VIRY.CZ

Dobrý den,
mám problém s otravnými odkazy, které se samy spouštějí pokaždé po otevření nové stránky. Celkově je pc zasekaný. Prosím o kontrolu logu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Peta at 2014-08-21 17:53:29
Microsoft Windows 7 Professional
System drive C: has 27 GB (24%) free of 114 GB
Total RAM: 1015 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:53:46, on 21.8.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Windows\system32\taskeng.exe
C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe
C:\Program Files\Opera\20.0.1387.64_0\opera.exe
C:\Program Files\Opera\20.0.1387.64_0\opera_crashreporter.exe
C:\Program Files\Opera\20.0.1387.64_0\opera.exe
C:\Program Files\Opera\20.0.1387.64_0\opera.exe
C:\Program Files\Opera\20.0.1387.64_0\opera.exe
C:\Program Files\Opera\20.0.1387.64_0\opera.exe
C:\Program Files\Opera\20.0.1387.64_0\opera.exe
C:\Program Files\Opera\20.0.1387.64_0\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Peta\Downloads\RSIT.exe
C:\Program Files\trend micro\Peta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {be823b8c-a7ec-4078-a321-0f8046cbb48a} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll (file missing)
O2 - BHO: Toolbar BHO - {1fc509df-4b29-4ab3-96e6-47c178d60287} - C:\PROGRA~1\SAFEPC~2\bar\1.bin\89bar.dll (file missing)
O2 - BHO: Search Assistant BHO - {5d13bf91-ea09-4ed8-9acd-c6bad32617b9} - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll (file missing)
O2 - BHO: MediaWatchV1home383 - {841000d5-3d79-4f7a-91f1-e701f440dc7a} - C:\Program Files\MediaWatchV1\MediaWatchV1home383\ie\MediaWatchV1home383.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: SafePCRepair - {a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - C:\Program Files\SafePCRepair_89\bar\1.bin\89bar.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SafePCRepair EPM Support] "C:\PROGRA~1\SAFEPC~2\bar\1.bin\89medint.exe" T8EPMSUP.DLL,S
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [buenosearch] C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ioloToolService (ioloService) - Unknown owner - C:\Program Files\SafePCRepair\ioloToolService.exe (file missing)
O23 - Service: SafePCRepairService (SafePCRepair_89Service) - Unknown owner - C:\PROGRA~1\SAFEPC~2\bar\1.bin\89barsvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Util Kozaka - Unknown owner - C:\Program Files\Kozaka\bin\utilKozaka.exe (file missing)

--
End of file - 5172 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1fc509df-4b29-4ab3-96e6-47c178d60287}]
Toolbar BHO - C:\PROGRA~1\SAFEPC~2\bar\1.bin\89bar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d13bf91-ea09-4ed8-9acd-c6bad32617b9}]
Search Assistant BHO - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrcAs.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{841000d5-3d79-4f7a-91f1-e701f440dc7a}]
Media Watch - C:\Program Files\MediaWatchV1\MediaWatchV1home383\ie\MediaWatchV1home383.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} - SafePCRepair - C:\Program Files\SafePCRepair_89\bar\1.bin\89bar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800]
"SafePCRepair EPM Support"=C:\PROGRA~1\SAFEPC~2\bar\1.bin\89medint.exe T8EPMSUP.DLL,S []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""=C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe []
"buenosearch"=C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe [2014-06-29 543664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-08-21 17:53:30 ----D---- C:\Program Files\trend micro
2014-08-21 17:53:29 ----D---- C:\rsit
2014-07-28 20:40:58 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-28 20:40:12 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-07-28 20:40:12 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-07-28 20:40:12 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-07-28 20:40:12 ----A---- C:\Windows\system32\drivers\mbam.sys

======List of files/folders modified in the last 1 month======

2014-08-21 17:53:42 ----D---- C:\Windows\Prefetch
2014-08-21 17:53:34 ----D---- C:\Windows\Temp
2014-08-21 17:53:30 ----RD---- C:\Program Files
2014-08-16 11:24:22 ----D---- C:\Windows\system32\config
2014-08-16 11:02:30 ----SHD---- C:\System Volume Information
2014-08-15 17:48:19 ----SHD---- C:\Windows\Installer
2014-08-15 17:48:18 ----SHD---- C:\Config.Msi
2014-08-15 17:46:50 ----D---- C:\Windows\System32
2014-08-10 11:53:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-08-10 11:53:07 ----D---- C:\Windows\inf
2014-08-05 09:20:02 ----N---- C:\Windows\system32\MpSigStub.exe
2014-07-28 21:04:01 ----D---- C:\AdwCleaner
2014-07-28 20:55:53 ----D---- C:\Windows\Vss
2014-07-28 20:55:53 ----D---- C:\Windows\system32\drivers
2014-07-28 20:30:16 ----D---- C:\Windows\Tasks
2014-07-28 20:30:16 ----D---- C:\Windows\system32\Tasks
2014-07-28 20:22:25 ----A---- C:\Windows\win.ini
2014-07-28 20:21:19 ----RD---- C:\Program Files\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-07-23 309248]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-14 211456]
R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2010-02-25 15544]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-21 84248]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2013-06-21 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2013-06-21 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2013-06-21 153672]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2013-06-21 130248]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-06-21 181912]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SafePCRepair_89Service;SafePCRepairService; C:\PROGRA~1\SAFEPC~2\bar\1.bin\89barsvc.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-21 162408]
S2 Util Kozaka;Util Kozaka; C:\Program Files\Kozaka\bin\utilKozaka.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ioloService;ioloToolService; C:\Program Files\SafePCRepair\ioloToolService.exe []
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-20 1343400]

-----------------EOF-----------------

Zdravim

Tema jsem presunul do spravne sekce a schvalil - Vami zvolena sekce byla chybna a prispevek proto vyzadoval schvaleni

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Peta on ne 24.08.2014 at 14:55:50,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544134490}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544134490}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A2AC7F70-BF16-4FE7-BD80-7B98C518B74B}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 24.08.2014 at 15:01:01,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pokracujte AdwCleanerem

# AdwCleaner v3.308 - Report created 24/08/2014 at 15:17:14
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional (32 bits)
# Username : Peta - NTB-PETR
# Running from : C:\Users\Peta\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

Task Deleted : GoforFilesUpdate

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16483

*************************

AdwCleaner[R0].txt - [6242 octets] - [31/05/2014 18:08:52]
AdwCleaner[R1].txt - [1301 octets] - [31/05/2014 18:32:22]
AdwCleaner[R2].txt - [1361 octets] - [31/05/2014 18:32:55]
AdwCleaner[R3].txt - [13951 octets] - [28/07/2014 20:26:46]
AdwCleaner[R4].txt - [1124 octets] - [28/07/2014 21:02:35]
AdwCleaner[R5].txt - [1435 octets] - [24/08/2014 15:14:54]
AdwCleaner[S0].txt - [5280 octets] - [31/05/2014 18:09:40]
AdwCleaner[S1].txt - [1326 octets] - [31/05/2014 18:33:26]
AdwCleaner[S2].txt - [13788 octets] - [28/07/2014 20:29:45]
AdwCleaner[S3].txt - [1188 octets] - [28/07/2014 21:04:00]
AdwCleaner[S4].txt - [1362 octets] - [24/08/2014 15:17:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1422 octets] ##########

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Zoek.exe v5.0.0.0 Updated 24-08-2014
Tool run by Peta on ne 24.08.2014 at 15:47:22,28.
Microsoft Windows 7 Professional 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Peta\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

24.8.2014 16:02:43 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3428677505-2899867399-1349080762-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A81F6CD0-62E3-49D3-B50E-960984E8375D} deleted successfully
HKEY_USERS\S-1-5-21-3428677505-2899867399-1349080762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} deleted successfully
HKEY_USERS\S-1-5-21-3428677505-2899867399-1349080762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1fc509df-4b29-4ab3-96e6-47c178d60287} deleted successfully
HKEY_USERS\S-1-5-21-3428677505-2899867399-1349080762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d13bf91-ea09-4ed8-9acd-c6bad32617b9} deleted successfully
HKEY_USERS\S-1-5-21-3428677505-2899867399-1349080762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{841000d5-3d79-4f7a-91f1-e701f440dc7a} deleted successfully
HKEY_USERS\S-1-5-21-3428677505-2899867399-1349080762-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{841000d5-3d79-4f7a-91f1-e701f440dc7a} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{1fc509df-4b29-4ab3-96e6-47c178d60287} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1fc509df-4b29-4ab3-96e6-47c178d60287} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{5d13bf91-ea09-4ed8-9acd-c6bad32617b9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d13bf91-ea09-4ed8-9acd-c6bad32617b9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{841000d5-3d79-4f7a-91f1-e701f440dc7a} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{841000d5-3d79-4f7a-91f1-e701f440dc7a} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{be823b8c-a7ec-4078-a321-0f8046cbb48a} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3428677505-2899867399-1349080762-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{be823b8c-a7ec-4078-a321-0f8046cbb48a} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a9d9ea68-5d09-43ef-a0c5-6f6a6f82a0e1} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ext@MediaWatchV1home383.net deleted successfully

==== Deleting Services ======================

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command]
@="C:\\Program Files\\Opera\\Opera.exe"

==== Deleting Files \ Folders ======================

C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\search.sqlite deleted
C:\prefs.js deleted
C:\Users\Peta\Searches deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\Reimage.ini deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
"C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe" deleted
"C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2\chrmXtn.dll" deleted
"C:\Users\Peta\AppData\Local\buenosearch" not deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec" deleted
"C:\Users\Peta\AppData\Local\buenosearch\buenosearch" not deleted
"C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2" not deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bgkoagnjjnfadlmanpgcgpajjmaaaoob - C:\Program Files\MediaViewV1\MediaViewV1alpha948\ch\MediaViewV1alpha948.crx[]
cflheckfmhopnialghigdlggahiomebp - C:\Users\Peta\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx[]
cnkgiifopmafceliabenocgdkoacommp - C:\Program Files\MediaWatchV1\MediaWatchV1home383\ch\MediaWatchV1home383.crx[]
gaogdnidmnkmdcigamgnglbpidjjgaae - C:\Program Files\MediaViewV1\MediaViewV1alpha7578\ch\MediaViewV1alpha7578.crx[]
mmifolfpllfdhilecpdpmemhelmanajl - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx[]
nghmeegpbgbeafjefkhcoielfnmlnkal - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha64\ch\WebexpEnhancedV1alpha64.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cflheckfmhopnialghigdlggahiomebp - C:\Users\Peta\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{0AC74D92-86D9-4F13-8B38-CA037FB853B8} Slovník EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_16194"
{4B158398-8F3A-49B5-B9CE-C37540890336} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_16194"
{680686CE-D219-410D-9108-7F061F378E1E} Zboží.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194"
{6C4D2997-CB30-48A6-8ADB-EADB3E136B2D} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&so ... arch_16194"
{C2903D5B-6846-41AC-A03E-ADB5796E9B5A} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... arch_16194"
{D210DF83-23DD-4452-9D88-3C5B737585A3} Slovník CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_16194"
{D6730AE4-F78F-4438-8C32-97F848156EEE} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_16194"
{E73CFAAE-6FB2-4A94-A872-55ECCE140CBA} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_16194"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bgkoagnjjnfadlmanpgcgpajjmaaaoob deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cnkgiifopmafceliabenocgdkoacommp deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaogdnidmnkmdcigamgnglbpidjjgaae deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nghmeegpbgbeafjefkhcoielfnmlnkal deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp deleted successfully

==== Empty IE Cache ======================

C:\Users\Peta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Peta\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Peta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=11 1459162 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Peta\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Peta\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Peta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Users\Peta\AppData\Local\buenosearch" not found
"C:\Users\Peta\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CTYUPUKP\bbcdn-bbnaut.ibillboard.com" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on ne 24.08.2014 at 16:15:52,67 ======================

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 02
Ran by Peta (administrator) on NTB-PETR on 24-08-2014 17:35:53
Running from C:\Users\Peta\Desktop
Platform: Microsoft Windows 7 Professional (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64_0\opera.exe
() C:\Program Files\Opera\20.0.1387.64_0\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64_0\opera.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64_0\opera.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64_0\opera.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64_0\opera.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64_0\opera.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64_0\opera.exe
(Opera Software) C:\Program Files\Opera\20.0.1387.64_0\opera.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(forum.viry.cz) C:\Users\Peta\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SafePCRepair EPM Support] => "C:\PROGRA~1\SAFEPC~2\bar\1.bin\89medint.exe" T8EPMSUP.DLL,S
HKU\S-1-5-21-3428677505-2899867399-1349080762-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3428677505-2899867399-1349080762-1000\...\Run: [buenosearch] => C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0AC74D92-86D9-4F13-8B38-CA037FB853B8} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKCU - {4B158398-8F3A-49B5-B9CE-C37540890336} URL = http://www.mapy.cz/?query={searchTerms} ... arch_16194
SearchScopes: HKCU - {680686CE-D219-410D-9108-7F061F378E1E} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
SearchScopes: HKCU - {6C4D2997-CB30-48A6-8ADB-EADB3E136B2D} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
SearchScopes: HKCU - {C2903D5B-6846-41AC-A03E-ADB5796E9B5A} URL = http://encyklopedie.seznam.cz/search?q= ... arch_16194
SearchScopes: HKCU - {D210DF83-23DD-4452-9D88-3C5B737585A3} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
SearchScopes: HKCU - {D6730AE4-F78F-4438-8C32-97F848156EEE} URL = http://www.novinky.cz/hledej?w={searchT ... arch_16194
SearchScopes: HKCU - {E73CFAAE-6FB2-4A94-A872-55ECCE140CBA} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @SafePCRepair_89.com/Plugin -> C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [X]
S2 SafePCRepair_89Service; C:\PROGRA~1\SAFEPC~2\bar\1.bin\89barsvc.exe [X]
S2 Util Kozaka; "C:\Program Files\Kozaka\bin\utilKozaka.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [73728 2008-05-24] (EZB Systems, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 17:35 - 2014-08-24 17:36 - 00007860 _____ () C:\Users\Peta\Desktop\FRST.txt
2014-08-24 17:35 - 2014-08-24 17:35 - 00000000 ____D () C:\FRST
2014-08-24 17:34 - 2014-08-24 17:34 - 00112640 _____ (forum.viry.cz) C:\Users\Peta\Downloads\FRSTLauncher.exe
2014-08-24 17:34 - 2014-08-24 17:34 - 00112640 _____ (forum.viry.cz) C:\Users\Peta\Desktop\FRSTLauncher.exe
2014-08-24 17:33 - 2014-08-24 17:33 - 01095168 _____ (Farbar) C:\Users\Peta\Desktop\FRST.exe
2014-08-24 17:32 - 2014-08-24 17:33 - 01095168 _____ (Farbar) C:\Users\Peta\Downloads\FRST.exe
2014-08-24 16:14 - 2014-08-24 15:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-24 16:01 - 2014-08-24 16:15 - 00011876 _____ () C:\zoek-results.log
2014-08-24 15:46 - 2014-08-24 16:15 - 00000000 ____D () C:\zoek_backup
2014-08-24 15:46 - 2014-08-24 15:45 - 01288704 _____ () C:\Users\Peta\Desktop\zoek.exe
2014-08-24 15:44 - 2014-08-24 15:45 - 01288704 _____ () C:\Users\Peta\Downloads\zoek.exe
2014-08-24 15:13 - 2014-08-24 15:10 - 01364531 _____ () C:\Users\Peta\Desktop\adwcleaner_3.308.exe
2014-08-24 15:12 - 2014-08-24 15:12 - 00001001 _____ () C:\JRT.txt
2014-08-24 15:09 - 2014-08-24 15:10 - 01364531 _____ () C:\Users\Peta\Downloads\adwcleaner_3.308.exe
2014-08-24 15:01 - 2014-08-24 15:01 - 00001001 _____ () C:\Users\Peta\Desktop\JRT.txt
2014-08-24 14:54 - 2014-08-24 14:52 - 01016261 _____ (Thisisu) C:\Users\Peta\Desktop\JRT (2).exe
2014-08-24 14:52 - 2014-08-24 14:52 - 01016261 _____ (Thisisu) C:\Users\Peta\Downloads\JRT (2).exe
2014-08-21 17:53 - 2014-08-21 17:53 - 00000000 ____D () C:\rsit
2014-08-21 17:53 - 2014-08-21 17:53 - 00000000 ____D () C:\Program Files\trend micro
2014-08-21 17:52 - 2014-08-21 17:52 - 01107968 _____ () C:\Users\Peta\Downloads\RSIT (1).exe
2014-08-21 17:38 - 2014-08-21 17:38 - 01107968 _____ () C:\Users\Peta\Downloads\RSIT.exe
2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Users\Peta\AppData\Local\Adobe
2014-07-28 21:11 - 2014-07-28 21:11 - 01016261 _____ (Thisisu) C:\Users\Peta\Downloads\JRT (1).exe
2014-07-28 20:40 - 2014-07-28 20:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 20:40 - 2014-07-28 20:40 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-28 20:40 - 2014-07-28 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-28 20:40 - 2014-07-28 20:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-28 20:40 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-28 20:40 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-28 20:40 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-28 20:36 - 2014-07-28 20:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Peta\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-28 20:26 - 2014-07-28 20:26 - 01365525 _____ () C:\Users\Peta\Downloads\adwcleaner_3.301.exe
2014-07-28 20:24 - 2014-07-28 20:25 - 01266376 _____ (PCPerformer) C:\Users\Peta\Downloads\PCPerformerSetup.exe
2014-07-28 20:20 - 2014-07-28 20:20 - 00000000 _____ () C:\Users\Peta\AppData\Local\AtStart.txt
2014-07-28 20:17 - 2014-08-21 16:59 - 00000167 _____ () C:\Users\Peta\Desktop\Nový textový dokument.txt
2014-07-28 20:16 - 2014-07-28 20:16 - 00448512 _____ (OldTimer Tools) C:\Users\Peta\Downloads\TFC (2).exe
2014-07-28 20:16 - 2014-07-28 20:16 - 00448512 _____ (OldTimer Tools) C:\Users\Peta\Downloads\TFC (1).exe
2014-07-28 20:12 - 2014-07-28 20:12 - 00050688 _____ (Atribune.org) C:\Users\Peta\Downloads\ATF-Cleaner.exe
2014-07-28 20:12 - 2014-07-28 20:12 - 00050688 _____ (Atribune.org) C:\Users\Peta\Downloads\ATF-Cleaner (1).exe
2014-07-25 19:28 - 2014-07-25 19:30 - 04563950 _____ (Alexander Vigovsky ) C:\Users\Peta\Downloads\ac3filter_2_5b.exe
2014-07-25 15:46 - 2014-07-25 18:32 - 1545224192 _____ () C:\Users\Peta\Downloads\Jen.17.2013.CZ.dabing.avi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 17:36 - 2014-08-24 17:35 - 00007860 _____ () C:\Users\Peta\Desktop\FRST.txt
2014-08-24 17:35 - 2014-08-24 17:35 - 00000000 ____D () C:\FRST
2014-08-24 17:34 - 2014-08-24 17:34 - 00112640 _____ (forum.viry.cz) C:\Users\Peta\Downloads\FRSTLauncher.exe
2014-08-24 17:34 - 2014-08-24 17:34 - 00112640 _____ (forum.viry.cz) C:\Users\Peta\Desktop\FRSTLauncher.exe
2014-08-24 17:33 - 2014-08-24 17:33 - 01095168 _____ (Farbar) C:\Users\Peta\Desktop\FRST.exe
2014-08-24 17:33 - 2014-08-24 17:32 - 01095168 _____ (Farbar) C:\Users\Peta\Downloads\FRST.exe
2014-08-24 17:30 - 2013-05-17 07:24 - 01319638 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 16:15 - 2014-08-24 16:01 - 00011876 _____ () C:\zoek-results.log
2014-08-24 16:15 - 2014-08-24 15:46 - 00000000 ____D () C:\zoek_backup
2014-08-24 16:15 - 2013-05-24 18:31 - 00050250 _____ () C:\Windows\PFRO.log
2014-08-24 16:15 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 16:15 - 2009-07-14 06:39 - 00047175 _____ () C:\Windows\setupact.log
2014-08-24 16:13 - 2013-05-17 07:34 - 00000000 ____D () C:\Users\Peta
2014-08-24 15:46 - 2014-08-24 16:14 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-24 15:45 - 2014-08-24 15:46 - 01288704 _____ () C:\Users\Peta\Desktop\zoek.exe
2014-08-24 15:45 - 2014-08-24 15:44 - 01288704 _____ () C:\Users\Peta\Downloads\zoek.exe
2014-08-24 15:18 - 2009-07-14 06:34 - 00009824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-24 15:18 - 2009-07-14 06:34 - 00009824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-24 15:17 - 2014-05-31 18:08 - 00000000 ____D () C:\AdwCleaner
2014-08-24 15:12 - 2014-08-24 15:12 - 00001001 _____ () C:\JRT.txt
2014-08-24 15:10 - 2014-08-24 15:13 - 01364531 _____ () C:\Users\Peta\Desktop\adwcleaner_3.308.exe
2014-08-24 15:10 - 2014-08-24 15:09 - 01364531 _____ () C:\Users\Peta\Downloads\adwcleaner_3.308.exe
2014-08-24 15:01 - 2014-08-24 15:01 - 00001001 _____ () C:\Users\Peta\Desktop\JRT.txt
2014-08-24 14:52 - 2014-08-24 14:54 - 01016261 _____ (Thisisu) C:\Users\Peta\Desktop\JRT (2).exe
2014-08-24 14:52 - 2014-08-24 14:52 - 01016261 _____ (Thisisu) C:\Users\Peta\Downloads\JRT (2).exe
2014-08-21 17:53 - 2014-08-21 17:53 - 00000000 ____D () C:\rsit
2014-08-21 17:53 - 2014-08-21 17:53 - 00000000 ____D () C:\Program Files\trend micro
2014-08-21 17:52 - 2014-08-21 17:52 - 01107968 _____ () C:\Users\Peta\Downloads\RSIT (1).exe
2014-08-21 17:38 - 2014-08-21 17:38 - 01107968 _____ () C:\Users\Peta\Downloads\RSIT.exe
2014-08-21 16:59 - 2014-07-28 20:17 - 00000167 _____ () C:\Users\Peta\Desktop\Nový textový dokument.txt
2014-08-10 11:53 - 2013-05-17 17:08 - 01470062 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 20:27 - 2014-08-08 20:27 - 00000000 ____D () C:\Users\Peta\AppData\Local\Adobe
2014-08-05 09:20 - 2013-05-19 22:25 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-28 21:11 - 2014-07-28 21:11 - 01016261 _____ (Thisisu) C:\Users\Peta\Downloads\JRT (1).exe
2014-07-28 20:55 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Vss
2014-07-28 20:40 - 2014-07-28 20:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 20:40 - 2014-07-28 20:40 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-28 20:40 - 2014-07-28 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-28 20:40 - 2014-07-28 20:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-28 20:39 - 2014-07-28 20:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Peta\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-28 20:26 - 2014-07-28 20:26 - 01365525 _____ () C:\Users\Peta\Downloads\adwcleaner_3.301.exe
2014-07-28 20:25 - 2014-07-28 20:24 - 01266376 _____ (PCPerformer) C:\Users\Peta\Downloads\PCPerformerSetup.exe
2014-07-28 20:22 - 2009-07-14 04:04 - 00000603 _____ () C:\Windows\win.ini
2014-07-28 20:21 - 2013-07-23 16:06 - 00000000 ___RD () C:\Program Files\Skype
2014-07-28 20:20 - 2014-07-28 20:20 - 00000000 _____ () C:\Users\Peta\AppData\Local\AtStart.txt
2014-07-28 20:20 - 2013-07-29 21:56 - 00000000 _____ () C:\Users\Peta\AppData\Local\QSwitch.txt
2014-07-28 20:20 - 2013-07-29 21:56 - 00000000 _____ () C:\Users\Peta\AppData\Local\DSwitch.txt
2014-07-28 20:16 - 2014-07-28 20:16 - 00448512 _____ (OldTimer Tools) C:\Users\Peta\Downloads\TFC (2).exe
2014-07-28 20:16 - 2014-07-28 20:16 - 00448512 _____ (OldTimer Tools) C:\Users\Peta\Downloads\TFC (1).exe
2014-07-28 20:12 - 2014-07-28 20:12 - 00050688 _____ (Atribune.org) C:\Users\Peta\Downloads\ATF-Cleaner.exe
2014-07-28 20:12 - 2014-07-28 20:12 - 00050688 _____ (Atribune.org) C:\Users\Peta\Downloads\ATF-Cleaner (1).exe
2014-07-25 19:30 - 2014-07-25 19:28 - 04563950 _____ (Alexander Vigovsky ) C:\Users\Peta\Downloads\ac3filter_2_5b.exe
2014-07-25 18:32 - 2014-07-25 15:46 - 1545224192 _____ () C:\Users\Peta\Downloads\Jen.17.2013.CZ.dabing.avi

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-22 13:53

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:111.69 GB) (Free:25.7 GB) NTFS

Available physical RAM: 172.81 MB
Total physical RAM: 1015.3 MB
Percentage of memory in use: 82%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 1DC38563)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Peta\Desktop" je 5868 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [SafePCRepair EPM Support] => "C:\PROGRA~1\SAFEPC~2\bar\1.bin\89medint.exe" T8EPMSUP.DLL,S
HKU\S-1-5-21-3428677505-2899867399-1349080762-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3428677505-2899867399-1349080762-1000\...\Run: [buenosearch] => C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [X]
S2 SafePCRepair_89Service; C:\PROGRA~1\SAFEPC~2\bar\1.bin\89barsvc.exe [X]
S2 Util Kozaka; "C:\Program Files\Kozaka\bin\utilKozaka.exe" [X]

C:\Program Files\Skype\Toolbars
C:\Program Files\SafePCRepair
C:\Program Files\Kozaka
C:\PROGRA~1\SAFEPC~2
C:\Users\Peta\AppData\Local\buenosearch
2014-08-24 17:35 - 2014-08-24 17:36 - 00007860 _____ () C:\Users\Peta\Desktop\FRST.txt
2014-08-24 17:34 - 2014-08-24 17:34 - 00112640 _____ (forum.viry.cz) C:\Users\Peta\Downloads\FRSTLauncher.exe
2014-08-24 17:34 - 2014-08-24 17:34 - 00112640 _____ (forum.viry.cz) C:\Users\Peta\Desktop\FRSTLauncher.exe
2014-08-24 17:32 - 2014-08-24 17:33 - 01095168 _____ (Farbar) C:\Users\Peta\Downloads\FRST.exe
2014-08-24 16:14 - 2014-08-24 15:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-24 16:01 - 2014-08-24 16:15 - 00011876 _____ () C:\zoek-results.log
2014-08-24 15:46 - 2014-08-24 16:15 - 00000000 ____D () C:\zoek_backup
2014-08-24 15:46 - 2014-08-24 15:45 - 01288704 _____ () C:\Users\Peta\Desktop\zoek.exe
2014-08-24 15:44 - 2014-08-24 15:45 - 01288704 _____ () C:\Users\Peta\Downloads\zoek.exe
2014-08-24 15:13 - 2014-08-24 15:10 - 01364531 _____ () C:\Users\Peta\Desktop\adwcleaner_3.308.exe
2014-08-24 15:12 - 2014-08-24 15:12 - 00001001 _____ () C:\JRT.txt
2014-08-24 15:09 - 2014-08-24 15:10 - 01364531 _____ () C:\Users\Peta\Downloads\adwcleaner_3.308.exe
2014-08-24 15:01 - 2014-08-24 15:01 - 00001001 _____ () C:\Users\Peta\Desktop\JRT.txt
2014-08-24 14:54 - 2014-08-24 14:52 - 01016261 _____ (Thisisu) C:\Users\Peta\Desktop\JRT (2).exe
2014-08-24 14:52 - 2014-08-24 14:52 - 01016261 _____ (Thisisu) C:\Users\Peta\Downloads\JRT (2).exe
2014-08-21 17:53 - 2014-08-21 17:53 - 00000000 ____D () C:\rsit
2014-08-21 17:53 - 2014-08-21 17:53 - 00000000 ____D () C:\Program Files\trend micro
2014-08-21 17:52 - 2014-08-21 17:52 - 01107968 _____ () C:\Users\Peta\Downloads\RSIT (1).exe
2014-08-21 17:38 - 2014-08-21 17:38 - 01107968 _____ () C:\Users\Peta\Downloads\RSIT.exe
2014-07-28 21:11 - 2014-07-28 21:11 - 01016261 _____ (Thisisu) C:\Users\Peta\Downloads\JRT (1).exe
2014-07-28 20:26 - 2014-07-28 20:26 - 01365525 _____ () C:\Users\Peta\Downloads\adwcleaner_3.301.exe
2014-07-28 20:24 - 2014-07-28 20:25 - 01266376 _____ (PCPerformer) C:\Users\Peta\Downloads\PCPerformerSetup.exe
2014-07-28 20:20 - 2014-07-28 20:20 - 00000000 _____ () C:\Users\Peta\AppData\Local\AtStart.txt
2014-07-28 20:17 - 2014-08-21 16:59 - 00000167 _____ () C:\Users\Peta\Desktop\Nový textový dokument.txt
2014-07-28 20:16 - 2014-07-28 20:16 - 00448512 _____ (OldTimer Tools) C:\Users\Peta\Downloads\TFC (2).exe
2014-07-28 20:16 - 2014-07-28 20:16 - 00448512 _____ (OldTimer Tools) C:\Users\Peta\Downloads\TFC (1).exe
2014-07-28 20:12 - 2014-07-28 20:12 - 00050688 _____ (Atribune.org) C:\Users\Peta\Downloads\ATF-Cleaner.exe
2014-07-28 20:12 - 2014-07-28 20:12 - 00050688 _____ (Atribune.org) C:\Users\Peta\Downloads\ATF-Cleaner (1).exe
2014-07-25 19:28 - 2014-07-25 19:30 - 04563950 _____ (Alexander Vigovsky ) C:\Users\Peta\Downloads\ac3filter_2_5b.exe

Task: {4D4D8105-FCFF-4D94-AD4C-B7E71BC774E7} - System32\Tasks\Buenosearch => C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe

Hosts:
Reboot:
End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:24-08-2014 02
Ran by Peta at 2014-08-24 18:50:49 Run:1
Running from C:\Users\Peta\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [SafePCRepair EPM Support] => "C:\PROGRA~1\SAFEPC~2\bar\1.bin\89medint.exe" T8EPMSUP.DLL,S
HKU\S-1-5-21-3428677505-2899867399-1349080762-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3428677505-2899867399-1349080762-1000\...\Run: [buenosearch] => C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [X]
S2 SafePCRepair_89Service; C:\PROGRA~1\SAFEPC~2\bar\1.bin\89barsvc.exe [X]
S2 Util Kozaka; "C:\Program Files\Kozaka\bin\utilKozaka.exe" [X]

C:\Program Files\Skype\Toolbars
C:\Program Files\SafePCRepair
C:\Program Files\Kozaka
C:\PROGRA~1\SAFEPC~2
C:\Users\Peta\AppData\Local\buenosearch
2014-08-24 17:35 - 2014-08-24 17:36 - 00007860 _____ () C:\Users\Peta\Desktop\FRST.txt
2014-08-24 17:34 - 2014-08-24 17:34 - 00112640 _____ (forum.viry.cz) C:\Users\Peta\Downloads\FRSTLauncher.exe
2014-08-24 17:34 - 2014-08-24 17:34 - 00112640 _____ (forum.viry.cz) C:\Users\Peta\Desktop\FRSTLauncher.exe
2014-08-24 17:32 - 2014-08-24 17:33 - 01095168 _____ (Farbar) C:\Users\Peta\Downloads\FRST.exe
2014-08-24 16:14 - 2014-08-24 15:46 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-24 16:01 - 2014-08-24 16:15 - 00011876 _____ () C:\zoek-results.log
2014-08-24 15:46 - 2014-08-24 16:15 - 00000000 ____D () C:\zoek_backup
2014-08-24 15:46 - 2014-08-24 15:45 - 01288704 _____ () C:\Users\Peta\Desktop\zoek.exe
2014-08-24 15:44 - 2014-08-24 15:45 - 01288704 _____ () C:\Users\Peta\Downloads\zoek.exe
2014-08-24 15:13 - 2014-08-24 15:10 - 01364531 _____ () C:\Users\Peta\Desktop\adwcleaner_3.308.exe
2014-08-24 15:12 - 2014-08-24 15:12 - 00001001 _____ () C:\JRT.txt
2014-08-24 15:09 - 2014-08-24 15:10 - 01364531 _____ () C:\Users\Peta\Downloads\adwcleaner_3.308.exe
2014-08-24 15:01 - 2014-08-24 15:01 - 00001001 _____ () C:\Users\Peta\Desktop\JRT.txt
2014-08-24 14:54 - 2014-08-24 14:52 - 01016261 _____ (Thisisu) C:\Users\Peta\Desktop\JRT (2).exe
2014-08-24 14:52 - 2014-08-24 14:52 - 01016261 _____ (Thisisu) C:\Users\Peta\Downloads\JRT (2).exe
2014-08-21 17:53 - 2014-08-21 17:53 - 00000000 ____D () C:\rsit
2014-08-21 17:53 - 2014-08-21 17:53 - 00000000 ____D () C:\Program Files\trend micro
2014-08-21 17:52 - 2014-08-21 17:52 - 01107968 _____ () C:\Users\Peta\Downloads\RSIT (1).exe
2014-08-21 17:38 - 2014-08-21 17:38 - 01107968 _____ () C:\Users\Peta\Downloads\RSIT.exe
2014-07-28 21:11 - 2014-07-28 21:11 - 01016261 _____ (Thisisu) C:\Users\Peta\Downloads\JRT (1).exe
2014-07-28 20:26 - 2014-07-28 20:26 - 01365525 _____ () C:\Users\Peta\Downloads\adwcleaner_3.301.exe
2014-07-28 20:24 - 2014-07-28 20:25 - 01266376 _____ (PCPerformer) C:\Users\Peta\Downloads\PCPerformerSetup.exe
2014-07-28 20:20 - 2014-07-28 20:20 - 00000000 _____ () C:\Users\Peta\AppData\Local\AtStart.txt
2014-07-28 20:17 - 2014-08-21 16:59 - 00000167 _____ () C:\Users\Peta\Desktop\Nový textový dokument.txt
2014-07-28 20:16 - 2014-07-28 20:16 - 00448512 _____ (OldTimer Tools) C:\Users\Peta\Downloads\TFC (2).exe
2014-07-28 20:16 - 2014-07-28 20:16 - 00448512 _____ (OldTimer Tools) C:\Users\Peta\Downloads\TFC (1).exe
2014-07-28 20:12 - 2014-07-28 20:12 - 00050688 _____ (Atribune.org) C:\Users\Peta\Downloads\ATF-Cleaner.exe
2014-07-28 20:12 - 2014-07-28 20:12 - 00050688 _____ (Atribune.org) C:\Users\Peta\Downloads\ATF-Cleaner (1).exe
2014-07-25 19:28 - 2014-07-25 19:30 - 04563950 _____ (Alexander Vigovsky ) C:\Users\Peta\Downloads\ac3filter_2_5b.exe

Task: {4D4D8105-FCFF-4D94-AD4C-B7E71BC774E7} - System32\Tasks\Buenosearch => C:\Users\Peta\AppData\Local\buenosearch\buenosearch\1.3.8.2\buenosearch.exe

Hosts:
Reboot:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SafePCRepair EPM Support => value deleted successfully.
HKU\S-1-5-21-3428677505-2899867399-1349080762-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-3428677505-2899867399-1349080762-1000\Software\Microsoft\Windows\CurrentVersion\Run\\buenosearch => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
c2cautoupdatesvc => Service stopped successfully.
c2cautoupdatesvc => Service deleted successfully.
c2cpnrsvc => Service stopped successfully.
c2cpnrsvc => Service deleted successfully.
ioloService => Service deleted successfully.
SafePCRepair_89Service => Service deleted successfully.
Util Kozaka => Service deleted successfully.
C:\Program Files\Skype\Toolbars => Moved successfully.
"C:\Program Files\SafePCRepair" => File/Directory not found.
"C:\Program Files\Kozaka" => File/Directory not found.
"C:\PROGRA~1\SAFEPC~2" => File/Directory not found.
"C:\Users\Peta\AppData\Local\buenosearch" => File/Directory not found.
C:\Users\Peta\Desktop\FRST.txt => Moved successfully.
C:\Users\Peta\Downloads\FRSTLauncher.exe => Moved successfully.
C:\Users\Peta\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Peta\Downloads\FRST.exe => Moved successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\Peta\Desktop\zoek.exe => Moved successfully.
C:\Users\Peta\Downloads\zoek.exe => Moved successfully.
C:\Users\Peta\Desktop\adwcleaner_3.308.exe => Moved successfully.
C:\JRT.txt => Moved successfully.
C:\Users\Peta\Downloads\adwcleaner_3.308.exe => Moved successfully.
C:\Users\Peta\Desktop\JRT.txt => Moved successfully.
C:\Users\Peta\Desktop\JRT (2).exe => Moved successfully.
C:\Users\Peta\Downloads\JRT (2).exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Users\Peta\Downloads\RSIT (1).exe => Moved successfully.
C:\Users\Peta\Downloads\RSIT.exe => Moved successfully.
C:\Users\Peta\Downloads\JRT (1).exe => Moved successfully.
C:\Users\Peta\Downloads\adwcleaner_3.301.exe => Moved successfully.
C:\Users\Peta\Downloads\PCPerformerSetup.exe => Moved successfully.
C:\Users\Peta\AppData\Local\AtStart.txt => Moved successfully.
C:\Users\Peta\Desktop\Nový textový dokument.txt => Moved successfully.
C:\Users\Peta\Downloads\TFC (2).exe => Moved successfully.
C:\Users\Peta\Downloads\TFC (1).exe => Moved successfully.
C:\Users\Peta\Downloads\ATF-Cleaner.exe => Moved successfully.
C:\Users\Peta\Downloads\ATF-Cleaner (1).exe => Moved successfully.
C:\Users\Peta\Downloads\ac3filter_2_5b.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D4D8105-FCFF-4D94-AD4C-B7E71BC774E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D4D8105-FCFF-4D94-AD4C-B7E71BC774E7}" => Key deleted successfully.
C:\Windows\System32\Tasks\Buenosearch => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Buenosearch" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

The system needed a reboot.

==== End of Fixlog ====

Jak se chova PC???

V podstatě pořád stejně. Reklamy vyskakují pořád, PC je stále celkově zpomalený a všechny operace trvají dlouho.

Reklamy jsou ve vsech prohlizecich??

Problém s reklamami mám hlavně v prohlížeči Opera. Zkoušela jsem nainstalovat Google chrom a tam byl stejný problém. Explorer nepoužívám, ale ten se zdá být v pořádku.

VIRY.CZ

Samy se spouštějící odkazy a reklama, zpomalený počítač

Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač

Re: Samy se spouštějící odkazy a reklama, zpomalený počítač