Re: default-search.net jako homepage
Napsal: 14 črc 2014 22:21
aha, jojo máte pravdu, a já si říkal že se to mělo restartovat a ono nic, ok tedy zde:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-07-2014 01
Ran by Radim at 2014-07-14 23:13:58 Run:1
Running from C:\Users\Radim\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2847674021-541428230-2807636112-1007\...\MountPoints2: {a2b76294-1c0d-11df-9c30-00241dd74c45} - D:\start.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - URL http://search.certified-toolbar.com?si= ... 04065E0&q={searchTerms}
SearchScopes: HKLM - SuggestionsURL_JSON http://api.widdit.com/suggestions/?form ... 1&command={searchTerms}
SearchScopes: HKLM - TopResultURLFallback http://search.certified-toolbar.com?si= ... 04065E0&q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
S2 Update DoughGo; "C:\Program Files\DoughGo\updateDoughGo.exe" [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files\iSafe\iSafeKrnlKit.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files\iSafe\iSafeKrnlR3.sys [X]
S1 {735c7dda-e3b7-44f2-8521-a39cc0d289b2}Gw; system32\drivers\{735c7dda-e3b7-44f2-8521-a39cc0d289b2}Gw.sys [X]
2014-07-13 23:26 - 2014-07-13 23:27 - 00010205 _____ () C:\Users\Radim\Desktop\FRST.txt
2014-07-13 23:15 - 2014-07-13 23:15 - 00000000 _____ () C:\Users\Radim\Desktop\FRSTLauncher_exe.fr27l6g.partial
2014-07-13 23:01 - 2014-07-13 23:01 - 00000000 _____ () C:\Users\Radim\Desktop\FRSTLauncher_exe.sz34zyg.partial
2014-07-13 22:58 - 2014-07-13 22:58 - 00000000 _____ () C:\Users\Radim\Desktop\FRSTLauncher.exe.ta63azi.partial
2014-07-13 22:20 - 2014-07-13 22:03 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-13 22:05 - 2014-07-13 22:21 - 00023685 _____ () C:\zoek-results.log
2014-07-13 22:03 - 2014-07-13 22:16 - 00000000 ____D () C:\zoek_backup
2014-07-13 22:02 - 2014-07-13 22:02 - 01285120 _____ () C:\Users\Radim\Desktop\zoek.exe
2014-07-13 21:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-13 21:43 - 2014-07-13 21:45 - 00000000 ____D () C:\AdwCleaner
2014-07-13 21:42 - 2014-07-13 21:42 - 01348263 _____ () C:\Users\Radim\Desktop\adwcleaner_3.215.exe
2014-07-13 21:41 - 2014-07-13 21:41 - 00066371 _____ () C:\Users\Radim\Desktop\JRT2.txt
2014-07-13 21:34 - 2014-07-13 21:34 - 00066371 _____ () C:\Users\Radim\Desktop\JRT.txt
2014-07-13 21:29 - 2014-07-13 21:29 - 00000000 ____D () C:\Windows\ERUNT
2014-07-13 21:27 - 2014-07-13 21:28 - 01016261 _____ (Thisisu) C:\Users\Radim\Desktop\JRT.exe
2014-07-13 20:13 - 2014-07-13 20:15 - 00000000 ____D () C:\rsit
2014-07-13 20:10 - 2014-07-13 22:20 - 00001750 _____ () C:\Windows\PFRO.log
2014-07-13 20:02 - 2014-07-13 20:03 - 01107968 _____ () C:\Users\Radim\Desktop\RSIT.exe
2014-07-13 20:01 - 2014-07-13 20:01 - 00461038 _____ () C:\Users\Radim\Desktop\RSIT.exe.4hoeo13.partial
2014-07-03 23:47 - 2014-07-03 23:48 - 04814144 _____ (Piriform Ltd) C:\Users\Radim\Downloads\ccsetup415pro (2).exe
2014-07-03 23:42 - 2014-07-03 23:43 - 04814144 _____ (Piriform Ltd) C:\Users\Radim\Downloads\ccsetup415pro (1).exe
2014-07-03 23:42 - 2014-07-03 23:42 - 04814144 _____ (Piriform Ltd) C:\Users\Radim\Downloads\ccsetup415pro.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Hosts:
Reboot:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
'HKU\S-1-5-21-2847674021-541428230-2807636112-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b76294-1c0d-11df-9c30-00241dd74c45}' => Key deleted successfully.
'HKCR\CLSID\{a2b76294-1c0d-11df-9c30-00241dd74c45}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.certified-toolbar.com?si= ... => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON http://api.widdit.com/suggestions/?form ... => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback http://search.certified-toolbar.com?si= ... => Value not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}' => Key deleted successfully.
'HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}' => Key deleted successfully.
'HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully.
'HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found.
Update DoughGo => Service not found.
esgiguard => Service deleted successfully.
gdrv => Service deleted successfully.
iSafeKrnlKit => Service deleted successfully.
iSafeKrnlR3 => Service deleted successfully.
{735c7dda-e3b7-44f2-8521-a39cc0d289b2}Gw => Service deleted successfully.
C:\Users\Radim\Desktop\FRST.txt => Moved successfully.
C:\Users\Radim\Desktop\FRSTLauncher_exe.fr27l6g.partial => Moved successfully.
C:\Users\Radim\Desktop\FRSTLauncher_exe.sz34zyg.partial => Moved successfully.
C:\Users\Radim\Desktop\FRSTLauncher.exe.ta63azi.partial => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Radim\Desktop\zoek.exe => Moved successfully.
C:\Windows\system32\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Radim\Desktop\adwcleaner_3.215.exe => Moved successfully.
C:\Users\Radim\Desktop\JRT2.txt => Moved successfully.
C:\Users\Radim\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Radim\Desktop\JRT.exe => Moved successfully.
C:\rsit => Moved successfully.
"C:\Windows\PFRO.log" => File/Directory not found.
C:\Users\Radim\Desktop\RSIT.exe => Moved successfully.
C:\Users\Radim\Desktop\RSIT.exe.4hoeo13.partial => Moved successfully.
C:\Users\Radim\Downloads\ccsetup415pro (2).exe => Moved successfully.
C:\Users\Radim\Downloads\ccsetup415pro (1).exe => Moved successfully.
C:\Users\Radim\Downloads\ccsetup415pro.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
The system needed a reboot.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-07-2014 01
Ran by Radim at 2014-07-14 23:13:58 Run:1
Running from C:\Users\Radim\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2847674021-541428230-2807636112-1007\...\MountPoints2: {a2b76294-1c0d-11df-9c30-00241dd74c45} - D:\start.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - URL http://search.certified-toolbar.com?si= ... 04065E0&q={searchTerms}
SearchScopes: HKLM - SuggestionsURL_JSON http://api.widdit.com/suggestions/?form ... 1&command={searchTerms}
SearchScopes: HKLM - TopResultURLFallback http://search.certified-toolbar.com?si= ... 04065E0&q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
S2 Update DoughGo; "C:\Program Files\DoughGo\updateDoughGo.exe" [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S1 iSafeKrnlKit; \??\C:\Program Files\iSafe\iSafeKrnlKit.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files\iSafe\iSafeKrnlR3.sys [X]
S1 {735c7dda-e3b7-44f2-8521-a39cc0d289b2}Gw; system32\drivers\{735c7dda-e3b7-44f2-8521-a39cc0d289b2}Gw.sys [X]
2014-07-13 23:26 - 2014-07-13 23:27 - 00010205 _____ () C:\Users\Radim\Desktop\FRST.txt
2014-07-13 23:15 - 2014-07-13 23:15 - 00000000 _____ () C:\Users\Radim\Desktop\FRSTLauncher_exe.fr27l6g.partial
2014-07-13 23:01 - 2014-07-13 23:01 - 00000000 _____ () C:\Users\Radim\Desktop\FRSTLauncher_exe.sz34zyg.partial
2014-07-13 22:58 - 2014-07-13 22:58 - 00000000 _____ () C:\Users\Radim\Desktop\FRSTLauncher.exe.ta63azi.partial
2014-07-13 22:20 - 2014-07-13 22:03 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-07-13 22:05 - 2014-07-13 22:21 - 00023685 _____ () C:\zoek-results.log
2014-07-13 22:03 - 2014-07-13 22:16 - 00000000 ____D () C:\zoek_backup
2014-07-13 22:02 - 2014-07-13 22:02 - 01285120 _____ () C:\Users\Radim\Desktop\zoek.exe
2014-07-13 21:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-13 21:43 - 2014-07-13 21:45 - 00000000 ____D () C:\AdwCleaner
2014-07-13 21:42 - 2014-07-13 21:42 - 01348263 _____ () C:\Users\Radim\Desktop\adwcleaner_3.215.exe
2014-07-13 21:41 - 2014-07-13 21:41 - 00066371 _____ () C:\Users\Radim\Desktop\JRT2.txt
2014-07-13 21:34 - 2014-07-13 21:34 - 00066371 _____ () C:\Users\Radim\Desktop\JRT.txt
2014-07-13 21:29 - 2014-07-13 21:29 - 00000000 ____D () C:\Windows\ERUNT
2014-07-13 21:27 - 2014-07-13 21:28 - 01016261 _____ (Thisisu) C:\Users\Radim\Desktop\JRT.exe
2014-07-13 20:13 - 2014-07-13 20:15 - 00000000 ____D () C:\rsit
2014-07-13 20:10 - 2014-07-13 22:20 - 00001750 _____ () C:\Windows\PFRO.log
2014-07-13 20:02 - 2014-07-13 20:03 - 01107968 _____ () C:\Users\Radim\Desktop\RSIT.exe
2014-07-13 20:01 - 2014-07-13 20:01 - 00461038 _____ () C:\Users\Radim\Desktop\RSIT.exe.4hoeo13.partial
2014-07-03 23:47 - 2014-07-03 23:48 - 04814144 _____ (Piriform Ltd) C:\Users\Radim\Downloads\ccsetup415pro (2).exe
2014-07-03 23:42 - 2014-07-03 23:43 - 04814144 _____ (Piriform Ltd) C:\Users\Radim\Downloads\ccsetup415pro (1).exe
2014-07-03 23:42 - 2014-07-03 23:42 - 04814144 _____ (Piriform Ltd) C:\Users\Radim\Downloads\ccsetup415pro.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Hosts:
Reboot:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => value deleted successfully.
'HKU\S-1-5-21-2847674021-541428230-2807636112-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2b76294-1c0d-11df-9c30-00241dd74c45}' => Key deleted successfully.
'HKCR\CLSID\{a2b76294-1c0d-11df-9c30-00241dd74c45}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.certified-toolbar.com?si= ... => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON http://api.widdit.com/suggestions/?form ... => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback http://search.certified-toolbar.com?si= ... => Value not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}' => Key deleted successfully.
'HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}' => Key deleted successfully.
'HKCR\CLSID\{0191A6B0-1154-4C22-9182-23A95BBE92D9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully.
'HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found.
Update DoughGo => Service not found.
esgiguard => Service deleted successfully.
gdrv => Service deleted successfully.
iSafeKrnlKit => Service deleted successfully.
iSafeKrnlR3 => Service deleted successfully.
{735c7dda-e3b7-44f2-8521-a39cc0d289b2}Gw => Service deleted successfully.
C:\Users\Radim\Desktop\FRST.txt => Moved successfully.
C:\Users\Radim\Desktop\FRSTLauncher_exe.fr27l6g.partial => Moved successfully.
C:\Users\Radim\Desktop\FRSTLauncher_exe.sz34zyg.partial => Moved successfully.
C:\Users\Radim\Desktop\FRSTLauncher.exe.ta63azi.partial => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Radim\Desktop\zoek.exe => Moved successfully.
C:\Windows\system32\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Radim\Desktop\adwcleaner_3.215.exe => Moved successfully.
C:\Users\Radim\Desktop\JRT2.txt => Moved successfully.
C:\Users\Radim\Desktop\JRT.txt => Moved successfully.
C:\Windows\ERUNT => Moved successfully.
C:\Users\Radim\Desktop\JRT.exe => Moved successfully.
C:\rsit => Moved successfully.
"C:\Windows\PFRO.log" => File/Directory not found.
C:\Users\Radim\Desktop\RSIT.exe => Moved successfully.
C:\Users\Radim\Desktop\RSIT.exe.4hoeo13.partial => Moved successfully.
C:\Users\Radim\Downloads\ccsetup415pro (2).exe => Moved successfully.
C:\Users\Radim\Downloads\ccsetup415pro (1).exe => Moved successfully.
C:\Users\Radim\Downloads\ccsetup415pro.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
The system needed a reboot.
==== End of Fixlog ====
( už po začátku našeho působení 
) Spuštění PC je normální. Největší problém je Internet, bez varování během zlomku vteřiny aplikace zavře natvrdo všechny okna prohlížeče! (exprorer) Tak 2x do hodiny určitě 
Naštěstí když se klikne že neočekávaná relace to zavřela, tak obnovit jde a člověk může pokračovat. (dřív to nebylo, na nějaké nové stránky nechodím). Nějak déle najíždění oblíbené položky. 
Jinak ale hlavně na první pohled už intenzivně nepracuje (chrochtání hdd + kontrolka) v době, když nemá resp se otevírá se obyčejná www stránka. V době default search pracoval fakt moooooc usilovně. V době našeho působení se mi zdá že jsem přišel o VLC player, ale byl freeware, tak to kdyžtak někde stáhnu. 
Stahnete Malwarebytes Anti-Rootkit 
log zde: