prosím kontrolu Vyřešeno

[Varg]

Ahoj.
Prosím o kontrolu logu.
Je to notebook od tchýně a cosi se jí tam asi usadilo.
Načítání trvá cirka 5 minut a samotná práce je utrpení.
Našel jsem tam jakési Yahoo které nelze odinstalovat.
Při kompletní kontrole Avastem to nahlásilo 74 infikovaných souborů.
Budu rád za pomoc.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:48, on 31.1.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16599)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast5\avastui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Users\VRKA~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Věrka\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx? ... 110&m=e525
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5797 bytes

[Reklama]

[Orcus]

Deaktivuj Windows Defender. Nemusí běžet, když tam je Avast.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[Varg]

# AdwCleaner v4.109 - Report created 31/01/2015 at 17:13:49
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Věrka - VĚRKA-PC
# Running from : C:\Users\Věrka\Desktop\adwcleaner_4.109.exe
# Option : Scan

***** [ Services ] *****

Service Found : Skype C2C Service

***** [ Files / Folders ] *****

File Found : C:\Users\Věrka\AppData\Roaming\Mozilla\Firefox\Profiles\edwlftif.default\searchplugins\dsrlte.xml
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Common Files\Spigot
Folder Found : C:\Program Files\IObit Toolbar
Folder Found : C:\Program Files\neurowise
Folder Found : C:\Users\Věrka\AppData\Local\pay-by-ads

***** [ Scheduled Tasks ] *****

Task Found : Yahoo! Search
Task Found : Yahoo! Search Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Classes\keepmysearch
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{072E0EA5-E981-44C6-A28B-055364BCBE49}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rts.dsrlte.com?affID=na

-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [2917 octets] - [31/01/2015 17:13:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2977 octets] ##########


Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 31.1.2015
Čas skenování: 17:31:30
Protokol: log.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.01.31.04
Databáze rootkitů: v2015.01.14.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: VÄ?rka

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 337681
Uplynulý čas: 20 min, 33 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 1
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe, 2640, , [e808837ab0d9999d293dc39f2bd58c74]

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 4
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [28c802fb9decf0466fc88ea5cc3701ff],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\neurowise, , [fff135c82762a591d05a386524df6e92],
PUP.Optional.Neurowise.A, HKU\S-1-5-21-2558304656-977428142-2664732755-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\neurowise, , [b739e8154f3aba7cc665c1dc8b78bd43],
PUP.Optional.PayByAds.A, HKU\S-1-5-21-2558304656-977428142-2664732755-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Yahoo! Search, , [f6fa12ebbccd79bd2d72d58934cfe020],

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 1
PUP.Optional.Dsrlte.A, HKU\S-1-5-21-2558304656-977428142-2664732755-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://rts.dsrlte.com?affID=na, Dobré: (www.google.com), Špatné: (http://rts.dsrlte.com?affID=na),,[9d53c03d43463df9907b8d22fc09a65a]

Složky: 13
PUP.Optional.Neurowise.A, C:\Program Files\neurowise, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\bin, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\bin\plugins, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\bin\TEMP, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Res, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\wtxpcom, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\wtxpcom\components, , [628e56a72762f541c308224ada292cd4],

Soubory: 43
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe, , [e808837ab0d9999d293dc39f2bd58c74],
PUP.Optional.Spigot.A, C:\Windows\Installer\7adea.msi, , [1cd48b72b8d1340213db844ca25f21df],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\neurowise.ico, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\updateneurowise.InstallState, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\bin\utilneurowise.InstallState, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\bin\7za.exe, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\bin\BrowserAdapter.7z, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\bin\eula.txt, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\bin\neurowise.expext.zip, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\bin\neurowise.PurBrowse.zip, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Neurowise.A, C:\Program Files\neurowise\bin\sqlite3.dll, , [935db34aaddc5fd70722257850b3da26],
PUP.Optional.Dsrlte.A, C:\Users\VÄ?rka\AppData\Roaming\Mozilla\Firefox\Profiles\edwlftif.default\searchplugins\dsrlte.xml, , [f4fc4db04d3c61d5d258857e897c9868],
PUP.Optional.YahooSearch.A, C:\Windows\System32\Tasks\Yahoo! Search, , [807064992168ed497da815f258ad52ae],
PUP.Optional.YahooSearch.A, C:\Windows\System32\Tasks\Yahoo! Search Updater, , [3eb2c5384c3d60d6978e6b9c6d984db3],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\app.ini, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\chromext64.dll, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrsetup.exe, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\hjfmeofa.dll, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\hlpr64.exe, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\ieds.xml, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\res.dll, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.PayByAds.A, C:\Users\VÄ?rka\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.19.2\serp.js, , [f6fa12ebbccd79bd2d72d58934cfe020],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\baidu_ff.xml, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\baidu_ie.xml, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\wth.dll, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\yahoo_ff.xml, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\yahoo_ie.xml, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\yandex_ff.xml, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\yandex_ie.xml, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1031.ini, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1033.ini, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1034.ini, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1036.ini, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\Search Settings\Lang\res1040.ini, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\wtxpcom\components\chrome.manifest, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\wtxpcom\components\install.rdf, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11, , [628e56a72762f541c308224ada292cd4],
PUP.Optional.Spigot.A, C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12, , [628e56a72762f541c308224ada292cd4],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Varg]

# AdwCleaner v4.109 - Report created 01/02/2015 at 10:53:08
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Věrka - VĚRKA-PC
# Running from : C:\Users\Věrka\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Skype C2C Service

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\IObit Toolbar
Folder Deleted : C:\Program Files\neurowise
Folder Deleted : C:\Program Files\Common Files\Spigot
Folder Deleted : C:\Users\Věrka\AppData\Local\pay-by-ads
File Deleted : C:\Users\Věrka\AppData\Roaming\Mozilla\Firefox\Profiles\edwlftif.default\searchplugins\dsrlte.xml

***** [ Scheduled Tasks ] *****

Task Deleted : Yahoo! Search
Task Deleted : Yahoo! Search Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{072E0EA5-E981-44C6-A28B-055364BCBE49}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [3057 octets] - [31/01/2015 17:13:49]
AdwCleaner[R1].txt - [3117 octets] - [01/02/2015 10:50:21]
AdwCleaner[S0].txt - [3064 octets] - [01/02/2015 10:53:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3124 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Věrka on ne 01.02.2015 at 11:01:45,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 01.02.2015 at 11:06:42,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Varg]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 1.2.2015
Čas skenování: 11:09:17
Protokol: log 1.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.02.01.01
Databáze rootkitů: v2015.01.14.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: VÄ?rka

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 337628
Uplynulý čas: 18 min, 48 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 2
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\neurowise, Do karantény, [4cf96cad9befd95da9d8f0ad689b7f81],
PUP.Optional.Neurowise.A, HKU\S-1-5-21-2558304656-977428142-2664732755-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\neurowise, Do karantény, [f55032e7fa901b1ba7dbbce1847fe51b],

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 0
(Žádné zákerné zjištěny položek)

Soubory: 1
PUP.Optional.Spigot.A, C:\Windows\Installer\7adea.msi, Do karantény, [da6ba970840692a45ca44889649d56aa],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

[Varg]

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : Věrka [Práva správce]
Mód : Prohledat -- Datum : 02/01/2015 11:43:41

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Nalezeno
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Partner Service ("C:\ProgramData\Partner\partner.exe") -> Nalezeno
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Partner Service ("C:\ProgramData\Partner\partner.exe") -> Nalezeno
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2558304656-977428142-2664732755-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 83.240.0.135 192.168.0.1 [CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 83.240.0.135 192.168.0.1 [CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2869027B-6A8B-4F4C-899E-9AD8D91D43CD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8328AEB3-E71B-4F0F-9467-D322D1EA4AE6} | DhcpNameServer : 83.240.0.135 192.168.0.1 [CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2869027B-6A8B-4F4C-899E-9AD8D91D43CD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8328AEB3-E71B-4F0F-9467-D322D1EA4AE6} | DhcpNameServer : 83.240.0.135 192.168.0.1 [CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2869027B-6A8B-4F4C-899E-9AD8D91D43CD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2869027B-6A8B-4F4C-899E-9AD8D91D43CD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] edwlftif.default : user_pref("browser.startup.homepage", "http://search.yahoo.com/?fr=hp-ddc-bd&type=203_pr__alt__ddc_dsssyc_bd_com"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 8bbdac6c573430b43eab71df59da0c54
[BSP] 9158d946663d7869c57f0247eb17c330 : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10244 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20981760 | Size: 142381 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

[Orcus]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

[Varg]

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : Věrka [Práva správce]
Mód : Smazat -- Datum : 02/01/2015 12:43:00

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD -> Smazáno
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Partner Service -> Smazáno
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Partner Service -> Smazáno
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2558304656-977428142-2664732755-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 83.240.0.135 192.168.0.1 [CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 83.240.0.135 192.168.0.1 [CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2869027B-6A8B-4F4C-899E-9AD8D91D43CD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8328AEB3-E71B-4F0F-9467-D322D1EA4AE6} | DhcpNameServer : 83.240.0.135 192.168.0.1 [CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2869027B-6A8B-4F4C-899E-9AD8D91D43CD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8328AEB3-E71B-4F0F-9467-D322D1EA4AE6} | DhcpNameServer : 83.240.0.135 192.168.0.1 [CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2869027B-6A8B-4F4C-899E-9AD8D91D43CD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2869027B-6A8B-4F4C-899E-9AD8D91D43CD} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] edwlftif.default : user_pref("browser.startup.homepage", "http://search.yahoo.com/?fr=hp-ddc-bd&type=203_pr__alt__ddc_dsssyc_bd_com"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 8bbdac6c573430b43eab71df59da0c54
[BSP] 9158d946663d7869c57f0247eb17c330 : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10244 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20981760 | Size: 142381 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 8bbdac6c573430b43eab71df59da0c54
[BSP] 9158d946663d7869c57f0247eb17c330 : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10244 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20981760 | Size: 142381 MB [Error reading VBR! ([3e6] Nep?ípustný p?ístup k pam??ovému místu. )]


============================================
RKreport_SCN_02012015_114340.log - RKreport_SCN_02012015_124021.log

[Varg]

Trochu problém.

Po dojetí Zoek se mně systém restartoval a začal mi padat s hlavní obrazovky do neustálého restartu.
Musel jsem spustit v nouzovém režimu.

[Varg]

v nouzovém se nedokážu připojit ani na net :(
okopíroval jsem log na flešku a tady je:

Zoek.exe v5.0.0.0 Updated 27-01-2015
Tool run by Věrka on ne 01.02.2015 at 12:46:38,94.
Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Věrka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1.2.2015 12:47:43 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Common Files\SWF Studio deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2558304656-977428142-2664732755-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D5D47440-0750-463D-BAEF-A47D02414806} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2558304656-977428142-2664732755-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D5D47440-0750-463D-BAEF-A47D02414806} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D5D47440-0750-463D-BAEF-A47D02414806} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\z30zphja.default\prefs.js:

Added to C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\z30zphja.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\VRKA~1\AppData\Roaming\Mozilla\Firefox\Profiles\edwlftif.default\prefs.js:
user_pref("browser.startup.homepage", "about:home"about:home);
user_pref("browser.search.defaulturl", "http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&");
user_pref("browser.newtab.url", "http://search.yahoo.com/?fr=hp-ddc-bd-tab&type=203_pr__alt__ddc_dsssyctab_bd_com");
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.selectedEngine", "Yahoo! Search");
user_pref("browser.search.order.1", "Seznam");
user_pref("keyword.URL", "http://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=203_pr__alt__ddc_dss_bd_com&p=");

Added to C:\Users\VRKA~1\AppData\Roaming\Mozilla\Firefox\Profiles\edwlftif.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\z30zphja.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_01.02.2015_1308_.backup

ProfilePath: C:\Users\VRKA~1\AppData\Roaming\Mozilla\Firefox\Profiles\edwlftif.default

user.js not found
---- Lines neurowise removed from prefs.js ----
user_pref("extensions.neurowise.asul", "1420735369919");
user_pref("extensions.neurowise.aul", "1420743461699");
user_pref("extensions.neurowise.irl", true);
user_pref("extensions.neurowise.is", "cbslug10");
user_pref("extensions.neurowise.ug", "84e64bf3-07a2-48de-ae62-0f65970573fe");
---- Lines mybrowserbar modified from prefs.js ----

user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,Cetrumcz@igeared:1.203.023.002,wtxpcom@mybrowserbar.com:5.7,{CAFEEF
---- FireFox user.js and prefs.js backups ----

prefs_01.02.2015_1308_.backup

==== Deleting Files \ Folders ======================

C:\Program Files\GUT2405.tmp deleted
C:\Program Files\GUM2404.tmp deleted
C:\Program Files\GUMC58F.tmp deleted
C:\found.000 deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\z30zphja.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\VRKA~1\AppData\Roaming\Mozilla\Firefox\Profiles\edwlftif.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [29.01.2015 18:00]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\z30zphja.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

ProfilePath: C:\Users\VRKA~1\AppData\Roaming\Mozilla\Firefox\Profiles\edwlftif.default
- Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
- Undetermined - wrc@avast.com
- neurowise 1.0.1 - %ProfilePath%\extensions\{1ce533a3-3eec-4e9b-b70a-1ec73376f8c9}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==== Firefox Plugins ======================

Profilepath: C:\Users\Věrka\AppData\Roaming\Mozilla\Firefox\Profiles\edwlftif.default
0FC325593893749364EC4A733E7D9100 - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll - Shockwave Flash
D2377C9458EFEB094E38B8C874AA214C - C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
486DCD78DFB28733BFDD4D4EFEA2FD50 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U65
EE23F610D9353B9217FFEC4B73A27EF5 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.650.20
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
6DE7BF0DADC0881F7ED82D9FCC998B89 - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat


==== Chromium Look ======================

Google Chrome Version: 40.0.2214.93 (Up to date, latest Stable version: 40.0.2214.93)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[18.12.2014 19:57]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[09.10.2013 09:59]

AdBlock - Věrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Skype Click to Call - Věrka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search/?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{6475FFC6-C8CB-4E5E-9B1D-008DDEAA5C43} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_csCZ362"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rlz=1I7ACEW_csCZ362&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=tsnrS1aLKFeOeWeQCMudnCoUFGc?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Věrka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Věrka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Věrka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Věrka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=73 folders=5 134014080 bytes)

==== Empty Temp Folders ======================

C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Věrka\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\VRKA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Věrka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on ne 01.02.2015 at 13:18:06,10 ======================

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.