pomaly notebook

[Márty84]

Smarja, co tam kdo provadel, ze je tam toho tolik



Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.




Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-1793778196-2422288631-436692435-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-1793778196-2422288631-436692435-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1793778196-2422288631-436692435-1001 -> {E65BE81D-7014-49A3-8CA3-F1A019F31B10} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Toolbar: HKU\S-1-5-21-1793778196-2422288631-436692435-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

R2 wntrauwxatiowneoadup; C:\Users\Jobran\AppData\Local\Konkstrip.exe [53760 2015-08-18] () [File not signed]
S1 koxprmbx; \??\C:\WINDOWS\system32\drivers\koxprmbx.sys [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-24 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-24 144200]

C:\Users\Jobran\AppData\Local\Konkstrip.exe
C:\WINDOWS\system32\drivers\koxprmbx.sys
C:\Users\Jobran\AppData\Local\Temp\beeadajhed.exe
C:\Users\Jobran\AppData\Local\Temp\BFC7D711863219B6B8302E8FC90132FC.exe
C:\Users\Jobran\AppData\Local\Temp\ED7D47D63FAF5544C30F39802A90BCEB.exe
C:\Users\Jobran\AppData\Local\Temp\Quarantine.exe
c:\programdata\{792e2b74-ca2a-2e07-792e-e2b74ca2add3}\1668959511713299299b.exe

2015-08-24 12:36 - 2015-08-24 12:36 - 04436968 _____ (TeamViewer) C:\Users\Jobran\Desktop\a.exe
2015-08-24 12:13 - 2015-08-24 12:13 - 03720539 _____ (Bycatch) C:\Program Files\Common Files\w3io3424.exe
2015-08-24 10:17 - 2015-08-24 12:30 - 00000000 ____D C:\Program Files\Common Files\bgeb2xav
2015-08-24 10:17 - 2015-08-24 10:17 - 00003156 _____ C:\WINDOWS\System32\Tasks\1yhymgkb
2015-08-22 20:40 - 2015-08-22 20:40 - 03702878 _____ (E-Tech) C:\Program Files\Common Files\vbm2dojj.exe
2015-08-22 20:22 - 2015-08-24 10:05 - 00000000 ____D C:\Program Files\Common Files\0dmrfbna
2015-08-22 20:22 - 2015-08-22 20:22 - 00003156 _____ C:\WINDOWS\System32\Tasks\glxzbqcy
2015-08-18 22:15 - 2015-08-24 10:05 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-18 22:15 - 2015-08-18 22:15 - 00000000 ____D C:\Users\Jobran\AppData\Local\globalUpdate

Task: C:\WINDOWS\Tasks\DragonWire.job => c:\programdata\{792e2b74-ca2a-2e07-792e-e2b74ca2add3}\1668959511713299299b.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5C90088D-0AAA-4AC1-B6E7-4CAE8E63CCD2} - \snp -> No File <==== ATTENTION
Task: {F179049B-30CD-4212-AF46-C933200143EF} - System32\Tasks\DragonWire => c:\programdata\{792e2b74-ca2a-2e07-792e-e2b74ca2add3}\1668959511713299299b.exe <==== ATTENTION

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jobran\Desktop" je 6614 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku

[asasina]

Je to pocitac sestrenice, 13 let, tak se nedivte . Deti toho dokazou hodne .

Velikost plochy jsem zmensil

# AdwCleaner v5.003 - Logfile created 24/08/2015 at 15:43:06
# Updated 20/08/2015 by Xplode
# Database : 2015-08-23.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Jobran - SARAPC
# Running from : C:\Users\Jobran\AppData\Local\Microsoft\Windows\INetCache\IE\IP74QTK9\adwcleaner_5.003.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\igfx32
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\CutterInit
[-] Folder Deleted : C:\Program Files (x86)\DDigiSaver
[-] Folder Deleted : C:\Program Files (x86)\FromDocToPDF
[-] Folder Deleted : C:\ProgramData\7821e09c00001600
[-] Folder Deleted : C:\ProgramData\a91e4cf800005778
[-] Folder Deleted : C:\Users\Jobran\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Jobran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Liveistream

***** [ Files ] *****

[-] File Deleted : C:\Users\Jobran\Desktop\Linkury Updater .lnk

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\16b57d33-7b30-536e-d91e-16a9fcf4736b
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\simplytech
[-] Key Deleted : HKCU\Software\Linkey
[-] Key Deleted : HKCU\Software\Kromtech
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\SpeedBit
[-] Key Deleted : HKLM\SOFTWARE\AIM Toolbar
[-] Key Deleted : HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\simplytech
[!] Key Not Deleted : [x64] HKCU\Software\Linkey
[!] Key Not Deleted : [x64] HKCU\Software\Kromtech
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\downchecker

***** [ Web browsers ] *****

[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : tuvaro
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : hamachi.en.softonic.com
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : industriya
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://searchou.com/?id=eab867a8000000000000089e0114553c&affilt=5
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://searchou.com/?id=eab867a8000000000000089e0114553c&affilt=5","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=07 ... 9077289077

*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [6101 bytes] ##########

[asasina]

Fix result of Farbar Recovery Scan Tool (x64) Version:23-08-2015
Ran by Jobran (2015-08-24 15:47:06) Run:2
Running from C:\Users\Jobran\Desktop
Loaded Profiles: Jobran (Available Profiles: Jobran)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-1793778196-2422288631-436692435-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-1793778196-2422288631-436692435-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1793778196-2422288631-436692435-1001 -> {E65BE81D-7014-49A3-8CA3-F1A019F31B10} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Toolbar: HKU\S-1-5-21-1793778196-2422288631-436692435-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

R2 wntrauwxatiowneoadup; C:\Users\Jobran\AppData\Local\Konkstrip.exe [53760 2015-08-18] () [File not signed]
S1 koxprmbx; \??\C:\WINDOWS\system32\drivers\koxprmbx.sys [X]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-24 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-24 144200]

C:\Users\Jobran\AppData\Local\Konkstrip.exe
C:\WINDOWS\system32\drivers\koxprmbx.sys
C:\Users\Jobran\AppData\Local\Temp\beeadajhed.exe
C:\Users\Jobran\AppData\Local\Temp\BFC7D711863219B6B8302E8FC90132FC.exe
C:\Users\Jobran\AppData\Local\Temp\ED7D47D63FAF5544C30F39802A90BCEB.exe
C:\Users\Jobran\AppData\Local\Temp\Quarantine.exe
c:\programdata\{792e2b74-ca2a-2e07-792e-e2b74ca2add3}\1668959511713299299b.exe

2015-08-24 12:36 - 2015-08-24 12:36 - 04436968 _____ (TeamViewer) C:\Users\Jobran\Desktop\a.exe
2015-08-24 12:13 - 2015-08-24 12:13 - 03720539 _____ (Bycatch) C:\Program Files\Common Files\w3io3424.exe
2015-08-24 10:17 - 2015-08-24 12:30 - 00000000 ____D C:\Program Files\Common Files\bgeb2xav
2015-08-24 10:17 - 2015-08-24 10:17 - 00003156 _____ C:\WINDOWS\System32\Tasks\1yhymgkb
2015-08-22 20:40 - 2015-08-22 20:40 - 03702878 _____ (E-Tech) C:\Program Files\Common Files\vbm2dojj.exe
2015-08-22 20:22 - 2015-08-24 10:05 - 00000000 ____D C:\Program Files\Common Files\0dmrfbna
2015-08-22 20:22 - 2015-08-22 20:22 - 00003156 _____ C:\WINDOWS\System32\Tasks\glxzbqcy
2015-08-18 22:15 - 2015-08-24 10:05 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-18 22:15 - 2015-08-18 22:15 - 00000000 ____D C:\Users\Jobran\AppData\Local\globalUpdate

Task: C:\WINDOWS\Tasks\DragonWire.job => c:\programdata\{792e2b74-ca2a-2e07-792e-e2b74ca2add3}\1668959511713299299b.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5C90088D-0AAA-4AC1-B6E7-4CAE8E63CCD2} - \snp -> No File <==== ATTENTION
Task: {F179049B-30CD-4212-AF46-C933200143EF} - System32\Tasks\DragonWire => c:\programdata\{792e2b74-ca2a-2e07-792e-e2b74ca2add3}\1668959511713299299b.exe <==== ATTENTION

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-1793778196-2422288631-436692435-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
HKU\S-1-5-21-1793778196-2422288631-436692435-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => key removed successfully
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
"HKU\S-1-5-21-1793778196-2422288631-436692435-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E65BE81D-7014-49A3-8CA3-F1A019F31B10}" => key removed successfully
HKCR\CLSID\{E65BE81D-7014-49A3-8CA3-F1A019F31B10} => key not found.
HKU\S-1-5-21-1793778196-2422288631-436692435-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
wntrauwxatiowneoadup => Unable to stop service.
wntrauwxatiowneoadup => service removed successfully
koxprmbx => service removed successfully
AdobeARMservice => service removed successfully
gupdate => service removed successfully
SkypeUpdate => service removed successfully
gupdatem => service removed successfully
C:\Users\Jobran\AppData\Local\Konkstrip.exe => moved successfully
"C:\WINDOWS\system32\drivers\koxprmbx.sys" => File/Folder not found.
C:\Users\Jobran\AppData\Local\Temp\beeadajhed.exe => moved successfully
C:\Users\Jobran\AppData\Local\Temp\BFC7D711863219B6B8302E8FC90132FC.exe => moved successfully
C:\Users\Jobran\AppData\Local\Temp\ED7D47D63FAF5544C30F39802A90BCEB.exe => moved successfully
C:\Users\Jobran\AppData\Local\Temp\Quarantine.exe => moved successfully
"c:\programdata\{792e2b74-ca2a-2e07-792e-e2b74ca2add3}\1668959511713299299b.exe" => File/Folder not found.
C:\Users\Jobran\Desktop\a.exe => moved successfully
C:\Program Files\Common Files\w3io3424.exe => moved successfully
C:\Program Files\Common Files\bgeb2xav => moved successfully
C:\WINDOWS\System32\Tasks\1yhymgkb => moved successfully
C:\Program Files\Common Files\vbm2dojj.exe => moved successfully
C:\Program Files\Common Files\0dmrfbna => moved successfully
C:\WINDOWS\System32\Tasks\glxzbqcy => moved successfully
"C:\Program Files (x86)\globalUpdate" => File/Folder not found.
"C:\Users\Jobran\AppData\Local\globalUpdate" => File/Folder not found.
C:\WINDOWS\Tasks\DragonWire.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C90088D-0AAA-4AC1-B6E7-4CAE8E63CCD2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C90088D-0AAA-4AC1-B6E7-4CAE8E63CCD2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F179049B-30CD-4212-AF46-C933200143EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F179049B-30CD-4212-AF46-C933200143EF}" => key removed successfully
C:\WINDOWS\System32\Tasks\DragonWire => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DragonWire" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 477.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 15:48:42 ====

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada. Nastala nejaka zmena?

[asasina]

Nez se to vsechno udela.....jaky doporucite free antivir, aby toho tam priste nebylo TOLIK?

Dekuji

[Márty84]

Ja pouzivam uz radu let Avast free. Po prenastaveni stitu jsem zatim nemel zadny problem. Dalsi moznost je Bitdefender free, pripadne Avira. Ale nic neni 100%. Pokud se na netu uzivatel nechova slusne a s rozumem, neni otazka "jestli" si to zaviruje, ale jen "kdy"

[asasina]

Mam problem .

Z niceho nic (vazne) se me nastavila domovska stranka v chrome na > hxxp://search.safefinder.com/?st=sc&q=
Instaloval jsem pouze TotalCommander a Teamviewer a ted Avast....

[Márty84]

U instalace jakehokoliv programu je potreba poradne cist. Vetsinou se tam snazi neco vetrit a kdyz nedavate pozor, povolite to dobrovolne. Ve vetsine pripadu to jde odmitnout.

Pouzijte znovu ADWCleaner. Kdyz nepomuze, dejte vedet.

[asasina]

Provedl jsem cca 3x test s ADWCleaner a vzdy neco nasel a vzdy provedl clean a VZDY se to vratilo

# AdwCleaner v5.003 - Logfile created 25/08/2015 at 08:14:13
# Updated 20/08/2015 by Xplode
# Database : 2015-08-23.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Jobran - SARAPC
# Running from : C:\Users\Jobran\Downloads\adwcleaner_5.003.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[-] File Deleted : C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : tuvaro
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : delta-search.com
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : hamachi.en.softonic.com
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : industriya
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted :
[-] [C:\Users\Jobran\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://searchou.com/?id=eab867a8000000000000089e0114553c&affilt=5","hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=07 ... 9077289077

*************************

:: Proxy settings cleared
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2441 bytes] ##########

[asasina]

Provedl jsem test s MBAM a zde je vysledek:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 25. 8. 2015
Čas skenování: 8:23
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.25.02
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Jobran

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 432673
Uplynulý čas: 24 min, 18 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 2
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Saophase.exe, 2072, , [df2752bb612a9b9b6a7939e28083a45c]
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Apstrong.exe, 5084, , [5caa799422694de9c6feb96225de639d]

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 2
PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SAOPHASE, , [df2752bb612a9b9b6a7939e28083a45c],
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1793778196-2422288631-436692435-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [2fd7729b602b0135435d75abda29619f],

Hodnoty registru: 5
PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SAOPHASE|ImagePath, C:\ProgramData\Saophase\Saophase.exe, , [df2752bb612a9b9b6a7939e28083a45c]
PUP.Optional.Linkury.A, HKU\S-1-5-21-1793778196-2422288631-436692435-1001\ENVIRONMENT|SNF, C:\ProgramData\Saophases\snp.sc, , [45c1ec217a11e84e7469f0c3996bb34d]
PUP.Optional.Linkury.A, HKU\S-1-5-21-1793778196-2422288631-436692435-1001\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=CZ&userid=6fccd5a0-bde6-5f4c-081d-f1e8e07831a0&searchtype=sc&installDate=24., , [21e50a03612adf57c61811a29e66e719]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1793778196-2422288631-436692435-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [2fd7729b602b0135435d75abda29619f]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1793778196-2422288631-436692435-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlXI-OqSsm-dE6bMHWhpYzDmQo74mY-N0Pm7-d0Gq3KeccYW3MBLpzUOzspqp1Pwy8L7Nlog6g7YWZ7or0KQ3jDvJePpFYO62hB4Fy5K57oI-CmDZ04qk1_QNh59gZ8wzREWmettllpXUKR5mhg,&q={searchTerms}, , [9c6a52bb810a3afce7a7edc6e71d827e]

Data registru: 4
PUP.Optional.Linkury.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Saophase\StanAntech.dll, Dobré: (), Špatné: (C:\ProgramData\Saophase\StanAntech.dll),,[5caa799422694de9c6feb96225de639d]
PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Saophase\Vilain.dll, Dobré: (), Špatné: (C:\ProgramData\Saophase\Vilain.dll),,[5caa799422694de9c6feb96225de639d]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1793778196-2422288631-436692435-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlXI-OqSsm-dE6bMHWhpYzDmQo74mY-N0Pm7-d0Gq3KeccYW3MBLpzUOzspqp1Pwy8L7Nlog6g7YWZ7or0KQ3jDvJePpFYO62hB4Fy5K57oI-CmDZ04qk1_QNh59gZ8wzREWmettllpXUKR5mhg,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlXI-OqSsm-dE6bMHWhpYzDmQo74mY-N0Pm7-d0Gq3KeccYW3MBLpzUOzspqp1Pwy8L7Nlog6g7YWZ7or0KQ3jDvJePpFYO62hB4Fy5K57oI-CmDZ04qk1_QNh59gZ8wzREWmettllpXUKR5mhg,&q={searchTerms}),,[e81e719c820968ce7ddd411a050049b7]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-1793778196-2422288631-436692435-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlXI-OqSsm-dE6bMHWhpYzDmQo74mY-N0Pm7-d0Gq3KeccYW3MBLpzUOzspqp1Pwy8L7Nlog6g7YWZ7or0KQ3jDvJePpFYO62hB4Fy5K57oI-CmDZ04qk1_QNh59gZ8wzREWmettllpXUKR5mhg,&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVqASLW90uzABlXI-OqSsm-dE6bMHWhpYzDmQo74mY-N0Pm7-d0Gq3KeccYW3MBLpzUOzspqp1Pwy8L7Nlog6g7YWZ7or0KQ3jDvJePpFYO62hB4Fy5K57oI-CmDZ04qk1_QNh59gZ8wzREWmettllpXUKR5mhg,&q={searchTerms}),,[a462a16c82092a0c1745ff5c6c99df21]

Složky: 3
PUP.Optional.Linkury.A, C:\ProgramData\Saophase, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\ondemand, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophases, , [5fa7c9441f6cb680b80ddd3e6f94e41c],

Soubory: 29
PUP.Optional.Linkury, C:\Windows\Temp\tmp49F0.tmp, , [bc4a8d8037541d195d635a78f20fc13f],
PUP.Optional.Linkury.Gen.A, C:\Windows\SysWOW64\findit.xml, , [aa5c0ffe6526e155e2b9b26b4ab9758b],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Saophase.exe, , [df2752bb612a9b9b6a7939e28083a45c],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Saophase.dll, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Alphajob.dll, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Apstrong.exe, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Apstrong.exe.config, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\conf.config, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Config.xml, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Greendubair.dll, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\GrooveSoft.dll, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Index.exe, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Index.exe.config, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\K-stock.dll, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\K-tone.dll, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Ope-Tax.dll, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\PrxCfg.xml, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Saophase.exe.config, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\StanAntech.dll, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Stanjob.exe, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Stanjob.exe.config, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Stanremflex.exe, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Stanremflex.exe.config, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\TouchHome.dll, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\uninstall.exe, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophase\Vilain.dll, , [5caa799422694de9c6feb96225de639d],
PUP.Optional.Linkury.A, C:\ProgramData\Saophases\ff.HP, , [5fa7c9441f6cb680b80ddd3e6f94e41c],
PUP.Optional.Linkury.A, C:\ProgramData\Saophases\ff.NT, , [5fa7c9441f6cb680b80ddd3e6f94e41c],
PUP.Optional.Linkury.A, C:\ProgramData\Saophases\snp.sc, , [5fa7c9441f6cb680b80ddd3e6f94e41c],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

Tohle uz tam taky bylo a bylo to odstranene. Otazka je, jestli se to tam znova natahalo, nebo se to vratilo ze zalohy....


Postupujte presne v tomto poradi.
1) MBAM nezavirejte, jen minimalizujte.
2) Vymazte/Vypnete vytvareni bodu obnovy http://forum.viry.cz/viewtopic.php?f=46&t=47040 , ale nerestartujte pc.
3) Ted nechte nalezy MBAM odstranit a restartujte pc.
4) Zopakujte test s MBAM a napiste jeho vysledek a podle toho zvolim dalsi postup.

Pokud bude cisto, zapnete zase funkci vytvareni bodu obnovy, at pak na to nezapomenem.

[asasina]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 25. 8. 2015
Čas skenování: 9:07
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.25.02
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Jobran

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 432516
Uplynulý čas: 19 min, 12 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[Márty84]

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Postupujte podle navodu kolegy

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[asasina]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 8.1 x64
Ran by Jobran on Łt 25. 08. 2015 at 10:03:22,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Any Angle
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util Any Angle



~~~ Files

Successfully deleted: [File] C:\Users\Jobran\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\Jobran\AppData\Roaming\appdataFr3.bin



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\google



~~~ Chrome


[C:\Users\Jobran\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Jobran\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Jobran\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Jobran\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 25. 08. 2015 at 10:06:23,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Márty84]

Fajn, jeste ZOEK