PC-HELP.CZ

Raz som si spustil hudbu a zvuk začal sekať, keď som v pc na dačom robil. To isté som si všimol aj pri prehrávaní videa. Prikladám log z HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:28:38, on 30.1.2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16453)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\izzy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Users\izzy\AppData\Local\Akamai\netsession_win.exe
C:\Users\izzy\AppData\Local\Mail.Ru\MailRuUpdater.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
D:\games\GTA IV\Grand Theft Auto IV\Rockstar Games Social Club\1_1_1_0\RGSC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\izzy\AppData\Local\Adobe\OOBE\PDApp\core\PDApp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.ru/cnt/9516
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ???????@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ???????@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files (x86)\Mail.Ru\Sputnik\MailRuSputnik.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [RGSC] D:\games\GTA IV\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\izzy\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [HotKeysCmds] C:\Users\izzy\AppData\Local\Temp\98BF.EXE
O4 - HKCU\..\Run: [MailRuUpdater] C:\Users\izzy\AppData\Local\Mail.Ru\MailRuUpdater.exe
O4 - Startup: WinMySQLadmin.lnk = C:\Program Files (x86)\PHP Home Edition 2\mysql\bin\winmysqladmin.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apache2 - Unknown owner - C:\Program Files (x86)\PHP Home Edition 2\Apache2\bin\Apache.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySql - Unknown owner - C:/PROGRA~2/PHPHOM~1/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - D:\soft\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - D:\soft\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 12887 bytes

všimol som si jednu vec a to neviem, ako sa mi dostalo do pc: mail.ru...eset smart security už pekne dlho nemám, možno by bolo dobré sa tohto smetia zbaviť

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

# AdwCleaner v3.023 - Report created 15/04/2014 at 18:58:22
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : izzy - DANIEL
# Running from : C:\Users\izzy\Downloads\adwcleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Found : C:\Users\izzy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
File Found : C:\Users\izzy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
File Found : C:\Users\izzy\AppData\Local\Temp\Uninstall.exe
Folder Found C:\Program Files (x86)\FTDownloader.com
Folder Found C:\Program Files (x86)\GreenTree Applications
Folder Found C:\Program Files (x86)\VideoPlayerV3
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\DowNlOaod kaeepeR
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\ProgramData\Trymedia
Folder Found C:\ProgramData\WinterSoft
Folder Found C:\Users\izzy\AppData\Local\PutLockerDownloader
Folder Found C:\Users\izzy\AppData\LocalLow\Delta
Folder Found C:\Users\izzy\AppData\LocalLow\Mail.Ru
Folder Found C:\Users\izzy\AppData\Roaming\Babylon
Folder Found C:\Users\izzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Found C:\Users\izzy\AppData\Roaming\OpenCandy
Folder Found C:\Users\izzy\AppData\Roaming\SearchProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\d558bd1b26fe413
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\FTDownloader
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\d558bd1b26fe413
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-search.com/?affID=1197 ... 85DE32D388

-\\ Mozilla Firefox v

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\izzy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5270 octets] - [15/04/2014 18:58:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5330 octets] ##########

mbam mi našiel toho celkom dosť

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15.4.2014
Scan Time: 19:21:48
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.15.08
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: izzy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 289900
Time Elapsed: 18 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 25
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [a5ff88a24e2dc86e9df9d475b151916f],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [a5ff88a24e2dc86e9df9d475b151916f],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, , [20843ded6a11af87c5d532170cf69b65],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DF84E609-C3A4-49CB-A160-61767DAF8899}, , [20843ded6a11af87c5d532170cf69b65],
PUP.Optional.WebCake.A, HKU\S-1-5-21-4293869333-2907957248-834242470-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, , [772d27037cff57dfaaef72d7c43e18e8],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D2285E1-6F61-11ED-9306-0E26F1E1E621}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0D2285E1-6F61-11ED-9306-0E26F1E1E621}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\keeperr, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\keeperr.1.6, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\keeperr, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\keeperr.1.6, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKU\S-1-5-21-4293869333-2907957248-834242470-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0D2285E1-6F61-11ED-9306-0E26F1E1E621}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKU\S-1-5-21-4293869333-2907957248-834242470-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0D2285E1-6F61-11ED-9306-0E26F1E1E621}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{0D2285E1-6F61-11ED-9306-0E26F1E1E621}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-4293869333-2907957248-834242470-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [6b3983a7d7a461d557100c8631d2ad53],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-4293869333-2907957248-834242470-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [584c87a3daa1c76f46a1a2ee9a69fc04],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-4293869333-2907957248-834242470-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [228238f2daa12c0a7175b9d70bf8f60a],
PUP.Optional.Babylon.A, HKU\S-1-5-21-4293869333-2907957248-834242470-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [2b790e1cccaf40f639b7b4dd986b6d93],
PUP.Optional.Softonic.A, HKU\S-1-5-21-4293869333-2907957248-834242470-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [2381e34766156ccac920f474db274fb1],

Registry Values: 1
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta5619.net, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff, , [485c7dadaccf84b2f7c0fc7159a98b75]

Registry Data: 1
PUP.Optional.StartPage, HKU\S-1-5-21-4293869333-2907957248-834242470-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.delta-search.com/?affID=1197 ... 85DE32D388, Good: (http://www.google.com), Bad: (http://www.delta-search.com/?affID=1197 ... 85DE32D388),,[91139694d3a8a591acd82ef523e117e9]

Folders: 10
PUP.Optional.OpenCandy, C:\Users\izzy\AppData\Roaming\OpenCandy, , [2f752cfee2995ed8303fa7b5f9090ef2],
PUP.Optional.OpenCandy, C:\Users\izzy\AppData\Roaming\OpenCandy\50CF0C5EDFA74D8DBAB3716615E5E772, , [2f752cfee2995ed8303fa7b5f9090ef2],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ch, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff\chrome, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff\chrome\content, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff\chrome\content\icons, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff\chrome\content\icons\default, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ie, , [950fa288ec8f290d1f67c3a0d42e03fd],

Files: 26
PUP.Optional.Multiplug, C:\ProgramData\DowNlOaod kaeepeR\CEfUPMm806.dll, , [9a0afb2f1368dd59956c0fae62a1f907],
PUP.Optional.InstalleRex, C:\ProgramData\InstallMate\{044453A1-7C79-4DE5-AF0E-345BDFA77157}\Custom.dll, , [11936bbf116a3afc6db99b93689941bf],
PUP.Optional.OpenCandy.A, C:\Users\izzy\AppData\Roaming\OpenCandy\50CF0C5EDFA74D8DBAB3716615E5E772\LatestDLMgr.exe, , [e1c35cce3942a5910ad2a561d52c8e72],
Trojan.Clicker.CT, C:\Windows\SysWOW64\mrvcl32.exe, , [6f3594965922f442c21e9ae54eb29a66],
Adware.BetterSurf, C:\Users\izzy\AppData\Local\Temp\Setup1.exe, , [a7fdef3b26557bbbffe17fc66998df21],
Trojan.Clicker.CT, C:\Users\izzy\AppData\Local\Temp\mrtC79D.tmp\stdrt.exe, , [158f9991f2893600fae6c9b69a66c739],
Trojan.Clicker.CT, C:\Users\izzy\AppData\Local\Temp\IXP000.TMP\flaudit.exe, , [851f9c8e7a018bab439d5e21f30db24e],
PUP.Optional.Spigot.A, C:\Users\izzy\Downloads\YTDSetup.exe, , [acf85ad034477db90674c85ed030c040],
PUP.RiskwareTool.CK, C:\Users\izzy\Downloads\DIRT.3.V1.1.ALL.SKIDROW.NODVD (1).ZIP, , [6d370f1bd1aa46f0d6ec8006ff01c63a],
PUP.RiskwareTool.CK, C:\Users\izzy\Downloads\DIRT.3.V1.1.ALL.SKIDROW.NODVD.ZIP, , [9410a8820e6d3bfb665c4442d42c7e82],
PUP.Optional.Conduit.A, C:\Users\izzy\Downloads\bs_Stereoscopic_Player.exe, , [8f1567c3f982f541a847f94b13ee14ec],
Malware.Gen.SKR, C:\Users\izzy\Downloads\Call-of-Duty-Black-Ops-2-crack.rar, , [574d18122a515cda23de178c5aa6fe02],
PUP.Optional.Softonic.A, C:\Users\izzy\Downloads\SoftonicDownloader_for_dvr-converter.exe, , [c2e2ba70bcbf51e5275ede3c21e028d8],
PUP.Optional.Softonic.A, C:\Users\izzy\Downloads\SoftonicDownloader_for_playrix-barn-yarn.exe, , [149080aaabd0e05697ee8d8d8879ce32],
PUP.Optional.Opencandy, C:\Users\izzy\Downloads\CrystalDiskInfo6_1_9a-en.exe, , [f4b043e719623ff7d867df2345bf22de],
Trojan.Downloader, C:\Users\izzy\Downloads\active-gif-creator_3.4.zip, , [446098928bf0d0668166ff9658a8b44c],
PUP.Optional.SearchProtect.A, C:\Users\izzy\AppData\Roaming\SearchProtect\Res\SPSetup.exe, , [a202b8724e2d70c646bf95fbf60d659b],
PUP.Optional.OpenCandy, C:\Users\izzy\AppData\Roaming\OpenCandy\50CF0C5EDFA74D8DBAB3716615E5E772\6176.ico, , [2f752cfee2995ed8303fa7b5f9090ef2],
PUP.Optional.OpenCandy, C:\Users\izzy\AppData\Roaming\OpenCandy\50CF0C5EDFA74D8DBAB3716615E5E772\chrometest.html, , [2f752cfee2995ed8303fa7b5f9090ef2],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ch\VideoPlayerV3beta5619.crx, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff\chrome.manifest, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff\install.rdf, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff\chrome\content\ffVideoPlayerV3beta5619.js, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff\chrome\content\overlay.xul, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff\chrome\content\icons\Thumbs.db, , [950fa288ec8f290d1f67c3a0d42e03fd],
PUP.Optional.VideoPlayer.A, C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta5619\ff\chrome\content\icons\default\VideoPlayerV3beta5619_32.png, , [950fa288ec8f290d1f67c3a0d42e03fd],

Physical Sectors: 0
(No malicious items detected)


(end)

TFC
Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default.migrated

User: izzy
->Temp folder emptied: 1000000500 bytes
->Temporary Internet Files folder emptied: 85816636 bytes
->Java cache emptied: 28996659 bytes
->Google Chrome cache emptied: 261107288 bytes
->Opera cache emptied: 12695889 bytes
->Flash cache emptied: 60009 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3243520 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255747149 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 34080403 bytes

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

# AdwCleaner v3.023 - Report created 16/04/2014 at 11:15:36
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : izzy - DANIEL
# Running from : C:\Users\izzy\Downloads\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\DowNlOaod kaeepeR
Folder Deleted : C:\Program Files (x86)\FTDownloader.com
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Users\izzy\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\izzy\AppData\LocalLow\Delta
Folder Deleted : C:\Users\izzy\AppData\LocalLow\Mail.Ru
Folder Deleted : C:\Users\izzy\AppData\Roaming\Babylon
Folder Deleted : C:\Users\izzy\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\izzy\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\izzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\Users\izzy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
File Deleted : C:\Users\izzy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\d558bd1b26fe413
Key Deleted : HKLM\SOFTWARE\d558bd1b26fe413
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\izzy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5470 octets] - [15/04/2014 18:58:22]
AdwCleaner[R1].txt - [5469 octets] - [16/04/2014 11:13:54]
AdwCleaner[S0].txt - [4900 octets] - [16/04/2014 11:15:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4960 octets] ##########

zdá sa tak, že tá očistka Adw cleanerom pomohla, ďakujem za pomoc :)

Nejsme hotovi:

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

takže našli sme príčinu, čo sťahuje malware :)

RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 8 (6.2.9200 ) 64 bits version
Spustené v : Normálny režim
Užívateľ : izzy [Práva Správcu]
Režim : Kontrola -- Dátum : 04/16/2014 21:57:52
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 3 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-4293869333-2907957248-834242470-1002\$388193adaf791c60ba7ece49d210ab18\n. [x]) -> NÁJDENÉ

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spustenie položky : 0 ¤¤¤

¤¤¤ webové prehliadače : 0 ¤¤¤

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ 0x0] ¤¤¤

¤¤¤ Vonkajšie Hives: ¤¤¤

¤¤¤ Nákaza : ZeroAccess ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] 2e999f71eb457ca090500919f38269ac
[BSP] 14d3ac15a2ef3a3ef823c93b67fde302 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ ) (Standard disk drives) - SD Card +++++
--- User ---
[MBR] cc9731f32c59de2d3da4aecfdbcdec70
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 227 | Size: 1938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[0]_S_04162014_215752.txt >>

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16.4.2014
Scan Time: 22:19:24
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.16.10
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: izzy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 287407
Time Elapsed: 11 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

UP