Prosím o kontrolu logu

Death at Comp · Příspěvekod **Death at Comp** » 01 dub 2015 16:03

Zdravim.....po dlouhe dobe jsem projel komp eset online scanerem, nasel pres stovku smejdu,neco odstranil a zbylo 66.....tak mi to prosim nekdo sjedte....diky

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:58:43, on 1.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)

FIREFOX: 36.0.4 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Skillbrains\lightshot\5.2.0.17\Lightshot.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows.old\Program Files\Mozilla Firefox\firefox.exe
C:\Windows.old\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\Karlos\Desktop\Bezpečnost\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=vmn&type=vmn_ ... 0321__yaie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Express Find - {d39539bb-f65e-4088-a9d1-6e5f01a42a3e} - C:\Program Files\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [uni mouse driver] "C:\Mouse driver\mouse_driver.exe" /hide
O4 - HKLM\..\Run: [uni mouse driver tilt] "C:\Mouse driver\wh_exec.exe"
O4 - HKLM\..\Run: [Lightshot] C:\Program Files\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "D:\Dokumenty 2\Prog files 2\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Users\Karlos\AppData\Local\Linkey\IEEXTE~1\iedll.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Service Mgr ExpressFind - Unknown owner - C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SmdmF Service (SmdmFService) - Unknown owner - C:\Program Files\Assets Manager\smdmf\SmdmFService.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
O23 - Service: Update Mgr ExpressFind - Unknown owner - C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe (file missing)

--
End of file - 7527 bytes

Reklama

Příspěvekod **jaro3** » 01 dub 2015 18:22

Máš log těch nákaz?

Odinstaluj:
AVG PC TuneUp
Spybot - Search & Destroy 2

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Death at Comp · Příspěvekod **Death at Comp** » 01 dub 2015 20:04

Vse jsem udelal a tady jsou logy:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 1.4.2015
Čas skenování: 19:42:56
Protokol:
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.01.08
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Karlos

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 441441
Uplynulý čas: 10 min, 31 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 18
PUP.Optional.ExpressFind.SID.A, HKLM\SOFTWARE\CLASSES\CLSID\{d39539bb-f65e-4088-a9d1-6e5f01a42a3e}, , [1a5205628cfefd39a16e3103f21418e8],
PUP.Optional.ExpressFind.SID.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{b002ffeb-d622-4ec8-a061-549681aaa56e}, , [1a5205628cfefd39a16e3103f21418e8],
PUP.Optional.ExpressFind.SID.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DE08B691-23D3-482D-AEE2-DCBE04AC30BB}, , [1a5205628cfefd39a16e3103f21418e8],
PUP.Optional.ExpressFind.SID.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}, , [1a5205628cfefd39a16e3103f21418e8],
PUP.Optional.ExpressFind.SID.A, HKLM\SOFTWARE\CLASSES\CLSID\{D39539BB-F65E-4088-A9D1-6E5F01A42A3E}\INPROCSERVER32, , [1a5205628cfefd39a16e3103f21418e8],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, , [2e3e87e09bef5ed804a766cc0ef5639d],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [84e80661cac00135199a4de5bd462cd4],
PUP.Optional.ExpressFind.SID.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Express Find, , [5f0d55121773a98d7d926ec6030335cb],
PUP.Optional.ExpressFind.A, HKLM\SOFTWARE\ExpressFind, , [83e9c2a5b1d9181e469f04b29271f40c],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SmdmF, , [4e1e4b1cd4b689addd04ce0e15ee53ad],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\fpmeembnagmagppkgghhfjfdfajdfcah, , [d597b3b4d9b161d56686e7154ab9946c],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, , [84e887e0ff8b8ea82fbe4cb0fb0809f7],
PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A91196222, , [fc70bdaab3d7092dd7e04ffcf80d7a86],
PUP.Optional.ExpressFind.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr ExpressFind, , [72fa36318ffbce68ba29645247bc52ae],
PUP.Optional.SettingsManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SmdmFService, , [2e3ef671d4b64beb6877a3398083fa06],
PUP.Optional.ExpressFind.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr ExpressFind, , [bcb0c4a399f186b0a83b9d1954afd62a],
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\SmdmF, , [e98374f3a2e8979ff0f084586f944cb4],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\LINKEY, , [53193f285337d95ddb592d13df2614ec],

Hodnoty registru: 10
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, , [84e887e0ff8b8ea82fbe4cb0fb0809f7]
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|DisplayName, default-search.net, , [096397d0e8a24de9be9b7fcf778e8779]
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|URL, http://www.default-search.net/search?si ... &src=ds&p={searchTerms}, , [561671f66228c67072e7c688bd48619f]
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|SuggestionsURL_JSON, http://www.default-search.net?sid=503&a ... &src=ds&p={searchTerms}&ft=json, , [07653235e4a61224abae89c57b8a837d]
PUP.Optional.SettingsManager, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x64, c:\program files\settings manager\smdmf\x64\sysapcrt.dll, , [105c86e1513967cf54dc528ea0636d93]
PUP.Optional.Linkey.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\LINKEY|browsers, chrome,ff,ie, , [53193f285337d95ddb592d13df2614ec]
PUP.Optional.Linkey.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\LINKEY|home, C:\Users\Karlos\AppData\Local\Linkey, , [84e898cfe2a856e0d6f980cbc540d52b]
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|DisplayName, default-search.net, , [e78596d16d1dba7c3622f955a2638b75]
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|URL, http://www.default-search.net/search?si ... &src=ds&p={searchTerms}, , [72fa35326e1c0135055365e950b5f709]
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}|SuggestionsURL_JSON, http://www.default-search.net?sid=503&a ... &src=ds&p={searchTerms}&ft=json, , [d894c0a773170a2c27315cf20ef78e72]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 27
PUP.Optional.Linkey.A, C:\Users\Karlos\AppData\Local\Linkey, , [b4b8ec7b4a4067cfa3b097a9c54019e7],
PUP.Optional.Linkey.A, C:\Users\Karlos\AppData\Local\Linkey\ChromeExtension, , [b4b8ec7b4a4067cfa3b097a9c54019e7],
PUP.Optional.Linkey.A, C:\Users\Karlos\AppData\Local\Linkey\IEExtension, , [b4b8ec7b4a4067cfa3b097a9c54019e7],
PUP.Optional.OpenCandy, C:\Users\Karlos\AppData\Roaming\OpenCandy, , [6efed88faddd69cdfff717659c67da26],
PUP.Optional.OpenCandy, C:\Users\Karlos\AppData\Roaming\OpenCandy\11DE46A77B4240C5AF7F1D1BE57B5DDE, , [6efed88faddd69cdfff717659c67da26],
PUP.Optional.OpenCandy, C:\Users\Karlos\AppData\Roaming\OpenCandy\2831BBE04EDC41C0A9898AF4A7C249B3, , [6efed88faddd69cdfff717659c67da26],
PUP.Optional.OpenCandy, C:\Users\Karlos\AppData\Roaming\OpenCandy\36535B9922594550AD2A271822C3BF86, , [6efed88faddd69cdfff717659c67da26],
PUP.Optional.OpenCandy, C:\Users\Karlos\AppData\Roaming\OpenCandy\C3A7BDE1CBE344EB81294728B80E01A3, , [6efed88faddd69cdfff717659c67da26],
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf, , [e983402787039f974582a6f219eaf30d],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Program Files\Assets Manager\smdmf, , [1953a3c4b4d62214954d3b76719258a8],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d, , [bab2d19677132a0cc2de0ea615ee5fa1],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer, , [bab2d19677132a0cc2de0ea615ee5fa1],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins, , [bab2d19677132a0cc2de0ea615ee5fa1],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3, , [bab2d19677132a0cc2de0ea615ee5fa1],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3bak, , [bab2d19677132a0cc2de0ea615ee5fa1],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5, , [bab2d19677132a0cc2de0ea615ee5fa1],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5bak, , [bab2d19677132a0cc2de0ea615ee5fa1],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8, , [bab2d19677132a0cc2de0ea615ee5fa1],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8bak, , [bab2d19677132a0cc2de0ea615ee5fa1],
PUP.Optional.ExpressFind.A, C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d, , [2547cb9cdfab1422722f4b69a0633ec2],
PUP.Optional.ExpressFind.A, C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater, , [2547cb9cdfab1422722f4b69a0633ec2],
PUP.Optional.ExpressFind.A, C:\Program Files\Express Find, , [373515523f4b0d29565d565e92718878],
PUP.Optional.ExpressFind.A, C:\Program Files\Express Find\Extensions, , [373515523f4b0d29565d565e92718878],

Soubory: 27
PUP.Optional.ExpressFind.SID.A, C:\Program Files\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll, , [1a5205628cfefd39a16e3103f21418e8],
PUP.Optional.ExpressFind.SID.A, C:\Users\Karlos\AppData\Roaming\OpenCandy\11DE46A77B4240C5AF7F1D1BE57B5DDE\setup0318.exe, , [6507e681f6942f074ac5eb4926e0f50b],
PUP.Optional.ExpressFind.SID.A, C:\Program Files\Express Find\Uninstaller.exe, , [5f0d55121773a98d7d926ec6030335cb],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [35374225c7c337ff1647c25ec3427f81],
PUP.Optional.Linkey.A, C:\Users\Karlos\AppData\Local\Linkey\log.log, , [b4b8ec7b4a4067cfa3b097a9c54019e7],
PUP.Optional.OpenCandy, C:\Users\Karlos\AppData\Roaming\OpenCandy\2831BBE04EDC41C0A9898AF4A7C249B3\WebCompanionInstaller.exe, , [6efed88faddd69cdfff717659c67da26],
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\coordinator.cfg, , [e983402787039f974582a6f219eaf30d],
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\general.cfg, , [e983402787039f974582a6f219eaf30d],
PUP.Optional.SettingsManager.A, C:\ProgramData\smdmf\S-1-5-21-2388973712-2511556405-2050298817-1000.cfg, , [e983402787039f974582a6f219eaf30d],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\chrome.manifest, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\install.rdf, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\components\SmdmFHlpFF.xpt, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\DnsBHO.js, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\Error404BHO.js, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\MainBHO.js, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NativeHelper.js, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\NewTabBHO.js, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.js, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\overlay.xul, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RelatedSearch.js, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\RequestPreserver.js, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SearchBHO.js, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Users\Karlos\AppData\Roaming\FirefoxToolbar\Settings Manager\smdmf\content\SettingManager.js, , [a5c790d7aae07abc27a18f09db28dd23],
PUP.Optional.SettingsManager.A, C:\Program Files\Assets Manager\smdmf\favicon.ico, , [1953a3c4b4d62214954d3b76719258a8],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\temp, , [bab2d19677132a0cc2de0ea615ee5fa1],
PUP.Optional.ExpressFind.A, C:\Program Files\Express Find\7za.exe, , [373515523f4b0d29565d565e92718878],
PUP.Optional.ExpressFind.A, C:\Program Files\Express Find\Extensions\{1fe073ff-4fbd-4f0e-9a39-1b65362500c6}.xpi, , [373515523f4b0d29565d565e92718878],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

# AdwCleaner v4.200 - Log vytvooen 01/04/2015 v 19:33:40
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Windows 7 Starter Service Pack 1 (x86)
# Uživatelské jméno : Karlos - KARLOSUVCOMP
# Spuštino z : C:\Users\Karlos\Desktop\adwcleaner_4.200.exe
# Nastavení : Sken

***** [ Služby ] *****

Služba Nalezeno : SmdmFService
Služba Nalezeno : F06DEFF2-5B9C-490D-910F-35D3A91196222

***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files\Assets Manager
Složka Nalezeno : C:\Program Files\FileViewPro
Složka Nalezeno : C:\Program Files\FlvPlayer
Složka Nalezeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro
Složka Nalezeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Složka Nalezeno : C:\ProgramData\smdmf
Složka Nalezeno : C:\Users\Karlos\AppData\Local\FileViewPro
Složka Nalezeno : C:\Users\Karlos\AppData\Local\Linkey
Složka Nalezeno : C:\Users\Karlos\AppData\Roaming\FirefoxToolbar
Složka Nalezeno : C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Složka Nalezeno : C:\Users\Karlos\AppData\Roaming\OpenCandy
Složka Nalezeno : C:\Users\Karlos\AppData\Roaming\RHEng
Složka Nalezeno : C:\Users\Karlos\Desktop\Save
Soubor Nalezeno : C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nkcpopggjcjkiicpenikeogioednjeac_0.localstorage
Soubor Nalezeno : C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ijv7svz9.default-1422124079010\invalidprefs.js

***** [ Naplánované úlohy ] *****

Úloha Nalezeno : update-sys
Úloha Nalezeno : update-S-1-5-21-2388973712-2511556405-2050298817-1000
Úloha Nalezeno : update-sys

***** [ Zástupci ] *****

***** [ Registry ] *****

Data Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\Karlos\AppData\Local\Linkey\IEEXTE~1\iedll.dll
Hodnota Nalezeno : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Hodnota Nalezeno : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Hodnota Nalezeno : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91397D20-1446-11D4-8AF4-0040CA1127B6}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91397D20-1446-11D4-8AF4-0040CA1127B6}
Klíe Nalezeno : HKCU\Software\SmdmF
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíe Nalezeno : HKLM\SOFTWARE\FlvPlayer
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlvPlayer
Klíe Nalezeno : HKLM\SOFTWARE\SmdmF

***** [ Prohlížeee ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.4 (x86 cs)

[ijv7svz9.default-1422124079010] - Oádek Nalezeno : user_pref("browser.search.hiddenOneOffs", "Seznam,default-search.net,DuckDuckGo,Heuréka,Mapy.cz,Slunečnice,Wikipedie (cs)");

-\\ Google Chrome v41.0.2272.101

[C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Nalezeno [Extension] : fpmeembnagmagppkgghhfjfdfajdfcah

*************************

AdwCleaner[R0].txt - [5093 bytu] - [01/04/2015 19:33:40]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5151 bytu] ##########

Příspěvekod **jaro3** » 01 dub 2015 20:50

Myslel jsem taky ty nákazy z eset online scaner.

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Death at Comp · Příspěvekod **Death at Comp** » 01 dub 2015 22:17

Tak jsem zas tu.....bohuzel ten log z eset online scaneru nemam,hodilo mi to hned restart.....jinak jsem udelal vse co jsi napsal a zde jsou logy:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.0 (03.31.2015:2)
OS: Windows 7 Starter x86
Ran by Karlos on st 01.04.2015 at 21:24:15,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d39539bb-f65e-4088-a9d1-6e5f01a42a3e}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{d39539bb-f65e-4088-a9d1-6e5f01a42a3e}

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 01.04.2015 at 21:27:29,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.200 - Log vytvooen 01/04/2015 v 21:11:21
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Windows 7 Starter Service Pack 1 (x86)
# Uživatelské jméno : Karlos - KARLOSUVCOMP
# Spuštino z : C:\Users\Karlos\Desktop\adwcleaner_4.200.exe
# Nastavení : Eištiní

***** [ Služby ] *****

[#] Služba Smazáno : SmdmFService
[#] Služba Smazáno : F06DEFF2-5B9C-490D-910F-35D3A91196222

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\ProgramData\smdmf
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileViewPro
Složka Smazáno : C:\Program Files\FlvPlayer
Složka Smazáno : C:\Program Files\FileViewPro
Složka Smazáno : C:\Program Files\Assets Manager
Složka Smazáno : C:\Users\Karlos\AppData\Local\Linkey
Složka Smazáno : C:\Users\Karlos\AppData\Local\FileViewPro
Složka Smazáno : C:\Users\Karlos\AppData\Roaming\FirefoxToolbar
Složka Smazáno : C:\Users\Karlos\AppData\Roaming\OpenCandy
Složka Smazáno : C:\Users\Karlos\AppData\Roaming\RHEng
Složka Smazáno : C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Složka Smazáno : C:\Users\Karlos\Desktop\Save
Soubor Smazáno : C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nkcpopggjcjkiicpenikeogioednjeac_0.localstorage
Soubor Smazáno : C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ijv7svz9.default-1422124079010\invalidprefs.js

***** [ Naplánované úlohy ] *****

Úloha Smazáno : update-sys
Úloha Smazáno : update-S-1-5-21-2388973712-2511556405-2050298817-1000

***** [ Zástupci ] *****

***** [ Registry ] *****

Klíe Smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah
Hodnota Smazáno : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Hodnota Smazáno : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Klíe Smazáno : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíe Smazáno : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Smazáno : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Klíe Smazáno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{91397D20-1446-11D4-8AF4-0040CA1127B6}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Klíe Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{91397D20-1446-11D4-8AF4-0040CA1127B6}
Klíe Smazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Klíe Smazáno : HKCU\Software\SmdmF
Klíe Smazáno : HKLM\SOFTWARE\FlvPlayer
Klíe Smazáno : HKLM\SOFTWARE\SmdmF
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlvPlayer
Klíe Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1
Data Smazáno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\Karlos\AppData\Local\Linkey\IEEXTE~1\iedll.dll

***** [ Prohlížeee ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Mozilla Firefox v36.0.4 (x86 cs)

[ijv7svz9.default-1422124079010\prefs.js] - Oádek Smazáno : user_pref("browser.search.hiddenOneOffs", "Seznam,default-search.net,DuckDuckGo,Heuréka,Mapy.cz,Slunečnice,Wikipedie (cs)");

-\\ Google Chrome v41.0.2272.101

[C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Smazáno [Extension] : fpmeembnagmagppkgghhfjfdfajdfcah

*************************

AdwCleaner[R0].txt - [5229 bytu] - [01/04/2015 19:33:40]
AdwCleaner[R1].txt - [5287 bytu] - [01/04/2015 21:08:58]
AdwCleaner[S0].txt - [5056 bytu] - [01/04/2015 21:11:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5114 bytu] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 1.4.2015
Čas skenování: 21:33:58
Protokol: mwam.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.01.09
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Karlos

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 441104
Uplynulý čas: 9 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 8
PUP.Optional.ExpressFind.SID.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Express Find, , [c6a7313657332b0ba1bda490cc3a47b9],
PUP.Optional.ExpressFind.A, HKLM\SOFTWARE\ExpressFind, , [016c0e59434759dd052e4e696e9549b7],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, , [d19cd7904d3d02343407e8153bc8ab55],
PUP.Optional.ExpressFind.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr ExpressFind, , [c9a4ef78e7a3e254ec456255bd469070],
PUP.Optional.ExpressFind.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr ExpressFind, , [5f0e4d1af29886b0c26ff7c02bd8eb15],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\LINKEY, , [acc1f4736822cf670979013f11f436ca],
PUP.Optional.ExpressFind.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B002FFEB-D622-4EC8-A061-549681AAA56E}, , [204d2c3b4446d561a9299321aa596799],
PUP.Optional.ExpressFind.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DE08B691-23D3-482D-AEE2-DCBE04AC30BB}, , [204d2c3b4446d561a9299321aa596799],

Hodnoty registru: 3
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, , [d19cd7904d3d02343407e8153bc8ab55]
PUP.Optional.Linkey.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\LINKEY|browsers, chrome,ff,ie, , [acc1f4736822cf670979013f11f436ca]
PUP.Optional.Linkey.A, HKU\S-1-5-21-2388973712-2511556405-2050298817-1000\SOFTWARE\LINKEY|home, C:\Users\Karlos\AppData\Local\Linkey, , [c5a8175014764fe75fbefa52be478d73]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 13
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d, , [1558a8bf83079b9b3e816450ad5654ac],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer, , [1558a8bf83079b9b3e816450ad5654ac],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins, , [1558a8bf83079b9b3e816450ad5654ac],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3, , [1558a8bf83079b9b3e816450ad5654ac],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3bak, , [1558a8bf83079b9b3e816450ad5654ac],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5, , [1558a8bf83079b9b3e816450ad5654ac],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5bak, , [1558a8bf83079b9b3e816450ad5654ac],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8, , [1558a8bf83079b9b3e816450ad5654ac],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8bak, , [1558a8bf83079b9b3e816450ad5654ac],
PUP.Optional.ExpressFind.A, C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d, , [9ad3dd8a58321125a61a09ab4ab9c43c],
PUP.Optional.ExpressFind.A, C:\Program Files\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater, , [9ad3dd8a58321125a61a09ab4ab9c43c],
PUP.Optional.ExpressFind.A, C:\Program Files\Express Find, , [204d2c3b4446d561a9299321aa596799],
PUP.Optional.ExpressFind.A, C:\Program Files\Express Find\Extensions, , [204d2c3b4446d561a9299321aa596799],

Soubory: 6
PUP.Optional.ExpressFind.SID.A, C:\Program Files\Express Find\Uninstaller.exe, , [c6a7313657332b0ba1bda490cc3a47b9],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [224bcb9c6a205fd7a60580a01fe6d22e],
PUP.Optional.ExpressFind.A, C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\temp, , [1558a8bf83079b9b3e816450ad5654ac],
PUP.Optional.ExpressFind.A, C:\Program Files\Express Find\7za.exe, , [204d2c3b4446d561a9299321aa596799],
PUP.Optional.ExpressFind.A, C:\Program Files\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll, , [204d2c3b4446d561a9299321aa596799],
PUP.Optional.ExpressFind.A, C:\Program Files\Express Find\Extensions\{1fe073ff-4fbd-4f0e-9a39-1b65362500c6}.xpi, , [204d2c3b4446d561a9299321aa596799],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Karlos [Práva správce]
Started from : C:\Users\Karlos\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 04/01/2015 22:04:54

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files\Skillbrains\lightshot\Lightshot.exe -> Nalezeno
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 genuine.microsoft.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 sls.microsoft.com

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] ijv7svz9.default-1422124079010 : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3120213A ATA Device +++++
--- User ---
[MBR] 22fef0605af2c0776fbf1c030db5d925
[BSP] 4373ee5a9185d3547796a8158e4e42e5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 114463 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3320620AS ATA Device +++++
--- User ---
[MBR] e76efccba65a9a6ccdd056eab3fff7c6
[BSP] f8de0b066046a17b30c06e9120ebe24f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305234 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Příspěvekod **jaro3** » 01 dub 2015 22:21

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Death at Comp · Příspěvekod **Death at Comp** » 01 dub 2015 23:00

antivir mam deaktivovany ale nejde mi vypnout firewall i kdyz jsem prihlasen jako administrator.....vypnu ho,pak tam vlezu a je zase zaplej

Death at Comp · Příspěvekod **Death at Comp** » 01 dub 2015 23:09

sorry musim jit do pelechu, za chvili vstavam.....budu tu zitra odpol. asi od ctvrty zase do noci....zatim diky

Příspěvekod **jaro3** » 02 dub 2015 10:09

Při problémech udělej RK v nouz. režimu.

Death at Comp · Příspěvekod **Death at Comp** » 02 dub 2015 19:25

tak jsem tu, vse jsem udelal a zde jsou logy:
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 2.4.2015
Čas skenování: 17:47:11
Protokol: mwm.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.02.05
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Karlos

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 435888
Uplynulý čas: 10 min, 4 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Nouzový režim
Uživatel : Karlos [Práva správce]
Started from : C:\Users\Karlos\Desktop\Bezpečnost\RogueKiller.exe
Mód : Smazat -- Datum : 04/02/2015 18:13:33

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files\Skillbrains\lightshot\Lightshot.exe [7] -> Smazáno
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 genuine.microsoft.com -> Smazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.com -> Smazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 sls.microsoft.com -> Smazáno

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0xc000035f]) ¤¤¤

¤¤¤ Webové prohlížeče : 3 ¤¤¤
[IE:Addon] System : Bing Bar [{8dcb7100-df86-4384-8842-8fa844297b3f}] -> Smazáno
[FIREFX:Addon] ijv7svz9.default-1422124079010 : avast! Online Security [wrc@avast.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] ijv7svz9.default-1422124079010 : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3120213A ATA Device +++++
--- User ---
[MBR] 22fef0605af2c0776fbf1c030db5d925
[BSP] 4373ee5a9185d3547796a8158e4e42e5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 114463 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3320620AS ATA Device +++++
--- User ---
[MBR] e76efccba65a9a6ccdd056eab3fff7c6
[BSP] f8de0b066046a17b30c06e9120ebe24f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305234 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

============================================
RKreport_SCN_04012015_220454.log - RKreport_SCN_04022015_181123.log

Zoek.exe v5.0.0.0 Updated 31-March-2015
Tool run by Karlos on źt 02.04.2015 at 18:28:31,13.
Microsoft Windows 7 Starter 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Karlos\Desktop\Bezpečnost\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2.4.2015 18:30:30 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully
C:\Users\Karlos\AppData\Roaming\HpUpdate deleted successfully
C:\Users\Karlos\AppData\Roaming\Publish Providers deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2388973712-2511556405-2050298817-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-2388973712-2511556405-2050298817-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-2388973712-2511556405-2050298817-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} deleted successfully
HKEY_USERS\S-1-5-21-2388973712-2511556405-2050298817-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ijv7svz9.default-1422124079010\prefs.js:
user_pref("browser.search.defaulturl", "http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&");
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.defaultenginename", "Seznam");
user_pref("browser.search.selectedEngine", "Seznam");
user_pref("browser.search.order.1", "Seznam");

Added to C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ijv7svz9.default-1422124079010\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Program Files\FRAPS cracked pln verze 3.5.9 CZ FULL deleted
C:\Users\Karlos\AppData\Roaming\.minecraft deleted
C:\Users\Karlos\.android deleted
C:\Program Files\Absolute Uninstaller 5 deleted
C:\Program Files\Skillbrains deleted
C:\Program Files\BitLord deleted
C:\Program Files\Lavasoft\Web Companion deleted
C:\found.000 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\found.004 deleted
C:\found.005 deleted
C:\PROGRA~2\Lavasoft\Web Companion deleted
C:\Users\Karlos\AppData\Local\updater.log deleted
C:\Users\Karlos\AppData\Local\Lavasoft\WebCompanion.exe_Url_f5db2c2eotb405zbclgx4obr3tgwdj1t deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted
C:\Users\Karlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitLord deleted
C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2388973712-2511556405-2050298817-1000 deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ijv7svz9.default-1422124079010\Invalidprefs.js deleted
"C:\Windows\Installer\30bcea7.msi" deleted
"C:\Users\Karlos\AppData\Local\{6B002444-B0BB-4791-910D-5F0646297E76}" deleted
"C:\Users\Karlos\AppData\Local\{CAE36C50-BCDA-46AC-8547-DAF62884903D}" deleted
"C:\Users\Karlos\AppData\Roaming\Yandex\ui" deleted
"C:\Users\Karlos\AppData\Roaming\Yandex" deleted
"C:\found.001" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ijv7svz9.default-1422124079010
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11.02.2015 17:43]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: C:\Users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ijv7svz9.default-1422124079010
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
09B4E13D25623D879D35286E2D29FF13 - C:\Users\Karlos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.101 (Possible outdated, latest Stable version: 41.0.2272.118)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[04.08.2014 17:58]

==== Chromium Startpages ======================

C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.seznam.cz/?clid=22668",
"startup_urls": [ "https://www.seznam.cz/?clid=22668" ],

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10099_swoc_campaign_150321__yaie"
"Search Page"="http://www.google.com"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\fi]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\ma]
@="http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\se]
@="http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\vi]
@="http://videa.seznam.cz/?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\zb]
@="http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Preferences_20140130193001.backup was reset successfully
C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Preferences_20140130193004.backup was reset successfully
C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Web Data copy was reset successfully
C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Web Data_20140130193001.backup was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\63D3C2094529D73489CA19B3876E8046 deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{902C3D36-9254-437D-98AC-913B78E60864} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\63D3C2094529D73489CA19B3876E8046 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Karlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCXMPGGN will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Karlos\AppData\Local\Mozilla\Firefox\Profiles\ijv7svz9.default-1422124079010\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Karlos\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2012 folders=637 2558088771 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Karlos\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser.KarlosuvComp\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser.KarlosuvComp.000\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Karlos\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found
"C:\Users\Karlos\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCXMPGGN" not found

==== EOF on źt 02.04.2015 at 18:55:06,36 ======================

ComboFix 15-04-01.01 - Karlos 02.04.2015 19:05:37.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.420.1029.18.2048.1065 [GMT 2:00]
Spuštěný z: c:\users\Karlos\Desktop\BezpeŔnost\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-02 do 2015-04-02 )))))))))))))))))))))))))))))))
.
.
2015-04-02 17:16 . 2015-04-02 17:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-04-02 16:50 . 2015-04-02 16:28 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-02 16:50 . 2015-04-02 17:16 -------- d-----w- c:\users\Karlos\AppData\Local\Temp
2015-04-02 16:28 . 2015-04-02 16:47 -------- d-----w- C:\zoek_backup
2015-04-01 19:56 . 2015-04-02 16:06 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-01 19:56 . 2015-04-01 20:07 -------- d-----w- c:\programdata\RogueKiller
2015-04-01 19:24 . 2015-04-01 19:24 -------- d-----w- C:\RegBackup
2015-04-01 17:42 . 2015-04-02 15:47 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-01 17:42 . 2015-04-01 17:42 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-01 17:42 . 2015-04-01 17:42 -------- d-----w- c:\programdata\Malwarebytes
2015-04-01 17:42 . 2015-03-17 04:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-01 17:42 . 2015-03-17 04:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-01 17:42 . 2015-03-17 04:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-01 17:33 . 2015-04-01 19:11 -------- d-----w- C:\AdwCleaner
2015-03-22 01:02 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D3E5A2B-EE29-4E93-AEBE-5FA8A794C8F1}\mpengine.dll
2015-03-21 20:01 . 2015-03-21 20:01 -------- d-----w- C:\VideoRotator
2015-03-21 19:54 . 2015-04-02 16:48 -------- d-----w- c:\users\Karlos\AppData\Local\Lavasoft
2015-03-21 19:52 . 2015-04-02 16:48 -------- d-----w- c:\program files\Lavasoft
2015-03-21 19:50 . 2015-03-21 19:50 -------- d-----w- c:\users\Karlos\AppData\Roaming\Lavasoft
2015-03-21 19:50 . 2015-04-02 16:48 -------- d-----w- c:\programdata\Lavasoft
2015-03-11 10:59 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-11 10:59 . 2015-01-17 02:30 828928 ----a-w- c:\windows\system32\msctf.dll
2015-03-11 10:57 . 2015-02-20 04:13 26624 ----a-w- c:\windows\system32\lpk.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-06 05:10 . 2015-03-11 10:57 248832 ----a-w- c:\windows\system32\schannel.dll
2015-02-12 05:23 . 2015-02-12 05:23 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2015-02-12 05:23 . 2015-02-12 05:23 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2015-02-06 10:36 . 2013-01-13 16:22 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-06 10:36 . 2013-01-13 15:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-23 08:27 . 2015-01-23 08:28 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 15:58 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31087200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"uni mouse driver"="c:\mouse driver\mouse_driver.exe" [2011-11-09 2972672]
"uni mouse driver tilt"="c:\mouse driver\wh_exec.exe" [2010-10-04 147456]
"KeePass 2 PreLoad"="d:\dokumenty 2\Prog files 2\KeePass Password Safe 2\KeePass.exe" [2014-10-07 2109952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
R1 sikyvtkt;sikyvtkt;c:\windows\system32\drivers\sikyvtkt.sys [x]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-03-17 51928]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-21 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-04 414520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-04 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-04 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-04 71944]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2004-10-04 75925]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-03-17 23256]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 7424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-01 17:17 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 10:36]
.
2015-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-19 19:35]
.
2015-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-19 19:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ijv7svz9.default-1422124079010\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
AddRemove-Absolute Uninstaller - c:\program files\Absolute Uninstaller 5\uninst.exe
AddRemove-BitLord - c:\program files\BitLord\uninst.exe
AddRemove-Minecraft1.6.2 - c:\users\Karlos\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
AddRemove-{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 - c:\program files\Skillbrains\lightshot\unins000.exe
AddRemove-{6BDCC0B7-AB6E-7079-865F-B33009BB0F61}_is1 - c:\program files\FRAPS cracked pln verze 3.5.9 CZ FULL\unins000.exe
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.{B64FB731-E231-49F7-B030-6A54969FC8AE}\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.{B64FB731-E231-49F7-B030-6A54969FC8AE}\NVI2.DLL
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-04-02 19:19:45
ComboFix-quarantined-files.txt 2015-04-02 17:19
.
Před spuštěním: 3 404 181 504
Po spuštění: 3 301 085 184
.
- - End Of File - - 6492F6CF5499A1EDB18F3A8CDAA19503
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 02 dub 2015 19:32

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\system32\drivers\sikyvtkt.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Skype\Updater
c:\program files\Google\Update

Driver::
sikyvtkt
SkypeUpdate


RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Death at Comp · Příspěvekod **Death at Comp** » 02 dub 2015 20:40

Zde jsou logy:

ComboFix 15-04-01.01 - Karlos 02.04.2015 19:46:06.2.2 - x86 MINIMAL
Microsoft Windows 7 Starter 6.1.7601.1.1250.420.1029.18.2048.1282 [GMT 2:00]
Spuštěný z: c:\users\Karlos\Desktop\Bezpečnost\ComboFix.exe
Použité ovládací přepínače :: c:\users\Karlos\Desktop\CFScript.txt.txt
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\system32\drivers\sikyvtkt.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.26.9\GoogleUpdate.exe
c:\program files\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.26.9\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
c:\program files\Google\Update\1.3.26.9\goopdate.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_am.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_ar.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_bg.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_bn.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_ca.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_cs.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_da.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_de.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_el.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_en.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_es.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_et.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_fa.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_fi.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_fil.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_fr.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_gu.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_hi.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_hr.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_hu.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_id.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_is.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_it.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_iw.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_ja.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_kn.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_ko.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_lt.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_lv.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_ml.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_mr.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_ms.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_nl.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_no.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_pl.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_ro.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_ru.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_sk.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_sl.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_sr.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_sv.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_sw.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_ta.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_te.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_th.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_tr.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_uk.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_ur.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_vi.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.26.9\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.26.9\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.26.9\psmachine.dll
c:\program files\Google\Update\1.3.26.9\psmachine_64.dll
c:\program files\Google\Update\1.3.26.9\psuser.dll
c:\program files\Google\Update\1.3.26.9\psuser_64.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\41.0.2272.101\41.0.2272.101_40.0.2214.115_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\Install\{1DC2ED5C-DD27-4457-B25C-74A12A12CD31}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files\Google\Update\Install\{5923082D-2AA4-4199-8D44-712142A716E2}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
c:\program files\Google\Update\Install\{5D244579-A144-4C8B-BC66-5535E08E4300}\40.0.2214.111_40.0.2214.94_chrome_updater.exe
c:\program files\Google\Update\Install\{6D1D8067-CD82-45A7-BEDA-3B0371CB97F1}\40.0.2214.111_40.0.2214.94_chrome_updater.exe
c:\program files\Google\Update\Install\{9F015124-4BC0-4182-AB5C-EC939BC42377}\41.0.2272.101_40.0.2214.115_chrome_updater.exe
c:\program files\Google\Update\Install\{B9291985-5BB5-40BA-B0B8-AA3DF9C6BDB2}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Install\{EB136D1E-BA78-456A-9A14-03C6F587FA69}\40.0.2214.94_chrome_installer.exe
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_sikyvtkt
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-02 do 2015-04-02 )))))))))))))))))))))))))))))))
.
.
2015-04-02 17:55 . 2015-04-02 17:59 -------- d-----w- c:\users\Karlos\AppData\Local\temp
2015-04-02 17:55 . 2015-04-02 17:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-04-02 17:55 . 2015-04-02 17:55 -------- d-----w- c:\users\UpdatusUser.KarlosuvComp\AppData\Local\temp
2015-04-02 17:55 . 2015-04-02 17:55 -------- d-----w- c:\users\UpdatusUser.KarlosuvComp.000\AppData\Local\temp
2015-04-02 17:55 . 2015-04-02 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-02 16:50 . 2015-04-02 16:28 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-02 16:28 . 2015-04-02 16:47 -------- d-----w- C:\zoek_backup
2015-04-01 19:56 . 2015-04-02 16:06 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-01 19:56 . 2015-04-01 20:07 -------- d-----w- c:\programdata\RogueKiller
2015-04-01 19:24 . 2015-04-01 19:24 -------- d-----w- C:\RegBackup
2015-04-01 17:42 . 2015-04-02 15:47 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-01 17:42 . 2015-04-01 17:42 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-01 17:42 . 2015-04-01 17:42 -------- d-----w- c:\programdata\Malwarebytes
2015-04-01 17:42 . 2015-03-17 04:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-01 17:42 . 2015-03-17 04:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-01 17:42 . 2015-03-17 04:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-01 17:33 . 2015-04-01 19:11 -------- d-----w- C:\AdwCleaner
2015-03-22 01:02 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D3E5A2B-EE29-4E93-AEBE-5FA8A794C8F1}\mpengine.dll
2015-03-21 20:01 . 2015-03-21 20:01 -------- d-----w- C:\VideoRotator
2015-03-21 19:54 . 2015-04-02 16:48 -------- d-----w- c:\users\Karlos\AppData\Local\Lavasoft
2015-03-21 19:52 . 2015-04-02 16:48 -------- d-----w- c:\program files\Lavasoft
2015-03-21 19:50 . 2015-03-21 19:50 -------- d-----w- c:\users\Karlos\AppData\Roaming\Lavasoft
2015-03-21 19:50 . 2015-04-02 16:48 -------- d-----w- c:\programdata\Lavasoft
2015-03-11 10:59 . 2015-01-17 02:30 828928 ----a-w- c:\windows\system32\msctf.dll
2015-03-11 10:57 . 2015-02-20 04:13 26624 ----a-w- c:\windows\system32\lpk.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-06 05:10 . 2015-03-11 10:57 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-06 05:10 . 2015-03-11 10:57 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 10:57 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-06 05:10 . 2015-03-11 10:57 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-06 05:10 . 2015-03-11 10:57 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-11 10:57 22016 ----a-w- c:\windows\system32\secur32.dll
2015-02-26 03:11 . 2015-03-11 10:58 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 02:09 . 2015-03-11 10:58 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-02-20 01:01 . 2015-03-11 10:58 1888256 ----a-w- c:\windows\system32\wininet.dll
2015-02-12 05:23 . 2015-02-12 05:23 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2015-02-12 05:23 . 2015-02-12 05:23 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2015-02-06 10:36 . 2013-01-13 16:22 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-06 10:36 . 2013-01-13 15:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 02:54 . 2015-03-11 10:57 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-03 03:12 . 2015-03-11 10:57 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:12 . 2015-03-11 10:57 617984 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 10:59 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 10:57 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:12 . 2015-03-11 10:57 400896 ----a-w- c:\windows\system32\srcore.dll
2015-02-03 03:12 . 2015-03-11 10:57 43008 ----a-w- c:\windows\system32\srclient.dll
2015-02-03 03:12 . 2015-03-11 10:57 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:12 . 2015-03-11 10:57 8192 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:12 . 2015-03-11 10:57 69632 ----a-w- c:\windows\system32\smss.exe
2015-02-03 03:11 . 2015-03-11 10:57 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-02-03 03:11 . 2015-03-11 10:57 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:11 . 2015-03-11 10:57 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2015-01-23 08:27 . 2015-01-23 08:28 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-04 15:58 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2015-01-23 31087200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"uni mouse driver"="c:\mouse driver\mouse_driver.exe" [2011-11-09 2972672]
"uni mouse driver tilt"="c:\mouse driver\wh_exec.exe" [2010-10-04 147456]
"KeePass 2 PreLoad"="d:\dokumenty 2\Prog files 2\KeePass Password Safe 2\KeePass.exe" [2014-10-07 2109952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-03-17 1080120]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-03-17 51928]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-21 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-08-04 414520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-08-04 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-08-04 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-08-04 71944]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2004-10-04 75925]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-03-17 23256]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 7424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-01 17:17 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 10:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Karlos\AppData\Roaming\Mozilla\Firefox\Profiles\ijv7svz9.default-1422124079010\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1316)
c:\mouse driver\wh_hook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\common files\Chameleon Manager\monitor.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\AUDIODG.EXE
.
**************************************************************************
.
Celkový čas: 2015-04-02 20:05:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-04-02 18:05
ComboFix2.txt 2015-04-02 17:19
.
Před spuštěním: 3 389 227 008
Po spuštění: 3 418 058 752
.
- - End Of File - - DB92F520DCAB812ABD48DFE3D3AB3646
A36C5E4F47E84449FF07ED3517B43A31

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:09:27, on 2.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)

FIREFOX: 36.0.4 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Mouse driver\mouse_driver.exe
C:\Mouse driver\wh_exec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Users\Karlos\Desktop\Bezpečnost\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Reader 11.0\Reader\Reader_sl.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... clid=22668
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [uni mouse driver] "C:\Mouse driver\mouse_driver.exe" /hide
O4 - HKLM\..\Run: [uni mouse driver tilt] "C:\Mouse driver\wh_exec.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "D:\Dokumenty 2\Prog files 2\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 4447 bytes

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-04-02 20:11:38
-----------------------------
20:11:38.330 OS Version: Windows 6.1.7601 Service Pack 1
20:11:38.330 Number of processors: 2 586 0x6B02
20:11:38.330 ComputerName: KARLOSUVCOMP UserName: Karlos
20:11:41.824 Initialize success
20:11:42.014 VM: initialized successfully
20:11:42.014 VM: Amd CPU virtualization not supported
20:11:46.680 AVAST engine defs: 15040202
20:13:48.207 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:13:48.217 Disk 0 Vendor: ST3120213A 3.AAA Size: 114472MB BusType: 3
20:13:48.227 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-3
20:13:48.237 Disk 1 Vendor: ST3320620AS 3.AAC Size: 305244MB BusType: 3
20:13:48.447 Disk 0 MBR read successfully
20:13:48.457 Disk 0 MBR scan
20:13:48.467 Disk 0 Windows 7 default MBR code
20:13:48.467 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114463 MB offset 63
20:13:48.487 Disk 0 default boot code
20:13:48.527 Disk 0 scanning sectors +234420480
20:13:48.797 Disk 0 scanning C:\Windows\system32\drivers
20:14:01.031 Service scanning
20:15:15.897 Modules scanning
20:15:15.917 Disk 0 trace - called modules:
20:15:15.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:15:15.947 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e82778]
20:15:15.957 3 CLASSPNP.SYS[8930e59e] -> nt!IofCallDriver -> [0x85996f08]
20:15:15.967 5 ACPI.sys[8377d3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b4610]
20:15:16.307 AVAST engine scan C:\Windows
20:15:22.447 AVAST engine scan C:\Windows\system32
20:17:55.109 AVAST engine scan C:\Windows\system32\drivers
20:18:10.363 AVAST engine scan C:\Users\Karlos
20:24:05.952 File: C:\Users\Karlos\Desktop\Bezpečnost\zoek.exe **INFECTED** Win32:Malware-gen
20:28:48.644 AVAST engine scan C:\ProgramData
20:32:26.746 Disk 0 statistics 3016975/0/0 @ 1,72 MB/s
20:32:26.756 Scan finished successfully
20:36:16.265 Disk 0 MBR has been saved successfully to "C:\Users\Karlos\Desktop\Bezpečnost\MBR.dat"
20:36:16.273 The log file has been saved successfully to "C:\Users\Karlos\Desktop\Bezpečnost\aswMBR.txt"

Prosím o kontrolu logu

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online