VIRY.CZ

Dobrý večer,
nemohu se zbavit otravného přesměrovávání na stránky o půjčkách, hry, erotika atd. Můžete pomoci?
Něco jsem zde už pročetl, ale jsem laik, tak prosím o trpělivost. Prozatím jsem projel AdwCleanerem.
Tady je výsledek:

# AdwCleaner v6.042 - Log vytvořen 06/01/2017 v 22:12:28
# Aktualizováno dne 06/01/2017 z Malwarebytes
# Databáze : 2017-01-06.1 [Server]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : pz - PEPA
# Spuštěno z : C:\Documents and Settings\pz\Plocha\adwcleaner_6.042.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****

[-] Služba smazána: sp_rsdrv2


***** [ Složky ] *****



***** [ Soubory ] *****

[-] Soubor smazán: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1524 Bajty] - [17/12/2016 00:00:21]
C:\AdwCleaner\AdwCleaner[C2].txt - [6165 Bajty] - [05/01/2017 13:18:18]
C:\AdwCleaner\AdwCleaner[C3].txt - [1059 Bajty] - [06/01/2017 22:12:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [1770 Bajty] - [16/12/2016 23:59:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [1555 Bajty] - [19/12/2016 10:10:52]
C:\AdwCleaner\AdwCleaner[S2].txt - [1607 Bajty] - [26/12/2016 10:51:13]
C:\AdwCleaner\AdwCleaner[S3].txt - [6427 Bajty] - [05/01/2017 13:16:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [1828 Bajty] - [05/01/2017 13:23:00]
C:\AdwCleaner\AdwCleaner[S5].txt - [1895 Bajty] - [06/01/2017 22:10:24]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1570 Bajty] ##########

Zdravím

Stáhni Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulož jej na plochu a spusť - zobrazí se licenční podminky -> start libovolnou klávesou.
Bude vytvořena záloha a proběhne skenování.
Vyskočí log (nebo je uložen zde C:\Documents and Settings\username\Local Settings\temp\jrt\temp\JRT.txt) - zkopíruj jej sem

pravděpodobně budeš nucen vypnout na tu chvíli antivir - je to čisté, prověřeno

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Spustit a do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Log bude zde C:\zoek-results.log

Tady je log dle pokynů:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Microsoft Windows XP x86
Ran by pz (Administrator) on so 07.01.2017 at 17:52:25,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\Documents and Settings\pz\Data aplikacˇ\nico mak computing (Folder)
Successfully deleted: C:\Documents and Settings\pz\Data aplikacˇ\opencandy (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\J3A4N4EG (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OCH3TB9G (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PPJY2YZT (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WWWF53Q1 (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\ytd (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\J3A4N4EG (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OCH3TB9G (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PPJY2YZT (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WWWF53Q1 (Temporary Internet Files Folder)

Deleted the following from C:\Documents and Settings\pz\Data aplikacˇ\Mozilla\Firefox\Profiles\vyton6g9.default-1482862278406\prefs.js
user_pref(extensions.foxcub.config.encodedConfig, {\core\:{\configUrl\:\hxxp://download.seznam.cz/software/conf/\,\configUrlSecure\:\hxxps://download.seznam.cz/sof



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 07.01.2017 at 17:52:56,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A Zoek ještě běží ?

Pardon, tady je aktuální log ze Zoeku:

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by pz on ne 08.01.2017 at 10:09:50,71.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\pz\Plocha\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-01-06-094414.log 10857 bytes
C:\zoek-results2017-01-06-130859.log 16006 bytes
C:\zoek-results2017-01-06-203314.log 4754 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... rer:source?}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... orm=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\pz\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6 folders=3 17603174 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\pz\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\pz\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on ne 08.01.2017 at 10:27:29,79 ======================

Stáhni a nainstaluj MBAM zde http://www.bleepingcomputer.com/downloa ... re/dl/241/ verzi 1.75
(načítání chvíli trvá tak vydrž)
Při instalaci ti jako první nabídne instalaci nové verze (případně i při spuštění) - dáš Storno - bude aktualizována jen databáze
Po instalaci Spustit -> na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení a program nezavírej, jen minimalizuj

No, myslím, že jsem to pohnojil s tou aktualizací. Psalo mi to, že databáze je zastaralá a já odklikl aktualizaci. On se ale aktualizoval asi celý program? Po dokončení mi nešlo okno zkopírovat, tak jsem dal uložit jako protokol a tady je výsledek:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org

Verze: v2017.01.08.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
pz :: PEPA [administrátor]

Ochrana: Povolena

8.1.2017 17:50:07
MBAM-log-2017-01-08 (18-42-27).txt

Typ: Kompletní kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 382314
Uplynulý čas: 49 minut, 2 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|AutoConfigUrl (Hijack.AutoConfigURL.PrxySvrRST) -> Data: http://no-stop.net/wpad.dat?77a7fcecf03 ... 3d20753931 -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 14
C:\System Volume Information\_restore{172A2F7E-6E43-4D93-B7C3-7DAF521C3AC6}\RP277\A0073044.exe (PUP.Optional.ASK.OL) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{0240681E-07F5-4F5E-A7D0-4EE2B4C50C6B}\RP24\A0008192.exe (Adware.RelevantKnowledge) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{0240681E-07F5-4F5E-A7D0-4EE2B4C50C6B}\RP24\A0008212.exe (Trojan.FakeMS.Gen) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{0240681E-07F5-4F5E-A7D0-4EE2B4C50C6B}\RP24\A0008214.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{0240681E-07F5-4F5E-A7D0-4EE2B4C50C6B}\RP24\A0008219.exe (Trojan.FakeMS.Gen) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{0240681E-07F5-4F5E-A7D0-4EE2B4C50C6B}\RP24\A0008617.EXE (PUP.Optional.IntroKeygen) -> Nebyla provedena žádná instrukce.
D:\System Volume Information\_restore{0240681E-07F5-4F5E-A7D0-4EE2B4C50C6B}\RP24\A0008619.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\PROGRAMY\SYSTEM\HiDownload.Platinum (stahování z Livestream)\CORE10k.EXE (PUP.Optional.IntroKeygen) -> Nebyla provedena žádná instrukce.
E:\PROGRAMY\SYSTEM\HiDownload.Platinum (stahování z Livestream)\cr-hd992.zip (PUP.Optional.IntroKeygen) -> Nebyla provedena žádná instrukce.
E:\PROGRAMY\SYSTEM\HiDownload.Platinum (stahování z Livestream)\keygen.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
E:\PROGRAMY\SYSTEM\MICROSOFT OFFICE 2007\MS Office 2007 CZ Portable\Microsoft Word 2007.exe (Trojan.FakeMS.Gen) -> Nebyla provedena žádná instrukce.
E:\PROGRAMY\SYSTEM\PORTABLE\MS Office 2007 CZ Portable\Microsoft Word 2007.exe (Trojan.FakeMS.Gen) -> Nebyla provedena žádná instrukce.
E:\PROGRAMY\SYSTEM\Stahování webu\Offline-Explorer-Enterprise-5.9-+-CRACK-and--KEYGEN.rar (PUP.Optional.IntroKeygen) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\All Users\Data aplikací\Ashampoo\ico_ashampoo_marketplace.ico (PUP.Optional.AshampooRegistryCleaner) -> Nebyla provedena žádná instrukce.

(konec)

Provedl jsi to správně - teď nech vše nalezené odstranit

Po restartu mi dej nový RSIT

Přes noc jsem PC vypnul a odešel do práce. Večer tedy znovu provedu komletní kontrolu s MBAM a dám opravit.

Ještě natvrdlý dotaz. Tím novým RSITem myslíš, že po restartu to mám ještě jednou projet v MBAM a výsledek sem umístit stejně jako v přechozím příspěvku?
Nebo mám postupovat dle tohoto návodu:
http://forum.viry.cz/viewtopic.php?f=13&t=130786

Díky

Večer znovu MBAM pak nálezy označit a odstranit
Restartovat a vytvořit RSIT podle http://forum.viry.cz/viewtopic.php?f=13&t=133100

logy sem

Tak došlo k nějaké chybě. Večer jsem zkoušel nastartovat PC, že to projedu dle pokynů. Start byl vééélice pomalý a po zobrazení plochy, zůstal PC zmrazený i po cca 30minutách. Nezbylo, než ho vypnout natvrdo. To byla možná chyba, měl jsem to nechat najíždět klidně celou noc. Další pokusy skončily ještě hůře, kdy se ikony na ploše nezobrazily úplně. Dokonce se nenačítal ani čas na hodinách. Myslím, že by to mohlo být tím programem MBAM, který se spouštěl hned při startu.
Rozhodl jsem se tedy pro reinstalaci operačního systému. Jiný nápad nemám.

Každopádně díky za tvůj čas.

Zkus ho ještě spustit v Nouzovém režimu

OK, vyzkouším. Pokud najede, tak v tom nouzovém režimu zkusím kontrolu pomocí MBAM a dám odstranit? A mám kdyžtak označit všechny položky?

Nejprve vytvoř Bod obnovení

Můžeš odstranit vše nalezené
MBAM je má v karanténě a lze je obnovit

Do nouzového režimu najel PC v pohodě. Zkoušel jsem odinstalovat MBAM ale nešlo to. Hlásilo nějakou chybu. Tak jsem se vrátil do bodu obnovení asi o pět dní. Znovu jsem to projel programy na které jsi dával odkazy. MBAM se obávám znovu nainstalovat aby se to neopakovalo. Co navrhuješ?
Tady jsou logy:

ADWCLEANER

# AdwCleaner v6.041 - Log vytvořen 10/01/2017 v 20:20:41
# Aktualizováno dne 16/12/2016 z Malwarebytes
# Databáze : 2017-01-10.1 [Server]
# Operační systém : Microsoft Windows XP Service Pack 3 (X86)
# Uživatelské jméno : pz - PEPA
# Spuštěno z : C:\Documents and Settings\pz\Plocha\adwcleaner_6.041.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Program Files\Crawler


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****

[-] Zástupce vyléčen: C:\Documents and Settings\All Users\Nabídka Start\Programy\Crawler lišta\Nápověda pro lištu.lnk
[-] Zástupce vyléčen: C:\Documents and Settings\All Users\Nabídka Start\Programy\Crawler lišta\Více produktů Crawler.lnk


***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKLM\SOFTWARE\Classes\ctbr.R404Pro
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CToolbar.TB4Client
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CToolbar.TB4Script
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CToolbar.TB4Server
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
[-] Klíč smazán: HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
[-] Hodnota smazána: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
[-] Klíč smazán: HKU\S-1-5-21-746137067-839522115-1417001333-1004\Software\CToolbar
[#] Klíč smazán po restartu: HKCU\Software\CToolbar
[-] Klíč smazán: HKLM\SOFTWARE\CToolbar
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
[-] Data obnovena: HKU\S-1-5-21-746137067-839522115-1417001333-1004\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
[-] Klíč smazán: HKU\S-1-5-21-746137067-839522115-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
[-] Data obnovena: HKU\S-1-5-21-746137067-839522115-1417001333-1004\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
[-] Data obnovena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
[-] Klíč smazán: HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr
[-] Klíč smazán: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
[-] Hodnota smazána: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[#] Hodnota smazána po restartu: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]


***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1524 Bajty] - [17/12/2016 00:00:21]
C:\AdwCleaner\AdwCleaner[C2].txt - [6165 Bajty] - [05/01/2017 13:18:18]
C:\AdwCleaner\AdwCleaner[C3].txt - [1649 Bajty] - [06/01/2017 22:12:28]
C:\AdwCleaner\AdwCleaner[C4].txt - [5519 Bajty] - [10/01/2017 20:20:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [1770 Bajty] - [16/12/2016 23:59:22]
C:\AdwCleaner\AdwCleaner[S1].txt - [1555 Bajty] - [19/12/2016 10:10:52]
C:\AdwCleaner\AdwCleaner[S2].txt - [1607 Bajty] - [26/12/2016 10:51:13]
C:\AdwCleaner\AdwCleaner[S3].txt - [6427 Bajty] - [05/01/2017 13:16:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [1828 Bajty] - [05/01/2017 13:23:00]
C:\AdwCleaner\AdwCleaner[S5].txt - [1895 Bajty] - [06/01/2017 22:10:24]
C:\AdwCleaner\AdwCleaner[S6].txt - [6556 Bajty] - [10/01/2017 20:19:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [6103 Bajty] ##########



JUNKWARE REMOVAL TOOL

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Microsoft Windows XP x86
Ran by pz (Administrator) on Łt 10.01.2017 at 20:29:57,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 11

Successfully deleted: C:\Documents and Settings\pz\Data aplikacˇ\nico mak computing (Folder)
Successfully deleted: C:\Documents and Settings\pz\Data aplikacˇ\opencandy (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2MTWONQJ (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\70OS0N99 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HNJ4ID7J (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z1024BIY (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\ytd (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2MTWONQJ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\70OS0N99 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HNJ4ID7J (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Z1024BIY (Temporary Internet Files Folder)

Deleted the following from C:\Documents and Settings\pz\Data aplikacˇ\Mozilla\Firefox\Profiles\vyton6g9.default-1482862278406\prefs.js
user_pref(extensions.foxcub.config.encodedConfig, {\core\:{\configUrl\:\hxxp://download.seznam.cz/software/conf/\,\configUrlSecure\:\hxxps://download.seznam.cz/sof



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 10.01.2017 at 20:30:33,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



ZOEK


Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by pz on Łt 10.01.2017 at 20:32:34,73.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\pz\Plocha\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2017-01-06-094414.log 10857 bytes
C:\zoek-results2017-01-06-130859.log 16006 bytes
C:\zoek-results2017-01-06-203314.log 4754 bytes
C:\zoek-results2017-01-08-092729.log 4800 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\ComPlus Applications deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\{55A29068-F2CE-456C-9148-C869879E2357} deleted
C:\Documents and Settings\All Users\Plocha\UmmyVideoDownloader.lnk deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [10.01.2017 19:05]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="tbr:res?id=tabs&rep=1"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dl ... ar=msnhome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... rer:source?}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={ ... orm=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\pz\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=6 folders=2 17603638 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\pz\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\pz\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Łt 10.01.2017 at 20:46:41,96 ======================