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":131494}},"www.onecoin.eu:443":{"supports_spdy":true},"www.wireshark.org:443":{"supports_spdy":true},"www.youtube-nocookie.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":157882}},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":80981},"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.youtube.cz:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":42972},"supports_spdy":true}},"supports_quic":{"address":"192.168.1.104","used_quic":true},"version":3}},"ntp":{"app_page_names":["Aplikace"]},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"http://www.exashare.com:80,http://www.milujemeserialy.eu:80":{"setting":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"https://www.facebook.com:443,*":{"setting":1}},"media_stream_mic":{"https://www.facebook.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://www.exashare.com:80,http://www.milujemeserialy.eu:80":{"fullscreen":1},"https://www.facebook.com:443,*":{"last_used":{"media-stream-camera":1432231530.766913,"media-stream-mic":1432231530.766894},"media-stream-camera":1,"media-stream-mic":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Osoba 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Nerissa\\Downloads"},"selectfile":{"last_directory":"C:\\Users\\Nerissa\\Downloads"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13075308564890859"},"translate_accepted_count":{"en":0},"translate_blocked_languages":["cs"],"translate_denied_count":{"en":2},"translate_last_denied_time":1.430834e+12,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
11E497D267500038605A044D8ABC51828DA5A305F7C4B1B9F5A98323BC17","bepbmhgboaologfdajaanbcjmnhjmhfn":"18C19BD5F74B7AD84DEAAA6E18E11D09696A7BC04B27BD7DEDC9E74645BCCB0C","eemcgdkfndhakfknompkggombfjjjeno":"1F95BD8C3F047E28112FB70A473B3EA719B45FD67C0F37ECA7AE4F925FC63561","ennkphjdgehloodpbhlhldgbnhmacadg":"F672735AE8197C7A78E52DF9BBB912E7661E5DBEB2F81F7C37367C70A4AD0960","gfdkimpbcpahaombhbimeihdjnejgicl":"1F105111C74894736C381ABAD1C54ADBA55729D3E60CF70EDA466978492DF90E","gmnnfpnflgajolmdkmhhbdednefkobma":"D0771A304A4A643A05AB51658287F88A6D006E7510882E57D48FAF172545987C","gomekmidlodglbbmalcneegieacbdmki":"B6E0EFB2F96E10481794D70AD1D5AB81764A347F9FF4990F940A11AEA86DEDA9","kmendfapggjehodndflmmgagdbamhnfd":"CFE7A393DBB83F519D62E87A7F42078ADC73B858F1DB63381F8818A6E1D3CE11","ljekdafacmpknphocmkmjnopfaagbpbb":"9E78DDE7AD7EB467B552DFABDE26C528B3AAD6CB794F6F629005D6857CCEE561","mfehgcgbbipciphmccgaenjidiccnmng":"74AE8EC04E31A0F2DEE7380654B45091143DFC0170A09147A57AAA682F6BF64A","mgndgikekgjfcpckkfioiadnlibdjbkf":"B8E8298D1225A992705A71F8FD96FC28A6790CA2D40A8E7A203310BE89E9B69C","mhjfbmdgcfjbbpaeojofohoefgiehjai":"A80A1DCA004AC7C416928EB0B9668337830E9399EC4412F6D684F5FD60175E8C","neajdppkdcdipfabeoofebfddakdcjhd":"F434DE650EBE52B526DD2A6DBBB2054996F85609594B390849BB363A2872A714","nkeimhogjdpnpccoofpliimaahmaaome":"099724DB75C2FBF8566818BCDBBEDA88B08868BB91265228D812BAFBAD722676","nmmhkkegccagdldgiimedpiccmgmieda":"0993F78D214ADC91B1149030CB7FA5BC9FB651CD8D43FD4BC98C1EE2F29FBCE8","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"26163536778D6D14A6E822EC7CBA8B0BB693180616B54E8E50EFE26B853B2F5A"}},"google":{"services":{"last_username":"90E2BDE363ABC27D2EF6828E9A28E4EC5F8198DED9D9EE476887E79426DF6F6B","username":"F527C96FD8934FBB09D5E438730716A09F358C5160222363347B3E1EF115DE22"}},"homepage":"D44A4B759F8935FE3B551A9390DB102EE667A246164904912B393EDAF6EEF20D","homepage_is_newtabpage":"2BEBA21B302594C3498480B37AB4F9539EC922828D37A4445AF4E29F7597AE87","pinned_tabs":"FD803E2A230C7982E8FCB3811AAFC897C064531CC817ED0C43A47A98A0E80188","prefs":{"preference_reset_time":"393D9B0BD576D6F98A54CF3D5AA1489D1A82BA569756BDBF4C339F93328369AF"},"profile":{"reset_prompt_memento":"627334D4D77310935E9932E575940DC72B093F0680A6CF441F3C79677FC7F85E"},"safebrowsing":{"incidents_sent":"DE824FC0B3F2560DB8AE2CAD7D75FD00D235F5D7A0A32FB56C14E5763E10A710"},"search_provider_overrides":"C613AE46263EF183BD313BACD627F74D70B4686C82CBFB538DF4DE244457B3B3","session":{"restore_on_startup":"DE3576244CCD07945F9DBD9C6287431CD1BDBC730F811FD111DBD28D63818C99","startup_urls":"A39C0C48EC636804EA45DA7EA49A732DB8886BB3B68FCD65180B899D36983FDC"},"software_reporter":{"prompt_reason":"63C096B54F763DD3FA550FF07ECDCBBBB7728C735A75EC0031903F208A50C9AB","prompt_seed":"3A565DAE22469FF88DE9BEA1FDA852295B22D5332C806507E769D4510E064EEA","prompt_version":"9D26BB6B23CFB855D8077BED49EDC7DC1FD81ACCAD42DFBECE52D9CBAE4D4EF1"},"sync":{"remaining_rollback_tries":"63B2D4F1B6509E6462B3456F317AEFDBB10E06E577FD47997C59EDAE93BE9AE6"}},"super_mac":"E873F37B251701BFA2B7DB22A4AB8A2D69E17DD0968F6F393B3A78BE898778D4"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":null,"startup_urls":["https://www.google.com/?trackid=sp-006"],"urls_to_restore_on_startup":null},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"}}
11E497D267500038605A044D8ABC51828DA5A305F7C4B1B9F5A98323BC17","bepbmhgboaologfdajaanbcjmnhjmhfn":"18C19BD5F74B7AD84DEAAA6E18E11D09696A7BC04B27BD7DEDC9E74645BCCB0C","eemcgdkfndhakfknompkggombfjjjeno":"1F95BD8C3F047E28112FB70A473B3EA719B45FD67C0F37ECA7AE4F925FC63561","ennkphjdgehloodpbhlhldgbnhmacadg":"F672735AE8197C7A78E52DF9BBB912E7661E5DBEB2F81F7C37367C70A4AD0960","gfdkimpbcpahaombhbimeihdjnejgicl":"1F105111C74894736C381ABAD1C54ADBA55729D3E60CF70EDA466978492DF90E","gmnnfpnflgajolmdkmhhbdednefkobma":"D0771A304A4A643A05AB51658287F88A6D006E7510882E57D48FAF172545987C","gomekmidlodglbbmalcneegieacbdmki":"B6E0EFB2F96E10481794D70AD1D5AB81764A347F9FF4990F940A11AEA86DEDA9","kmendfapggjehodndflmmgagdbamhnfd":"CFE7A393DBB83F519D62E87A7F42078ADC73B858F1DB63381F8818A6E1D3CE11","ljekdafacmpknphocmkmjnopfaagbpbb":"9E78DDE7AD7EB467B552DFABDE26C528B3AAD6CB794F6F629005D6857CCEE561","mfehgcgbbipciphmccgaenjidiccnmng":"74AE8EC04E31A0F2DEE7380654B45091143DFC0170A09147A57AAA682F6BF64A","mgndgikekgjfcpckkfioiadnlibdjbkf":"B8E8298D1225A992705A71F8FD96FC28A6790CA2D40A8E7A203310BE89E9B69C","mhjfbmdgcfjbbpaeojofohoefgiehjai":"A80A1DCA004AC7C416928EB0B9668337830E9399EC4412F6D684F5FD60175E8C","neajdppkdcdipfabeoofebfddakdcjhd":"F434DE650EBE52B526DD2A6DBBB2054996F85609594B390849BB363A2872A714","nkeimhogjdpnpccoofpliimaahmaaome":"099724DB75C2FBF8566818BCDBBEDA88B08868BB91265228D812BAFBAD722676","nmmhkkegccagdldgiimedpiccmgmieda":"0993F78D214ADC91B1149030CB7FA5BC9FB651CD8D43FD4BC98C1EE2F29FBCE8","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"26163536778D6D14A6E822EC7CBA8B0BB693180616B54E8E50EFE26B853B2F5A"}},"google":{"services":{"last_username":"90E2BDE363ABC27D2EF6828E9A28E4EC5F8198DED9D9EE476887E79426DF6F6B","username":"F527C96FD8934FBB09D5E438730716A09F358C5160222363347B3E1EF115DE22"}},"homepage":"D44A4B759F8935FE3B551A9390DB102EE667A246164904912B393EDAF6EEF20D","homepage_is_newtabpage":"2BEBA21B302594C3498480B37AB4F9539EC922828D37A4445AF4E29F7597AE87","pinned_tabs":"FD803E2A230C7982E8FCB3811AAFC897C064531CC817ED0C43A47A98A0E80188","prefs":{"preference_reset_time":"393D9B0BD576D6F98A54CF3D5AA1489D1A82BA569756BDBF4C339F93328369AF"},"profile":{"reset_prompt_memento":"627334D4D77310935E9932E575940DC72B093F0680A6CF441F3C79677FC7F85E"},"safebrowsing":{"incidents_sent":"DE824FC0B3F2560DB8AE2CAD7D75FD00D235F5D7A0A32FB56C14E5763E10A710"},"search_provider_overrides":"C613AE46263EF183BD313BACD627F74D70B4686C82CBFB538DF4DE244457B3B3","session":{"restore_on_startup":"DE3576244CCD07945F9DBD9C6287431CD1BDBC730F811FD111DBD28D63818C99","startup_urls":"A39C0C48EC636804EA45DA7EA49A732DB8886BB3B68FCD65180B899D36983FDC"},"software_reporter":{"prompt_reason":"63C096B54F763DD3FA550FF07ECDCBBBB7728C735A75EC0031903F208A50C9AB","prompt_seed":"3A565DAE22469FF88DE9BEA1FDA852295B22D5332C806507E769D4510E064EEA","prompt_version":"9D26BB6B23CFB855D8077BED49EDC7DC1FD81ACCAD42DFBECE52D9CBAE4D4EF1"},"sync":{"remaining_rollback_tries":"63B2D4F1B6509E6462B3456F317AEFDBB10E06E577FD47997C59EDAE93BE9AE6"}},"super_mac":"E873F37B251701BFA2B7DB22A4AB8A2D69E17DD0968F6F393B3A78BE898778D4"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":null,"startup_urls":["https://www.google.com/?trackid=sp-006"],"urls_to_restore_on_startup":null},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"}}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0840BCEF-9209-40F6-BC0C-022F7664779A} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_13415"
{160B6D7F-4F4E-4E48-B073-089EE44F322B} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415"
{3737D7FD-3C98-4C6A-9E82-E7573785B03F} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_13415"
{51480579-A8EF-4DD9-A53D-F980944F4050} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415"
{97574F41-5464-4C35-BBA1-1146C631E469} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415"
{A5832FC2-4D3F-4756-90B6-76FC375EAAF2} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_13415"
{C2D5BDC6-AE11-47DF-B909-A2C220F7B6A0} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
{F5943482-FFE1-4720-8CE8-4737C5AD5924} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
==== Reset Google Chrome ======================
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Nerissa\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nerissa\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nerissa\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nerissa\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Nerissa\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Nerissa\AppData\Local\Mozilla\Firefox\Profiles\gp8rstfc.default\cache2 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\9op7c5cn.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Nerissa\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=5 folders=6 10717 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Nerissa\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Nerissa\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on p 05. 06. 2015 at 16:02:19,61 ======================
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Nerissa on p 05. 06. 2015 at 15:19:01,80.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Nerissa\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
5. 6. 2015 15:22:18 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\RelayTurbo deleted successfully
C:\Users\Nerissa\AppData\Roaming\omc_trollkill deleted successfully
C:\Users\Nerissa\AppData\Roaming\Opera Software deleted successfully
C:\Users\Nerissa\AppData\Local\CrashDumps deleted successfully
C:\Users\Nerissa\AppData\Local\Opera Software deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com/?trackid=sp-006");
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "Google (avast)");
user_pref("browser.search.selectedEngine", "Google (avast)");
user_pref("browser.search.order.1", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006");
Added to C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\RelayTurbo not found
C:\PROGRA~2\TooManyTabs for Chrome deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-1834309096-558221076-1079066713-1001 deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default\jetpack deleted
"C:\Users\Nerissa\AppData\Roaming\7lX0uELV93v1PewkNnYaFJl2j" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04. 05. 2015 15:53]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default
- Undetermined - %ProfilePath%\extensions\jid1-rs90nxQtPi3Asg@jetpack.xpi
- X-Forwarded-For Header - %ProfilePath%\extensions\jid1-vasLCl9ZsexfAQ@jetpack.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Nerissa\AppData\Roaming\Mozilla\Firefox\Profiles\gp8rstfc.default
D395F537D081C919C2FD97F7DDDA4174 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Nerissa\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
==== Chromium Look ======================
Google Chrome Version: 43.0.2357.81
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04. 05. 2015 15:53]
Comodo Drag&Drop Service - Nerissa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - Nerissa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Media Downloader - Nerissa\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dihmnpngfonlhjmgkflpnibiaaliendo
==== Chromium Startpages ======================
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Preferences
col_str":"quic"}],"network_stats":{"srtt":76113},"supports_spdy":true},"spreadsheets.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"ssl.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":22658},"supports_spdy":true},"ssl.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":15597},"supports_spdy":true},"static.wixstatic.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}]},"static1.freebitco.in:443":{"supports_spdy":true},"stats.g.doubleclick.net:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":139734},"supports_spdy":true},"syndication.twitter.com:443":{"supports_spdy":true},"t0.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"t2.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"themes.googleusercontent.com:443":{"supports_spdy":true},"tpc.googlesyndication.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":14083},"supports_spdy":true},"tpc.googlesyndication.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":33375}},"translate.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}]},"translate.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"translate.google.cz:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"translate.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"uds.googleusercontent.com:443":{"network_stats":{"srtt":87739}},"vk.com:443":{"supports_spdy":true},"wad.ojooo.com:443":{"supports_spdy":true},"webtransfer-finance.com:443":{"supports_spdy":true},"wiki.wireshark.org:443":{"supports_spdy":true},"worker-blobs.crowdprocess.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www-fc-opensocial.googleusercontent.com:443":{"network_stats":{"srtt":85609}},"www.bdswiss.com:443":{"supports_spdy":true},"www.blogblog.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.blogger.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":147064},"supports_spdy":true},"www.google-analytics.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":77459},"supports_spdy":true},"www.google-analytics.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.co.uk:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":29662},"supports_spdy":true},"www.google.co.uk:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":27164},"supports_spdy":true},"www.google.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.cz:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":33118},"supports_spdy":true},"www.google.cz:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.google.de:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":52455},"supports_spdy":true},"www.google.de:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googleadservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":18161},"supports_spdy":true},"www.googleadservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":36481}},"www.googleapis.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":31217},"supports_spdy":true},"www.googletagmanager.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"supports_spdy":true},"www.googletagmanager.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.googletagservices.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":74122},"supports_spdy":true},"www.googletagservices.com:80":{"alternative_service":[{"port":80,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":13383}},"www.gptplanet.com:443":{"supports_spdy":true},"www.gstatic.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":15597},"supports_spdy":true},"www.gstatic.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}],"network_stats":{"srtt":131494}},"www.onecoin.eu:443":{"supports_spdy":true},"www.wireshark.org:443":{"supports_spdy":true},"www.youtube-nocookie.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":157882}},"www.youtube.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":80981},"supports_spdy":true},"www.youtube.com:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"www.youtube.cz:80":{"alternative_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":42972},"supports_spdy":true}},"supports_quic":{"address":"192.168.1.104","used_quic":true},"version":3}},"ntp":{"app_page_names":["Aplikace"]},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"profile":{"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"http://www.exashare.com:80,http://www.milujemeserialy.eu:80":{"setting":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{"https://www.facebook.com:443,*":{"setting":1}},"media_stream_mic":{"https://www.facebook.com:443,*":{"setting":1}},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://www.exashare.com:80,http://www.milujemeserialy.eu:80":{"fullscreen":1},"https://www.facebook.com:443,*":{"last_used":{"media-stream-camera":1432231530.766913,"media-stream-mic":1432231530.766894},"media-stream-camera":1,"media-stream-mic":1},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"exit_type":"Normal","exited_cleanly":true,"icon_version":3,"managed_user_id":"","migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Osoba 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"savefile":{"default_directory":"C:\\Users\\Nerissa\\Downloads"},"selectfile":{"last_directory":"C:\\Users\\Nerissa\\Downloads"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13075308564890859"},"translate_accepted_count":{"en":0},"translate_blocked_languages":["cs"],"translate_denied_count":{"en":2},"translate_last_denied_time":1.430834e+12,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}
11E497D267500038605A044D8ABC51828DA5A305F7C4B1B9F5A98323BC17","bepbmhgboaologfdajaanbcjmnhjmhfn":"18C19BD5F74B7AD84DEAAA6E18E11D09696A7BC04B27BD7DEDC9E74645BCCB0C","eemcgdkfndhakfknompkggombfjjjeno":"1F95BD8C3F047E28112FB70A473B3EA719B45FD67C0F37ECA7AE4F925FC63561","ennkphjdgehloodpbhlhldgbnhmacadg":"F672735AE8197C7A78E52DF9BBB912E7661E5DBEB2F81F7C37367C70A4AD0960","gfdkimpbcpahaombhbimeihdjnejgicl":"1F105111C74894736C381ABAD1C54ADBA55729D3E60CF70EDA466978492DF90E","gmnnfpnflgajolmdkmhhbdednefkobma":"D0771A304A4A643A05AB51658287F88A6D006E7510882E57D48FAF172545987C","gomekmidlodglbbmalcneegieacbdmki":"B6E0EFB2F96E10481794D70AD1D5AB81764A347F9FF4990F940A11AEA86DEDA9","kmendfapggjehodndflmmgagdbamhnfd":"CFE7A393DBB83F519D62E87A7F42078ADC73B858F1DB63381F8818A6E1D3CE11","ljekdafacmpknphocmkmjnopfaagbpbb":"9E78DDE7AD7EB467B552DFABDE26C528B3AAD6CB794F6F629005D6857CCEE561","mfehgcgbbipciphmccgaenjidiccnmng":"74AE8EC04E31A0F2DEE7380654B45091143DFC0170A09147A57AAA682F6BF64A","mgndgikekgjfcpckkfioiadnlibdjbkf":"B8E8298D1225A992705A71F8FD96FC28A6790CA2D40A8E7A203310BE89E9B69C","mhjfbmdgcfjbbpaeojofohoefgiehjai":"A80A1DCA004AC7C416928EB0B9668337830E9399EC4412F6D684F5FD60175E8C","neajdppkdcdipfabeoofebfddakdcjhd":"F434DE650EBE52B526DD2A6DBBB2054996F85609594B390849BB363A2872A714","nkeimhogjdpnpccoofpliimaahmaaome":"099724DB75C2FBF8566818BCDBBEDA88B08868BB91265228D812BAFBAD722676","nmmhkkegccagdldgiimedpiccmgmieda":"0993F78D214ADC91B1149030CB7FA5BC9FB651CD8D43FD4BC98C1EE2F29FBCE8","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"26163536778D6D14A6E822EC7CBA8B0BB693180616B54E8E50EFE26B853B2F5A"}},"google":{"services":{"last_username":"90E2BDE363ABC27D2EF6828E9A28E4EC5F8198DED9D9EE476887E79426DF6F6B","username":"F527C96FD8934FBB09D5E438730716A09F358C5160222363347B3E1EF115DE22"}},"homepage":"D44A4B759F8935FE3B551A9390DB102EE667A246164904912B393EDAF6EEF20D","homepage_is_newtabpage":"2BEBA21B302594C3498480B37AB4F9539EC922828D37A4445AF4E29F7597AE87","pinned_tabs":"FD803E2A230C7982E8FCB3811AAFC897C064531CC817ED0C43A47A98A0E80188","prefs":{"preference_reset_time":"393D9B0BD576D6F98A54CF3D5AA1489D1A82BA569756BDBF4C339F93328369AF"},"profile":{"reset_prompt_memento":"627334D4D77310935E9932E575940DC72B093F0680A6CF441F3C79677FC7F85E"},"safebrowsing":{"incidents_sent":"DE824FC0B3F2560DB8AE2CAD7D75FD00D235F5D7A0A32FB56C14E5763E10A710"},"search_provider_overrides":"C613AE46263EF183BD313BACD627F74D70B4686C82CBFB538DF4DE244457B3B3","session":{"restore_on_startup":"DE3576244CCD07945F9DBD9C6287431CD1BDBC730F811FD111DBD28D63818C99","startup_urls":"A39C0C48EC636804EA45DA7EA49A732DB8886BB3B68FCD65180B899D36983FDC"},"software_reporter":{"prompt_reason":"63C096B54F763DD3FA550FF07ECDCBBBB7728C735A75EC0031903F208A50C9AB","prompt_seed":"3A565DAE22469FF88DE9BEA1FDA852295B22D5332C806507E769D4510E064EEA","prompt_version":"9D26BB6B23CFB855D8077BED49EDC7DC1FD81ACCAD42DFBECE52D9CBAE4D4EF1"},"sync":{"remaining_rollback_tries":"63B2D4F1B6509E6462B3456F317AEFDBB10E06E577FD47997C59EDAE93BE9AE6"}},"super_mac":"E873F37B251701BFA2B7DB22A4AB8A2D69E17DD0968F6F393B3A78BE898778D4"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":null,"startup_urls":["https://www.google.com/?trackid=sp-006"],"urls_to_restore_on_startup":null},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"}}
11E497D267500038605A044D8ABC51828DA5A305F7C4B1B9F5A98323BC17","bepbmhgboaologfdajaanbcjmnhjmhfn":"18C19BD5F74B7AD84DEAAA6E18E11D09696A7BC04B27BD7DEDC9E74645BCCB0C","eemcgdkfndhakfknompkggombfjjjeno":"1F95BD8C3F047E28112FB70A473B3EA719B45FD67C0F37ECA7AE4F925FC63561","ennkphjdgehloodpbhlhldgbnhmacadg":"F672735AE8197C7A78E52DF9BBB912E7661E5DBEB2F81F7C37367C70A4AD0960","gfdkimpbcpahaombhbimeihdjnejgicl":"1F105111C74894736C381ABAD1C54ADBA55729D3E60CF70EDA466978492DF90E","gmnnfpnflgajolmdkmhhbdednefkobma":"D0771A304A4A643A05AB51658287F88A6D006E7510882E57D48FAF172545987C","gomekmidlodglbbmalcneegieacbdmki":"B6E0EFB2F96E10481794D70AD1D5AB81764A347F9FF4990F940A11AEA86DEDA9","kmendfapggjehodndflmmgagdbamhnfd":"CFE7A393DBB83F519D62E87A7F42078ADC73B858F1DB63381F8818A6E1D3CE11","ljekdafacmpknphocmkmjnopfaagbpbb":"9E78DDE7AD7EB467B552DFABDE26C528B3AAD6CB794F6F629005D6857CCEE561","mfehgcgbbipciphmccgaenjidiccnmng":"74AE8EC04E31A0F2DEE7380654B45091143DFC0170A09147A57AAA682F6BF64A","mgndgikekgjfcpckkfioiadnlibdjbkf":"B8E8298D1225A992705A71F8FD96FC28A6790CA2D40A8E7A203310BE89E9B69C","mhjfbmdgcfjbbpaeojofohoefgiehjai":"A80A1DCA004AC7C416928EB0B9668337830E9399EC4412F6D684F5FD60175E8C","neajdppkdcdipfabeoofebfddakdcjhd":"F434DE650EBE52B526DD2A6DBBB2054996F85609594B390849BB363A2872A714","nkeimhogjdpnpccoofpliimaahmaaome":"099724DB75C2FBF8566818BCDBBEDA88B08868BB91265228D812BAFBAD722676","nmmhkkegccagdldgiimedpiccmgmieda":"0993F78D214ADC91B1149030CB7FA5BC9FB651CD8D43FD4BC98C1EE2F29FBCE8","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"26163536778D6D14A6E822EC7CBA8B0BB693180616B54E8E50EFE26B853B2F5A"}},"google":{"services":{"last_username":"90E2BDE363ABC27D2EF6828E9A28E4EC5F8198DED9D9EE476887E79426DF6F6B","username":"F527C96FD8934FBB09D5E438730716A09F358C5160222363347B3E1EF115DE22"}},"homepage":"D44A4B759F8935FE3B551A9390DB102EE667A246164904912B393EDAF6EEF20D","homepage_is_newtabpage":"2BEBA21B302594C3498480B37AB4F9539EC922828D37A4445AF4E29F7597AE87","pinned_tabs":"FD803E2A230C7982E8FCB3811AAFC897C064531CC817ED0C43A47A98A0E80188","prefs":{"preference_reset_time":"393D9B0BD576D6F98A54CF3D5AA1489D1A82BA569756BDBF4C339F93328369AF"},"profile":{"reset_prompt_memento":"627334D4D77310935E9932E575940DC72B093F0680A6CF441F3C79677FC7F85E"},"safebrowsing":{"incidents_sent":"DE824FC0B3F2560DB8AE2CAD7D75FD00D235F5D7A0A32FB56C14E5763E10A710"},"search_provider_overrides":"C613AE46263EF183BD313BACD627F74D70B4686C82CBFB538DF4DE244457B3B3","session":{"restore_on_startup":"DE3576244CCD07945F9DBD9C6287431CD1BDBC730F811FD111DBD28D63818C99","startup_urls":"A39C0C48EC636804EA45DA7EA49A732DB8886BB3B68FCD65180B899D36983FDC"},"software_reporter":{"prompt_reason":"63C096B54F763DD3FA550FF07ECDCBBBB7728C735A75EC0031903F208A50C9AB","prompt_seed":"3A565DAE22469FF88DE9BEA1FDA852295B22D5332C806507E769D4510E064EEA","prompt_version":"9D26BB6B23CFB855D8077BED49EDC7DC1FD81ACCAD42DFBECE52D9CBAE4D4EF1"},"sync":{"remaining_rollback_tries":"63B2D4F1B6509E6462B3456F317AEFDBB10E06E577FD47997C59EDAE93BE9AE6"}},"super_mac":"E873F37B251701BFA2B7DB22A4AB8A2D69E17DD0968F6F393B3A78BE898778D4"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":null,"startup_urls":["https://www.google.com/?trackid=sp-006"],"urls_to_restore_on_startup":null},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"}}
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Old Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0840BCEF-9209-40F6-BC0C-022F7664779A} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_13415"
{160B6D7F-4F4E-4E48-B073-089EE44F322B} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_13415"
{3737D7FD-3C98-4C6A-9E82-E7573785B03F} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_13415"
{51480579-A8EF-4DD9-A53D-F980944F4050} Slovnˇk EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_13415"
{97574F41-5464-4C35-BBA1-1146C631E469} Slovnˇk CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_13415"
{A5832FC2-4D3F-4756-90B6-76FC375EAAF2} Zbo§ˇ.cz Url="http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_13415"
{C2D5BDC6-AE11-47DF-B909-A2C220F7B6A0} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
{F5943482-FFE1-4720-8CE8-4737C5AD5924} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415"
==== Reset Google Chrome ======================
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Nerissa\AppData\Local\Comodo\Dragon\User Data\Default\Web Data was reset successfully
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nerissa\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nerissa\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Nerissa\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Nerissa\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Nerissa\AppData\Local\Mozilla\Firefox\Profiles\gp8rstfc.default\cache2 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Mozilla\Firefox\Profiles\9op7c5cn.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Nerissa\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\Nerissa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=5 folders=6 10717 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Nerissa\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\Nerissa\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on p 05. 06. 2015 at 16:02:19,61 ======================
Re: prosím o kontrolu logu
log z HJK (+žádné problémy nepozoruji):
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:06:22, on 5. 6. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
FIREFOX: 36.0.4 (x86 cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Users\Nerissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Nerissa\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [download.ninja] C:\Program Files\Download Ninja\download.ninja.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - Startup: Dropbox.lnk = C:\Users\Nerissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Arc\ArcService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Úložná technologie Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Visual Studio ETW Event Collection Service (VsEtwService120) - Unknown owner - C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10091 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:06:22, on 5. 6. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
FIREFOX: 36.0.4 (x86 cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
C:\Users\Nerissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Nerissa\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [download.ninja] C:\Program Files\Download Ninja\download.ninja.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - Startup: Dropbox.lnk = C:\Users\Nerissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Arc\ArcService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Úložná technologie Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Visual Studio ETW Event Collection Service (VsEtwService120) - Unknown owner - C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10091 bytes
Re: prosím o kontrolu logu
oprava: objevil se problém s hrou Star trek online, přikládám obrázek
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Ahoj, v tomto případě se nejedná o virus, ale o jakousi vnitřní chybu hry, který říká, že v jejím adresáři jsou nejspíše nějaké poškozené soubory, proto ti je nabízí opravit (klikni na Ano).
Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD
Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku"
Zavři ostatní programy/prohlížeče, odpoj se od internetu a v HJT fixni:
NÁVOD
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXEStáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/
ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.
Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt
Pokud nejsou problémy, je to vše a můžeš dát vyřešeno - zelenou "fajfku"
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: prosím o kontrolu logu
jak mám ten kód vložit do HJT? :)
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Návod: http://www.pc-help.cz/viewtopic.php?t=5119
Bod 6)
Bod 6)
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: prosím o kontrolu logu
tam se ale píše, že tam mám zkopírovat log, který mi to vyjede
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 62 hostů