Notebook samovolně přejde do režimu spánku. Vyřešeno

[T0m1k]

Notebook samovolně přejde do režimu spánku. Nejdřív jsem si myslel, že se přehřál, ale pak jsem zjistil, že to tím není. Děkuji za všem za pomoc.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:09:36, on 1.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP ... 6&tsp=4981
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 110.232.72.174:8080
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

--
End of file - 11869 bytes

[Reklama]

[memphisto]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[T0m1k]

# AdwCleaner v3.001 - Report created 01/09/2013 at 17:26:06
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : King - KING-HP
# Running from : C:\Users\King\riotsGamesLogs\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\ProgramData\Babylon
Folder Found C:\Users\King\AppData\Roaming\Babylon
Folder Found C:\Users\King\AppData\Roaming\DriverCure

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BrowseFox_Setup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BrowseFox_Setup_RASMANCS
Key Found : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www1.delta-search.com/?babsrc=HP ... 6&tsp=4981

-\\ Google Chrome v

[ File : C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1456 octets] - [01/09/2013 17:26:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1516 octets] ##########

[T0m1k]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
King :: KING-HP [administrátor]

1.9.2013 17:29:34
MBAM-log-2013-09-01 (17-34-10).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 223467
Uplynulý čas: 4 minut, 20 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Špatný: (http://www1.delta-search.com/?babsrc=HP ... 6&tsp=4981) Dobrý: (http://www.google.com) -> Nebyla provedena žádná instrukce.

Nalezené složky: 1
C:\Users\King\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 1
C:\Users\King\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.

(konec)

[memphisto]

v adw i mbam nech všechno smazat a dodej logy po smazání

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

[T0m1k]

# AdwCleaner v3.001 - Report created 01/09/2013 at 22:12:03
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : King - KING-HP
# Running from : C:\Users\King\riotsGamesLogs\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\King\AppData\Roaming\Babylon
Folder Deleted : C:\Users\King\AppData\Roaming\DriverCure

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BrowseFox_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BrowseFox_Setup_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v

[ File : C:\Users\King\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1604 octets] - [01/09/2013 17:26:06]
AdwCleaner[R1].txt - [1664 octets] - [01/09/2013 22:10:30]
AdwCleaner[S0].txt - [1360 octets] - [01/09/2013 22:12:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1420 octets] ##########

[T0m1k]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
King :: KING-HP [administrátor]

1.9.2013 22:21:20
mbam-log-2013-09-01 (22-21-20).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 223723
Uplynulý čas: 3 minut, 17 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[T0m1k]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by King on ne 01.09.2013 at 22:32:12,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho1219.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1719.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho445C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5438.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5FBF.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho63E1.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6AB4.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6AC0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7A4B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8C18.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8D24.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9EA1.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA2DA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA745.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAB85.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAE88.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB3B3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB644.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC0F4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC782.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC909.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE7CD.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE87B.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEBA4.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEC3C.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoEC4F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF003.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\King\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{140A5704-1A13-49F5-BCFC-2A9F144C8483}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{4AF0E554-F6FD-46A2-A0CD-BEECC73072F4}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{4C631615-567F-41E4-A909-CFE4174CE560}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{5FC05784-646C-406F-BAE5-1584B769F290}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{6DBE0514-D444-4E96-B28C-5A01C5124F7D}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{7A627157-A2F2-474D-A20B-534C45589DC5}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{844D2692-BE1C-4B9F-9229-90A497783117}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{9AF1541A-22F6-4D4D-A61F-D564602A8C61}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{A71FA4FC-373A-4E41-AB21-39803EE739DD}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{AA07B220-5332-4786-B318-96C104CCB327}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{BAD1EF7A-09C1-495B-8EA9-D94FDBCD617F}
Successfully deleted: [Empty Folder] C:\Users\King\appdata\local\{DD1A4703-140A-4D92-ABE6-C62D58B486AE}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 01.09.2013 at 22:40:59,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[T0m1k]

RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : King [Práva správce]
Mód : Kontrola -- Datum : 09/01/2013 22:29:58
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (110.232.72.174:8080) -> NALEZENO

¤¤¤ naplánované úlohy : 4 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2173886629-3575887434-1767682648-1000UA.job : C:\Users\King\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> NALEZENO
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2173886629-3575887434-1767682648-1000Core.job : C:\Users\King\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> NALEZENO
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2173886629-3575887434-1767682648-1000Core : C:\Users\King\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> NALEZENO
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2173886629-3575887434-1767682648-1000UA : C:\Users\King\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> NALEZENO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++
--- User ---
[MBR] 38a10114017a993e23710d339fc4b9a1
[BSP] 8e29a665db2b64c730b56937c1a2ca23 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460700 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943923200 | Size: 15936 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_09012013_222958.txt >>

[memphisto]

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

[T0m1k]

RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : King [Práva správce]
Mód : Odebrat -- Datum : 09/02/2013 12:41:54
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO

¤¤¤ naplánované úlohy : 4 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2173886629-3575887434-1767682648-1000UA.job : C:\Users\King\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> VYMAZÁNO
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2173886629-3575887434-1767682648-1000Core.job : C:\Users\King\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> VYMAZÁNO
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2173886629-3575887434-1767682648-1000Core : C:\Users\King\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> VYMAZÁNO
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2173886629-3575887434-1767682648-1000UA : C:\Users\King\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> VYMAZÁNO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547550A9E384 +++++
--- User ---
[MBR] 38a10114017a993e23710d339fc4b9a1
[BSP] 8e29a665db2b64c730b56937c1a2ca23 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460700 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943923200 | Size: 15936 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_09022013_124154.txt >>
RKreport[0]_S_09012013_222958.txt;RKreport[0]_S_09022013_124151.txt

[T0m1k]

12:45:46.0957 3860 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:45:47.0550 3860 ============================================================
12:45:47.0550 3860 Current date / time: 2013/09/02 12:45:47.0550
12:45:47.0550 3860 SystemInfo:
12:45:47.0550 3860
12:45:47.0550 3860 OS Version: 6.1.7601 ServicePack: 1.0
12:45:47.0550 3860 Product type: Workstation
12:45:47.0550 3860 ComputerName: KING-HP
12:45:47.0550 3860 UserName: King
12:45:47.0550 3860 Windows directory: C:\Windows
12:45:47.0550 3860 System windows directory: C:\Windows
12:45:47.0550 3860 Running under WOW64
12:45:47.0550 3860 Processor architecture: Intel x64
12:45:47.0550 3860 Number of processors: 2
12:45:47.0550 3860 Page size: 0x1000
12:45:47.0550 3860 Boot type: Normal boot
12:45:47.0550 3860 ============================================================
12:45:51.0575 3860 BG loaded
12:45:52.0433 3860 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:52.0448 3860 ============================================================
12:45:52.0448 3860 \Device\Harddisk0\DR0:
12:45:52.0448 3860 MBR partitions:
12:45:52.0448 3860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:45:52.0448 3860 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x383CE000
12:45:52.0448 3860 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38432000, BlocksNum 0x1F20000
12:45:52.0448 3860 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
12:45:52.0448 3860 ============================================================
12:45:52.0526 3860 C: <-> \Device\Harddisk0\DR0\Partition2
12:46:01.0637 3860 D: <-> \Device\Harddisk0\DR0\Partition3
12:46:01.0637 3860 ============================================================
12:46:01.0637 3860 Initialize success
12:46:01.0637 3860 ============================================================
12:47:05.0824 2872 Deinitialize success