Divné vytížení disku; proces system 100% cpu

[tomaraagon]

Divné vytížení disku; proces system jel na 100% cpu až do restartu
Log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:45:01, on 29.08.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)


Boot mode: Normal

Running processes:
A:\Programy-Install\TV\TeamViewer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\NomisCode\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
A:\Programy-Install\Steam\Steam.exe
A:\Programy-Install\Feed Notifier\notifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
A:\Programy-Install\Steam\bin\steamwebhelper.exe
A:\Programy-Install\Steam\bin\steamwebhelper.exe
A:\Chrome Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ControlCenterCount] A:\Programy-Install\ControlCenter\ControlCenterCount.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\NomisCode\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_988A2ABFF3F2E308405E4D3274E32CF2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [Discord] C:\Users\NomisCode\AppData\Local\Discord\app-0.0.296\Discord.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\NomisCode\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Users\NomisCode\AppData\Roaming\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [f.lux] "C:\Users\NomisCode\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Steam] "A:\Programy-Install\Steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\NomisCode\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\NomisCode\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
O4 - Startup: Feed Notifier.lnk = A:\Programy-Install\Feed Notifier\notifier.exe
O4 - Startup: Rainmeter.lnk = A:\Programy-Install\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://A:\Programy-Install\Office\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{deee0b6d-8cf7-49aa-a718-951ae2e58ad1}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - A:\Programy-Install\ESET\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - A:\Programy-Install\TV\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - A:\Programy-Install\Vmware\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\SysWoW64\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\SysWoW64\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: wampapache64 - Apache Software Foundation - A:\wamp64\bin\apache\apache2.4.18\bin\httpd.exe
O23 - Service: wampmysqld64 - Unknown owner - A:\wamp64\bin\mysql\mysql5.7.11\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11186 bytes

[Reklama]

[jaro3]

Nedávej logy do code.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
http://www.geekstogo.com/forum/files/fi ... -oldtimer/
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Scan“
Po skenu klikni na „Logfile“ ,objeví se okno „Log Manager“ a pak poklepej na odpovídající log , který se otevře. ( jinak je uložen systémovem disku jako AdwCleaner[S?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Uložit výsledky a vyber zkopírovat do schránky a vlož sem celý log.
-jinak se log nachází zde: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[tomaraagon]

Nechápu proč, ale nikde mi nefunguje copy, paste. Ani za pomocí myši. Hodil bych to sem jako soubor, ale přípona txt není povolena....

[jaro3]

A kdy to začalo? Nejde ani Ctrl+C a Ctrlr+V?

HJT si sem přeci vložil..

Tak to pošli na
http://leteckaposta.cz/

a sem vlož odkazy.

[tomaraagon]

No včera jsem ještě mohl :) Vlastně dneska v 1 ráno... dnes už mi to nejde, nevím po čem, před vkládáním sem jsem nezkoušel...
http://www.leteckaposta.cz/607832755

[tomaraagon]

# AdwCleaner v6.010 - Logfile created 30/08/2016 at 10:00:19
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : NomisCode - SIMON-PC
# Running from : C:\Users\NomisCode\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Feed Notifier


***** [ Files ] *****

File Found: C:\Users\NomisCode\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk
File Found: C:\WINDOWS\Reimage.ini


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found: [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found: [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found: [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found: [x64] HKLM\SOFTWARE\Reimage
Key Found: HKU\S-1-5-21-665989666-2737453905-3376230979-1001\Software\Reimage
Key Found: HKU\S-1-5-21-665989666-2737453905-3376230979-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found: HKCU\Software\Reimage
Key Found: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1
Key Found: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.yahoo.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.babylon.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - babylon.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - delta-search.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - r
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - mysearch.avg.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - mystart.incredibar.com/
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - camera-windows-8.en.softonic.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - mycam.en.softonic.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - world-of-warcraft-warlords-of-draenor.en.softonic.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - realtek-hd-audio-drivers-vista.en.softonic.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - free-keylogger.en.softonic.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ambjmeohlajelahhhniggkkceagdlcgj

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [4373 Bytes] - [30/08/2016 10:00:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4446 Bytes] ##########

[tomaraagon]

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Datum skenování: 30.08.2016
Čas skenování: 10:14
Protokol: mbam.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.08.30.05
Databáze rootkitů: v2016.08.15.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: NomisCode

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 321882
Uplynulý čas: 10 min, 51 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 3
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\A25ABB12_0, , [f04d2c255a4088ae4639fde75aa90ef2],
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\B19459A_0, , [bd8087ca8c0e26103d420ed69f64ee12],
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\BAB206AF_0, , [ba8330211486bb7b4639dc0819eaa55b],

Hodnoty registru: 3
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\a25abb12_0, {2}.\\?\hdaudio#func_01&ven_10ec&dev_0887&subsys_1462d788&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\elineouttopo/00010001|\Device\HarddiskVolume3\Programy-Install\Feed Notifier\notifier.exe%b{00000000-0000-0000-0000-000000000000}, , [f04d2c255a4088ae4639fde75aa90ef2]
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\b19459a_0, {2}.\\?\hdaudio#func_01&ven_10de&dev_0072&subsys_14623202&rev_1001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topo00/00010001|\Device\HarddiskVolume3\Programy-Install\Feed Notifier\notifier.exe%b{00000000-0000-0000-0000-000000000000}, , [bd8087ca8c0e26103d420ed69f64ee12]
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\bab206af_0, {2}.\\?\hdaudio#func_01&ven_10ec&dev_0887&subsys_1462d788&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume3\Programy-Install\Feed Notifier\notifier.exe%b{00000000-0000-0000-0000-000000000000}, , [ba8330211486bb7b4639dc0819eaa55b]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.FeedNotifier, C:\Users\NomisCode\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk, , [58e5e66b44560e282c385192e61d5fa1],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[tomaraagon]

Tak jsem šel vyzkoušet copy a paste do exploreru, tam fungoval a poté začal fungovat i s texty... Absolutně nechápu co se stalo

[Orcus]

- Spusť znovu MbAM a dej Skenovat nyní
- Po proběhnutí programu, se ti objeví hláška, tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

====================================================

- Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
- Klikni na „ Smazat“
- Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[tomaraagon]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 30.08.2016
Čas skenování: 11:01
Protokol: mbam2.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.08.30.05
Databáze rootkitů: v2016.08.15.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: NomisCode

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 321882
Uplynulý čas: 11 min, 31 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 3
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\A25ABB12_0, Do karantény, [f04d2c255a4088ae4639fde75aa90ef2],
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\B19459A_0, Do karantény, [bd8087ca8c0e26103d420ed69f64ee12],
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\BAB206AF_0, Do karantény, [ba8330211486bb7b4639dc0819eaa55b],

Hodnoty registru: 3
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\a25abb12_0, {2}.\\?\hdaudio#func_01&ven_10ec&dev_0887&subsys_1462d788&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\elineouttopo/00010001|\Device\HarddiskVolume3\Programy-Install\Feed Notifier\notifier.exe%b{00000000-0000-0000-0000-000000000000}, Do karantény, [f04d2c255a4088ae4639fde75aa90ef2]
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\b19459a_0, {2}.\\?\hdaudio#func_01&ven_10de&dev_0072&subsys_14623202&rev_1001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topo00/00010001|\Device\HarddiskVolume3\Programy-Install\Feed Notifier\notifier.exe%b{00000000-0000-0000-0000-000000000000}, Do karantény, [bd8087ca8c0e26103d420ed69f64ee12]
PUP.Optional.FeedNotifier, HKU\S-1-5-21-665989666-2737453905-3376230979-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\bab206af_0, {2}.\\?\hdaudio#func_01&ven_10ec&dev_0887&subsys_1462d788&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume3\Programy-Install\Feed Notifier\notifier.exe%b{00000000-0000-0000-0000-000000000000}, Do karantény, [ba8330211486bb7b4639dc0819eaa55b]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.FeedNotifier, C:\Users\NomisCode\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk, Žádná akce od uživatele, [58e5e66b44560e282c385192e61d5fa1],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

[tomaraagon]

# AdwCleaner v6.010 - Logfile created 30/08/2016 at 11:06:23
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : NomisCode - SIMON-PC
# Running from : C:\Users\NomisCode\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[!] Folder not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Feed Notifier


***** [ Files ] *****

[!] File not deleted: C:\Users\NomisCode\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk
[-] File deleted: C:\WINDOWS\Reimage.ini


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Key deleted: HKU\S-1-5-21-665989666-2737453905-3376230979-1001\Software\Reimage
[-] Key deleted: HKU\S-1-5-21-665989666-2737453905-3376230979-1001\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Key deleted on reboot: HKCU\Software\Reimage
[#] Key deleted on reboot: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL


***** [ Web browsers ] *****

[-] [C:\Users\NomisCode\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ambjmeohlajelahhhniggkkceagdlcgj


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2696 Bytes] - [30/08/2016 11:06:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [4545 Bytes] - [30/08/2016 10:00:19]
C:\AdwCleaner\AdwCleaner[S1].txt - [2921 Bytes] - [30/08/2016 11:05:06]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2915 Bytes] ##########

[tomaraagon]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64
Ran by NomisCode (Administrator) on 30.08.2016 at 11:11:02,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_988A2ABFF3F2E308405E4D3274E32CF2 (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.08.2016 at 11:13:08,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~