PC-HELP.CZ

Dobrý den, poslední dobou mi jde nějak hůř počítač a dočetl jsem se zde o použití HiJackThis.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:56:27, on 13.3.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16540)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HIJACKTHIS\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mr.Black\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MIC489~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIC489~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) - Airytec - C:\Program Files\Airytec\Switch Off\swoff.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13605 bytes

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

ATF nepůjde, používám Chrome

Adw používám často

# AdwCleaner v3.018 - Report created 13/03/2014 at 20:38:46
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mr.Black - STANDART
# Running from : C:\Program Files (x86)\AdwCleaner v3.018\AdwCleaner v3.018.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v

[ File : C:\Users\Mr.Black\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


[ File : C:\Users\Mr.Black\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


-\\ Google Chrome v33.0.1750.149

[ File : C:\Users\Mr.Black\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [33393 octets] - [25/10/2013 09:24:00]
AdwCleaner[R1].txt - [1173 octets] - [25/10/2013 09:39:54]
AdwCleaner[R2].txt - [1232 octets] - [27/10/2013 21:43:43]
AdwCleaner[R3].txt - [1292 octets] - [29/10/2013 13:49:37]
AdwCleaner[R4].txt - [1352 octets] - [26/11/2013 13:51:21]
AdwCleaner[R5].txt - [1909 octets] - [21/12/2013 18:53:21]
AdwCleaner[R6].txt - [1446 octets] - [26/12/2013 14:36:21]
AdwCleaner[R7].txt - [1566 octets] - [28/02/2014 01:25:20]
AdwCleaner[R8].txt - [1340 octets] - [13/03/2014 20:38:46]
AdwCleaner[S0].txt - [31995 octets] - [25/10/2013 09:25:52]
AdwCleaner[S1].txt - [1939 octets] - [21/12/2013 18:54:18]
AdwCleaner[S2].txt - [1507 octets] - [26/12/2013 14:36:59]
AdwCleaner[S3].txt - [1627 octets] - [28/02/2014 01:26:14]

########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [1641 octets] ##########


MBAM jsem stáhl

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.03.13.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mr.Black :: STANDART [administrátor]

Ochrana: Povolena

13.3.2014 20:07:31
MBAM-log-2014-03-13 (20-18-43).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 227881
Uplynulý čas: 10 minut, 47 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Nebyla provedena žádná instrukce.
HKCU\Software\outobox (PUP.Optional.Outobox.A) -> Nebyla provedena žádná instrukce.
HKLM\Software\outobox (PUP.Optional.Outobox.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {829C1118-E876-11E0-93A5-CC52AFA69080} -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 3
C:\Program Files (x86)\outobox (PUP.Optional.Outobox.A) -> Nebyla provedena žádná instrukce.
C:\Users\Mr.Black\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\Mr.Black\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 6
C:\Windows\inf\ntvdm.inf (Malware.Trace) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\outobox\outobox.ico (PUP.Optional.Outobox.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\outobox\outoboxUninstall.exe (PUP.Optional.Outobox.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\outobox\sqlite3.exe (PUP.Optional.Outobox.A) -> Nebyla provedena žádná instrukce.
C:\Users\Mr.Black\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.
C:\Users\Mr.Black\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Nebyla provedena žádná instrukce.

(konec)



Zároveň dost často používám CCleaner...

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mr.Black on po 17.03.2014 at 9:50:03,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1961363616-1423415959-843350888-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etype_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypesetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeuninstall_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\etypeupdate_rasmancs
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\bProtector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7A086A81-4252-ADEE-92EA-7686BCE7EA9A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7A086A81-4252-ADEE-92EA-7686BCE7EA9A}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Mr.Black\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Program Files (x86)\outobox"
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{0378DC3A-E9B2-4001-A149-9D338BB7BAD7}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{0ED0FDCF-2BAD-4F61-9E80-D497018D5F0F}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{1107C58E-62C4-4827-8A54-4BA532406474}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{123B94EB-2D88-408C-91C0-3DB0B27A97AE}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{196488F5-24C7-4ACF-AA6D-297CF63552BC}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{1B10A1E4-06EB-4BEF-84DB-2684D26CCDFD}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{1E7DA4CA-9E95-4F29-BC5F-5F21B5EB7F1F}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{239FC72C-1449-4097-9627-2236C2F6AF5C}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{28B30C32-2F97-43D6-88B6-EA957A32C8F7}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{2CCE2214-0B86-4DD0-8940-AC5CF3C52BF2}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{2DC3AB67-57B3-46EC-8199-0182023AE8AB}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{2E5A590A-1B36-4FB7-B34D-054360490689}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{377E91DB-157B-4B19-A733-CD264982CA55}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{3CAF0180-8D91-4ED6-8728-83A7A3825DD1}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{3CE9B8FE-DDF3-488F-BB66-F67632200650}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{40C58761-B831-4063-84C0-CDFEFBE3B818}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{417A0039-464D-4A56-A3F5-B85984C5B7AF}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{574C7CC7-BD39-4B5E-9073-580B521E6724}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{5C65B9FC-A92B-4ECD-A5D4-6747F862EE11}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{5C8B5089-0316-40AE-BB1F-D958780FE6A2}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{5E5805A9-E360-4A3E-B48A-32F381A5961F}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{62DD4B53-0283-4670-80AB-208E4F59B523}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{63E1C5C7-D420-47DE-9126-95091B3ACE0C}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{67759F18-EB07-432F-B089-B71D90817942}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{6798B210-0240-4E80-9059-0555C5724800}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{6DA74211-3B85-4C64-A57D-0F421EBB5FF7}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{6FE9E071-F7D7-4DDE-8EFA-C5DDC09857EC}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{73BEFC42-8E43-4095-B21C-89D478668AC6}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{76379831-74AD-4F63-9194-87E7897F3C9E}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{77209002-B5BA-4208-A830-6094415B995F}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{7836665E-D85B-4207-984D-649A9E8CEB07}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{78F7DD2C-AE36-4F7E-BD3F-B682E2030DEB}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{7B1A13E2-4A64-4760-9C9F-CE3049E44184}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{7ED22CBA-CEC5-4F01-84E4-9BBC89BD7A0D}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{8456144C-AA0F-497A-B172-C34A6B7A8441}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{86899A4A-48FB-4166-B319-B45733044989}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{8E90EC1A-85D2-488D-BDE8-198A87A088C5}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{91445C25-1E8A-4A9F-9705-509D396B1319}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{96718379-0332-463A-83C5-DC0A4DF002D5}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{96865788-E82B-4D95-80BF-8C38EAA8A7A1}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{98177CA8-5D09-4C5F-A41A-97341BE4B0A7}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{9887FCDB-546E-4D41-95D6-96B513A7DD9B}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{9B271848-06B2-4224-B058-16D3BB137354}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{A30877D1-E158-413D-A4D5-72BF919E66FD}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{A38D4BA2-FA2A-4587-B792-3B1821EB661D}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{B133D4FD-7803-47DE-A84A-372917F5153E}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{B5D18015-70E4-42B5-9F6B-D5DA921F4777}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{B6F74064-2111-43E8-9358-ED002ECC913F}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{BE39CD72-8D5F-4206-8392-7054912C0DD6}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{C149B4EF-206B-4916-9FBC-17C809B6FC4F}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{C6B8A5A1-3B69-41BD-B518-9099607A34A3}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{CA8C3FA0-C115-4E71-93C4-22882544454E}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{D745F62A-A7B7-4D17-BE84-F8D82E95AABC}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{D9023CBC-867A-49D5-AACA-4A6CDE03337E}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{DA8F28AB-48BD-45D8-ABCA-0F2FF49DA7D6}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{E2F7BC87-1514-471A-8026-FBBCDBB73B3A}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{E4765C01-8E75-4947-9F87-2DF9C5C890C1}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{E7386CBB-4768-4481-BCFF-7806D4E3CBB2}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{ECE51BB5-176A-497D-AC42-79344A248554}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{EE493E71-DA32-405D-A2D1-77F808EA267E}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{F24E3004-9BCC-427A-8625-B39192AEB5AE}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{F431A4AE-603B-4B3B-90C1-3FA40A4ED687}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{F7E8025E-88D2-4344-B916-EF2FF5EAB60A}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{FDB0DFF5-94AA-4FEA-AE75-CB7C2CCFED2E}
Successfully deleted: [Empty Folder] C:\Users\Mr.Black\appdata\local\{FEE6B758-EC49-482A-8527-89B654171327}



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 17.03.2014 at 10:04:55,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.03.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mr.Black :: STANDART [administrátor]

Ochrana: Povolena

17.3.2014 10:37:04
mbam-log-2014-03-17 (10-37-04).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 228313
Uplynulý čas: 10 minut, 46 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKCU\Software\outobox (PUP.Optional.Outobox.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\Software\outobox (PUP.Optional.Outobox.A) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Users\Mr.Black\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Mr.Black\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Přesun do karantény a smazání se zdařilo.

Nalezené soubory: 4
C:\Windows\System32\lcpmnchsmewk.exe (PUP.BitCoinMiner) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\inf\ntvdm.inf (Malware.Trace) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Mr.Black\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\Mr.Black\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Přesun do karantény a smazání se zdařilo.

(konec)



RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Mr.Black [Práva správce]
Mód : Kontrola -- Datum : 03/17/2014 11:19:01
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 10 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 2 ¤¤¤
[V2][SUSP PATH] {7A288BA2-5A45-4A2C-9CC2-713D21D68A54} : C:\Users\Mr.Black\Desktop\Battlefield 2 Special Forces\BF2sf\setup.exe [x] -> NALEZENO
[V2][SUSP PATH] {C4661884-6CDE-43E1-AFA3-F2D2A626C91A} : C:\Users\Mr.Black\Desktop\Battlefield 2 Special Forces\BF2sf\setup.exe [x] -> NALEZENO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM641JI +++++
--- User ---
[MBR] ccb68550435fd744644a45376fd363ad
[BSP] 58f3b8a7e114b7f8bd852ff1a991865a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593836 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1216585728 | Size: 16340 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] a9e2804f5a28a09c9cd6068ecb2816a7
[BSP] b95569a2410c0568a61e9ebbd05d1e5c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 409600 | Size: 77824 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 159793152 | Size: 40000 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 241713152 | Size: 800 Mo

Dokončeno : << RKreport[0]_S_03172014_111901.txt >>

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Mr.Black [Práva správce]
Mód : Odebrat -- Datum : 03/18/2014 01:02:53
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 10 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 2 ¤¤¤
[V2][SUSP PATH] {7A288BA2-5A45-4A2C-9CC2-713D21D68A54} : C:\Users\Mr.Black\Desktop\Battlefield 2 Special Forces\BF2sf\setup.exe [x] -> VYMAZÁNO
[V2][SUSP PATH] {C4661884-6CDE-43E1-AFA3-F2D2A626C91A} : C:\Users\Mr.Black\Desktop\Battlefield 2 Special Forces\BF2sf\setup.exe [x] -> VYMAZÁNO

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM641JI +++++
--- User ---
[MBR] ccb68550435fd744644a45376fd363ad
[BSP] 58f3b8a7e114b7f8bd852ff1a991865a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 593836 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1216585728 | Size: 16340 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] a9e2804f5a28a09c9cd6068ecb2816a7
[BSP] b95569a2410c0568a61e9ebbd05d1e5c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 409600 | Size: 77824 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 159793152 | Size: 40000 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 241713152 | Size: 800 Mo

Dokončeno : << RKreport[0]_D_03182014_010253.txt >>
RKreport[0]_S_03182014_010131.txt

TDSS log mi sem nejde vložit, takže ve zkratce posílám jen začátek a konec - program stejně žádný problém neobjevil


01:05:04.0252 0x178c TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
01:05:12.0427 0x178c ============================================================
01:05:12.0427 0x178c Current date / time: 2014/03/18 01:05:12.0427
01:05:12.0427 0x178c SystemInfo:
01:05:12.0427 0x178c
01:05:12.0427 0x178c OS Version: 6.1.7601 ServicePack: 1.0
01:05:12.0427 0x178c Product type: Workstation
01:05:12.0427 0x178c ComputerName: STANDART
01:05:12.0427 0x178c UserName: Mr.Black
01:05:12.0427 0x178c Windows directory: C:\Windows
01:05:12.0427 0x178c System windows directory: C:\Windows
01:05:12.0427 0x178c Running under WOW64
01:05:12.0427 0x178c Processor architecture: Intel x64
01:05:12.0427 0x178c Number of processors: 4
01:05:12.0427 0x178c Page size: 0x1000
01:05:12.0427 0x178c Boot type: Normal boot
01:05:12.0427 0x178c ============================================================

01:06:22.0003 0x0584 AV detected via SS2: ESET Smart Security 5.0, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 5.0.93.8 ), 0x41000 ( enabled : updated )
01:06:22.0003 0x0584 FW detected via SS2: ESET personal firewall, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 5.0.93.8 ), 0x41010 ( enabled )
01:06:28.0071 0x0584 ============================================================
01:06:28.0071 0x0584 Scan finished
01:06:28.0071 0x0584 ============================================================
01:06:28.0071 0x16bc Detected object count: 0
01:06:28.0071 0x16bc Actual detected object count: 0
01:06:33.0999 0x1638 Deinitialize success

Pokud se log nevejde, vkládej jej na části.

Co problémy?