Spomaleny, sekajuci, blbnuci,zasypany reklamami

[To3@s]

Zdravím,
obraciam sa k Vám o prosbu uzdravenia PC. Antivír nič nehlási.
Logy zo všetkých 3 programov v prílohe.
Ďakujem.

[altrok]

Zdravim


Odinstalujte Yet Another Cleaner. Zvysenou opatrnost doporucuji pri pouzivani TuneUp Utilities 2014.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[To3@s]

čiastočne to pomohlo, reklamy mi tu ešte ostaly

# AdwCleaner v4.207 - Log vytvorený 29/06/2015 at 22:42:05
# Aktualizované 21/06/2015 by Xplode
# Databáza : 2015-06-29.1 [Server]
# Operačný systém : Windows 8.1 Pro (x64)
# Uživateľské meno : IMPs - CASYOPEA
# Spustené z : C:\Users\IMPs\Desktop\adwcleaner_4.207.exe
# Nastavenia : Skenovať

***** [ Služby ] *****

Služba Nájdené : winzipersvc
Služba Nájdené : {fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw64

***** [ Súbory / Priečinky ] *****

Priečinok Nájdené : C:\Program Files (x86)\WinZipper
Priečinok Nájdené : C:\ProgramData\epicscale
Priečinok Nájdené : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Priečinok Nájdené : C:\Users\IMPs\AppData\Roaming\mystartsearch
Priečinok Nájdené : C:\Users\IMPs\AppData\Roaming\WinZipper
Súbor Nájdené : C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_manaflask.com_0.localstorage
Súbor Nájdené : C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_manaflask.com_0.localstorage-journal
Súbor Nájdené : C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage
Súbor Nájdené : C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal
Súbor Nájdené : C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.v9.com_0.localstorage
Súbor Nájdené : C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.v9.com_0.localstorage-journal
Súbor Nájdené : C:\Users\IMPs\AppData\Roaming\Microsoft\Windows\Start Menu\EPIC_SCALE.lnk
Súbor Nájdené : C:\Windows\System32\drivers\{fc8decf5-c269-4b18-87f1-c395dfcbd88f}Gw64.sys
Súbor Nájdené : C:\Windows\System32\log\iSafeKrnlCall.log

***** [ Naplánované úlohy ] *****

Úloha Nájdené : update-sys
Úloha Nájdené : update-S-1-5-21-632114120-3898815288-2674959074-1001
Úloha Nájdené : update-sys
Úloha Nájdené : update-S-1-5-21-632114120-3898815288-2674959074-1001
Úloha Nájdené : update-sys

***** [ Zástupcovia ] *****


***** [ Registre ] *****

Hodnota Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [EpicScale]
Kľúč registra Nájdené : HKCU\Software\EpicScale
Kľúč registra Nájdené : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Kľúč registra Nájdené : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
Kľúč registra Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\EpicScaleApp
Kľúč registra Nájdené : HKCU\Software\V9
Kľúč registra Nájdené : [x64] HKCU\Software\EpicScale
Kľúč registra Nájdené : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Kľúč registra Nájdené : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
Kľúč registra Nájdené : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428A-92C9-0CFC28B9D1BF}
Kľúč registra Nájdené : [x64] HKCU\Software\V9
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.001
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.7z
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.arj
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.bz2
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.bzip2
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.cab
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.cpio
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.deb
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.dmg
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.fat
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.gz
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.gzip
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.hfs
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.iso
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.lha
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.lzh
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.lzma
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.ntfs
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.rar
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.rpm
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.squashfs
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.swm
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.tar
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.taz
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.tbz
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.tbz2
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.tgz
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.tpz
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.txz
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.vhd
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.wim
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.xar
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.xz
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.z
Kľúč registra Nájdené : HKLM\SOFTWARE\Classes\WinZipper.zip
Kľúč registra Nájdené : HKLM\SOFTWARE\delta-homesSoftware
Kľúč registra Nájdené : HKLM\SOFTWARE\hdcode
Kľúč registra Nájdené : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
Kľúč registra Nájdené : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Kľúč registra Nájdené : HKLM\SOFTWARE\mystartsearchSoftware
Kľúč registra Nájdené : HKLM\SOFTWARE\V9
Kľúč registra Nájdené : HKLM\SOFTWARE\winzipersvc
Kľúč registra Nájdené : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Kľúč registra Nájdené : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

***** [ Webové prehliadače ] *****

-\\ Internet Explorer v11.0.9600.16384

Nastavenie Nájdené : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=dspp&ts ... earchTerms}
Nastavenie Nájdené : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=dspp&ts ... earchTerms}
Nastavenie Nájdené : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.v9.com?type=hp&ts=1433832563&from=m ... 4c2o8wbq5w
Nastavenie Nájdené : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.v9.com?type=hp&ts=1433832563&from=m ... 4c2o8wbq5w
Nastavenie Nájdené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.v9.com?type=hp&ts=1433832563&from=m ... 4c2o8wbq5w
Nastavenie Nájdené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.v9.com?type=hp&ts=1433832563&from=m ... 4c2o8wbq5w
Nastavenie Nájdené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
Nastavenie Nájdené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.v9.com?type=hp&ts=1433832563&from=m ... 4c2o8wbq5w
Nastavenie Nájdené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.v9.com?type=hp&ts=1433832563&from=m ... 4c2o8wbq5w
Nastavenie Nájdené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}

-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.130

[C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nájdené [Search Provider] : hxxp://www.v9.com/web?type=ds&ts=1435213170&fr ... earchTerms}

*************************

AdwCleaner[R0].txt - [10466 bajtov] - [29/06/2015 22:42:05]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10527 bajtov] ##########

[To3@s]

neviem sa zbaviť theadgateway.com pop-up

[altrok]

Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm

• spustte jako spravce
• do velkeho okna zkopirujte script uvedeny nize
• kliknete na Run script
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi

  Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;

[To3@s]

reklamy sú fuč


Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by IMPs on po 29.06.2015 at 23:20:07,90.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\IMPs\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

29.6.2015 23:21:19 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Samsung deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\IMPs\AppData\Local\Adobe deleted successfully
C:\Users\IMPs\AppData\Local\Downloaded Installations deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\IMPs\AppData\Roaming\Mozilla\Firefox\Profiles\3ukdpuz6.default-1428758307883\prefs.js:

Added to C:\Users\IMPs\AppData\Roaming\Mozilla\Firefox\Profiles\3ukdpuz6.default-1428758307883\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Samsung not found
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\Users\IMPs\AppData\Local\updater.log deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-632114120-3898815288-2674959074-1001 deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\ProgramData\mntemp" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\DXGIODScreenshot.dll" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\Lightshot.dll" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\Lightshot.exe" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1\uploader.dll" deleted
"C:\PROGRA~2\Skillbrains" deleted
"C:\PROGRA~2\Skillbrains\lightshot" deleted
"C:\PROGRA~2\Skillbrains\lightshot\5.2.1.1" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\IMPs\AppData\Roaming\Mozilla\Firefox\Profiles\3ukdpuz6.default-1428758307883
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27.01.2015 09:16]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\IMPs\AppData\Roaming\Mozilla\Firefox\Profiles\3ukdpuz6.default-1428758307883
F0F5F4BF2305E593E438C76DA61C8A9F - C:\Users\IMPs\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player


==== Chromium Look ======================

Google Chrome Version: 43.0.2357.130

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[07.01.2015 11:53]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07.01.2015 11:53]

Tampermonkey - IMPs\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo
polar chub - IMPs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbeilmnbemacgadccooidefiheddoddi
Avast Online Security - IMPs\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
SourceApp - IMPs\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimjomhcoopoinoofciddhpfcoeekjda

==== Chromium Startpages ======================

C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Preferences
ndings_set":true,"install_time":"13065091528555060","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\39.0.2171.95\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"z","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13074073602032296","lastpingday":"13080034811609379","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"cs","default_locale":"en","description":"Rychlý e-mail s možností vyhledávání a menším množstvím spamu.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/upda ... artup_urls":["https://www.google.sk/"]},"software_reporter":{"prompt_reason":0,"prompt_version":"3.21.0"}}


==== Chromium Fix ======================

C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searches3.globososo.com_0.localstorage deleted successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_searches3.globososo.com_0.localstorage-journal deleted successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage deleted successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.kingtopdeals.com_0.localstorage-journal deleted successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.best-deals-products.com_0.localstorage deleted successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.best-deals-products.com_0.localstorage-journal deleted successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimjomhcoopoinoofciddhpfcoeekjda deleted successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iimjomhcoopoinoofciddhpfcoeekjda_0.localstorage deleted successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_iimjomhcoopoinoofciddhpfcoeekjda_0.localstorage-journal deleted successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\iimjomhcoopoinoofciddhpfcoeekjda deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\IMPs\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\IMPs\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\IMPs\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\IMPs\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=88 folders=11 9096400 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\IMPs\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\IMPs\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ut 30.06.2015 at 0:30:38,27 ======================

[altrok]

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

[To3@s]

Hotov

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
  HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
  HKU\S-1-5-21-632114120-3898815288-2674959074-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
  HKU\S-1-5-21-632114120-3898815288-2674959074-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
  2015-06-30 00:37 - 2015-06-30 00:37 - 00016201 _____ C:\Users\IMPs\Desktop\FRST.txt
  2015-06-30 00:28 - 2015-06-29 23:19 - 00024064 _____ C:\Windows\zoek-delete.exe
  2015-06-29 23:21 - 2015-06-30 00:30 - 00018074 _____ C:\zoek-results.log
  2015-06-29 23:19 - 2015-06-30 00:25 - 00000000 ____D C:\zoek_backup
  2015-06-29 23:19 - 2015-06-29 23:19 - 01308672 _____ C:\Users\IMPs\Desktop\zoek.exe
  2015-06-29 22:42 - 2015-06-29 22:45 - 00000000 ____D C:\AdwCleaner
  2015-06-29 22:33 - 2015-06-29 22:33 - 02244096 _____ C:\Users\IMPs\Desktop\adwcleaner_4.207.exe
  2015-06-29 21:33 - 2015-06-29 21:33 - 00112640 _____ (forum.viry.cz) C:\Users\IMPs\Desktop\FRSTLauncher.exe
  2015-06-29 21:27 - 2015-06-29 21:37 - 00000000 ____D C:\rsit
  2015-06-29 21:27 - 2015-06-29 21:27 - 00000000 ____D C:\Program Files\trend micro
  2015-06-29 21:21 - 2015-06-29 21:21 - 01222144 _____ C:\Users\IMPs\Desktop\RSITx64.exe
  2015-06-29 21:21 - 2015-06-29 21:21 - 00688992 ____R (Swearware) C:\Users\IMPs\Desktop\dds.exe
  2015-06-14 13:40 - 2015-06-30 00:35 - 00003756 _____ C:\Windows\System32\Tasks\AutoKMS
  
  Task: {8691FBE0-4588-43BB-B36C-B5C5EA315B52} - System32\Tasks\{4351763D-8BA0-41EF-8817-ABD64AC1FB2C} => pcalua.exe -a "D:\Downloads\World of Warcraft ICEWOW\Wow.exe" -d "D:\Downloads\World of Warcraft ICEWOW"
  Task: {C8189CE8-C959-4BD5-9CE2-847A4A9BABC0} - \avastBCLRestartS-1-5-21-632114120-3898815288-2674959074-1001 No Task File <==== ATTENTION
  Task: {FD5F74C8-A564-4B9E-AE04-A7BD22507BD5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-01-07] ()
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  End
  

[To3@s]

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by IMPs at 2015-06-30 00:50:15 Run:1
Running from C:\Users\IMPs\Desktop
Loaded Profiles: IMPs (Available Profiles: IMPs)
Boot Mode: Normal
==============================================

fixlist content:
*****************

*****************


==== End of Fixlog 00:50:15 ====

[altrok]

Pravdepodobne jste do fixlistu nevlozil obsah bileho pole. Text oznacte mysi, pravym mysitkem a zvolte kopirovat. Nasledne otevrete ponamkovy blok, klik pravym mysitkem a zvolte vlozit. Tento soubor ulozte na plochu jako fixlist.txt, pak spustte FRST a kliknete na Fix.

[To3@s]

áno, oprava

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by IMPs at 2015-06-30 00:52:50 Run:2
Running from C:\Users\IMPs\Desktop
Loaded Profiles: IMPs (Available Profiles: IMPs)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKU\S-1-5-21-632114120-3898815288-2674959074-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-632114120-3898815288-2674959074-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
2015-06-30 00:37 - 2015-06-30 00:37 - 00016201 _____ C:\Users\IMPs\Desktop\FRST.txt
2015-06-30 00:28 - 2015-06-29 23:19 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-06-29 23:21 - 2015-06-30 00:30 - 00018074 _____ C:\zoek-results.log
2015-06-29 23:19 - 2015-06-30 00:25 - 00000000 ____D C:\zoek_backup
2015-06-29 23:19 - 2015-06-29 23:19 - 01308672 _____ C:\Users\IMPs\Desktop\zoek.exe
2015-06-29 22:42 - 2015-06-29 22:45 - 00000000 ____D C:\AdwCleaner
2015-06-29 22:33 - 2015-06-29 22:33 - 02244096 _____ C:\Users\IMPs\Desktop\adwcleaner_4.207.exe
2015-06-29 21:33 - 2015-06-29 21:33 - 00112640 _____ (forum.viry.cz) C:\Users\IMPs\Desktop\FRSTLauncher.exe
2015-06-29 21:27 - 2015-06-29 21:37 - 00000000 ____D C:\rsit
2015-06-29 21:27 - 2015-06-29 21:27 - 00000000 ____D C:\Program Files\trend micro
2015-06-29 21:21 - 2015-06-29 21:21 - 01222144 _____ C:\Users\IMPs\Desktop\RSITx64.exe
2015-06-29 21:21 - 2015-06-29 21:21 - 00688992 ____R (Swearware) C:\Users\IMPs\Desktop\dds.exe
2015-06-14 13:40 - 2015-06-30 00:35 - 00003756 _____ C:\Windows\System32\Tasks\AutoKMS

Task: {8691FBE0-4588-43BB-B36C-B5C5EA315B52} - System32\Tasks\{4351763D-8BA0-41EF-8817-ABD64AC1FB2C} => pcalua.exe -a "D:\Downloads\World of Warcraft ICEWOW\Wow.exe" -d "D:\Downloads\World of Warcraft ICEWOW"
Task: {C8189CE8-C959-4BD5-9CE2-847A4A9BABC0} - \avastBCLRestartS-1-5-21-632114120-3898815288-2674959074-1001 No Task File <==== ATTENTION
Task: {FD5F74C8-A564-4B9E-AE04-A7BD22507BD5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-01-07] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-632114120-3898815288-2674959074-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
HKU\S-1-5-21-632114120-3898815288-2674959074-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"C:\Users\IMPs\Desktop\FRST.txt" => File/Folder not found.
C:\Windows\zoek-delete.exe => moved successfully.
C:\zoek-results.log => moved successfully.
C:\zoek_backup => moved successfully.
C:\Users\IMPs\Desktop\zoek.exe => moved successfully.
C:\AdwCleaner => moved successfully.
C:\Users\IMPs\Desktop\adwcleaner_4.207.exe => moved successfully.
C:\Users\IMPs\Desktop\FRSTLauncher.exe => moved successfully.
C:\rsit => moved successfully.
C:\Program Files\trend micro => moved successfully.
C:\Users\IMPs\Desktop\RSITx64.exe => moved successfully.
C:\Users\IMPs\Desktop\dds.exe => moved successfully.
C:\Windows\System32\Tasks\AutoKMS => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8691FBE0-4588-43BB-B36C-B5C5EA315B52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8691FBE0-4588-43BB-B36C-B5C5EA315B52}" => key removed successfully
C:\Windows\System32\Tasks\{4351763D-8BA0-41EF-8817-ABD64AC1FB2C} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4351763D-8BA0-41EF-8817-ABD64AC1FB2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C8189CE8-C959-4BD5-9CE2-847A4A9BABC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8189CE8-C959-4BD5-9CE2-847A4A9BABC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avastBCLRestartS-1-5-21-632114120-3898815288-2674959074-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FD5F74C8-A564-4B9E-AE04-A7BD22507BD5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD5F74C8-A564-4B9E-AE04-A7BD22507BD5}" => key removed successfully
C:\Windows\System32\Tasks\AutoKMS not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.


The system needed a reboot..

==== End of Fixlog 00:52:53 ====

[altrok]

Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[To3@s]

Moc krát ďakujem

[altrok]

Nemate zac, rad jsem pomohl


Mejte se krasne a treba zase nekdy