Prosím o preventivní kontrolu logu Vyřešeno

[John82]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:18:56, on 9.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CapsUnlock\CapsUnlock.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\JOHNNY\Desktop\Killers\hijackthis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?cc=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Abyssus] C:\Program Files\Razer\Abyssus\razerhid.exe
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-164063703-3488264780-2331714868-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-164063703-3488264780-2331714868-1004\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-164063703-3488264780-2331714868-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

--
End of file - 6059 bytes

[Reklama]

[John82]

dále teploty z HW monitoru 128°C. Nikdy my to program neukazoval nevím co to je předem díky

http://www.nahraj-obrazek.cz/di-614023427033.jpg

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[John82]

# AdwCleaner v3.212 - Report created 10/06/2014 at 13:32:41
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : JOHNNY - JOHNNY-PC
# Running from : C:\Users\JOHNNY\Desktop\Killers\adwcleaner_3.212.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\JOHNNY\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... YY%5ECZ&q={searchTerms}

*************************

AdwCleaner[R5].txt - [1029 octets] - [30/05/2014 04:34:33]
AdwCleaner[R6].txt - [1249 octets] - [03/06/2014 19:08:55]
AdwCleaner[R7].txt - [1396 octets] - [10/06/2014 13:11:11]
AdwCleaner[R8].txt - [1204 octets] - [10/06/2014 13:32:41]
AdwCleaner[S5].txt - [1093 octets] - [30/05/2014 04:37:52]
AdwCleaner[S6].txt - [1317 octets] - [03/06/2014 19:11:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [1384 octets] ##########

[John82]

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Verze: v2014.06.10.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17107
JOHNNY :: JOHNNY-PC [administrátor]

Ochrana: Povolena

10.6.2014 13:36:46
mbam-log-2014-06-10 (13-36-46).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 264780
Uplynulý čas: 6 minut,

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[John82]

# AdwCleaner v3.212 - Report created 10/06/2014 at 19:40:07
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : JOHNNY - JOHNNY-PC
# Running from : C:\Users\JOHNNY\Desktop\Killers\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\JOHNNY\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... YY%5ECZ&q={searchTerms}

*************************

AdwCleaner[R5].txt - [1029 octets] - [30/05/2014 04:34:33]
AdwCleaner[R6].txt - [1249 octets] - [03/06/2014 19:08:55]
AdwCleaner[R7].txt - [1396 octets] - [10/06/2014 13:11:11]
AdwCleaner[R8].txt - [1464 octets] - [10/06/2014 13:32:41]
AdwCleaner[R9].txt - [1524 octets] - [10/06/2014 19:38:00]
AdwCleaner[S5].txt - [1093 octets] - [30/05/2014 04:37:52]
AdwCleaner[S6].txt - [1317 octets] - [03/06/2014 19:11:29]
AdwCleaner[S7].txt - [1453 octets] - [10/06/2014 19:40:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1513 octets] ##########

[John82]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by JOHNNY on Łt 10.06.2014 at 19:44:40,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 10.06.2014 at 19:57:44,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[John82]

RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : JOHNNY [Práva správce]
Mód : Kontrola -- Datum : 06/10/2014 20:07:13

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Hidden!] -- [x] -> SMAZÁNO [TermThr]

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NALEZENO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NALEZENO
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO

¤¤¤ naplánované úlohy : 9 ¤¤¤
[Suspicious.Path] \\{0416CF05-D81D-4C79-B120-68F2AE2D66C3} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\Desktop\trilogyi.exe -d C:\Users\JOHNNY\Desktop) -> NALEZENO
[Suspicious.Path] \\{0DBEA439-35F3-4BB2-B115-52E7D377F8B9} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\Desktop\pulsingcolorsviz.exe -d C:\Users\JOHNNY\Desktop) -> NALEZENO
[Suspicious.Path] \\{274E2046-D5E5-4A30-B87E-11095A35E3F9} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\Desktop\far_cry_v1.4_standalone.exe -d C:\Users\JOHNNY\Desktop) -> NALEZENO
[Suspicious.Path] \\{458202E9-A31A-4D15-84AE-316320B37455} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\JOHNNY\Desktop\TrackMania_PowerUp_Setup (1).exe" -d C:\Users\JOHNNY\Desktop) -> NALEZENO
[Suspicious.Path] \\{77D6B34D-23CB-4985-9AAD-6A536F843A32} -- C:\Windows\system32\pcalua.exe (-a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe" -d C:\Windows\system32 -c /in "C:\Users\JOHNNY\Desktop\AxCrypt-1.6.4.4-Setup.exe") -> NALEZENO
[Suspicious.Path] \\{8850AAFE-77BF-4A39-B8E3-516E8DB1671A} -- C:\Windows\system32\pcalua.exe (-a "C:\Program Files\LG Electronics\LG Bluetooth Drivers\UninstallShld.exe" -d C:\Windows\system32 -c C:\Program Files\LG Electronics\LG Bluetooth Drivers) -> NALEZENO
[Suspicious.Path] \\{B8A6CFF5-D4F0-4BE3-89B9-7C54DA7853C1} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\AppData\Local\Temp\instructions.exe -d C:\Users\JOHNNY\Desktop -c C:\Users\JOHNNY\AppData\Local\Temp/instructions.exe /PID=7392 /SUBPID=0 /DISTID=10083 /VM=2 /NETWORDK=1 /CID=0 /PRODUCT_ID=9525 /RETURNING_USER_DAYS=2 /SERVER_URL=http://installer.ppdownload.com) -> NALEZENO
[Suspicious.Path] \\{BC5AD692-DE8E-494C-9DD1-7BB20E91E495} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\Desktop\far_cry_v1.31.exe -d C:\Users\JOHNNY\Desktop) -> NALEZENO
[Suspicious.Path] \\{E4A6B2BF-E178-4CE7-AD7D-17D656CA1504} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\Desktop\trilogyii.exe -d C:\Users\JOHNNY\Desktop) -> NALEZENO

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 46 ¤¤¤
[SSDT:Addr] NtCreateFile[66] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fb9dc
[SSDT:Addr] NtCreateSymbolicLinkObject[86] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fbdba
[SSDT:Addr] NtCreateThread[87] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fc102
[SSDT:Addr] NtDeleteKey[103] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fc476
[SSDT:Addr] NtDeleteValueKey[106] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fc544
[SSDT:Addr] NtDeviceIoControlFile[107] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fc690
[SSDT:Addr] NtLoadDriver[155] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fe062
[SSDT:Addr] NtMapViewOfSection[168] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fe480
[SSDT:Addr] NtOpenFile[179] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fe798
[SSDT:Addr] NtOpenKey[182] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fe962
[SSDT:Addr] NtOpenProcess[190] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fe974
[SSDT:Addr] NtOpenThread[198] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960ff03e
[SSDT:Addr] NtProtectVirtualMemory[215] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960ff0d2
[SSDT:Addr] NtQueueApcThread[269] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960ff0e4
[SSDT:Addr] NtSecureConnectPort[312] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960ff3e6
[SSDT:Addr] NtSetContextThread[316] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960ff452
[SSDT:Addr] NtSetSystemInformation[350] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960ff78a
[SSDT:Addr] NtSetValueKey[358] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960ff7f4
[SSDT:Addr] NtTerminateProcess[370] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960ffbc6
[SSDT:Addr] NtWriteVirtualMemory[399] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96101cba
[ShwSSDT:Addr] NtGdiAlphaBlend[7] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fc9ba
[ShwSSDT:Addr] NtGdiBitBlt[14] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fccd2
[ShwSSDT:Addr] NtGdiDeleteObjectApp[125] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fcfe4
[ShwSSDT:Addr] NtGdiGetPixel[200] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fcffe
[ShwSSDT:Addr] NtGdiMaskBlt[237] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fd324
[ShwSSDT:Addr] NtGdiOpenDCW[243] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fd63c
[ShwSSDT:Addr] NtGdiPlgBlt[247] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fd716
[ShwSSDT:Addr] NtGdiStretchBlt[302] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fda38
[ShwSSDT:Addr] NtGdiTransparentBlt[308] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fdd4e
[ShwSSDT:Addr] NtUserAttachThreadInput[318] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960ffc36
[ShwSSDT:Addr] NtUserGetAsyncKeyState[402] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x960fffa8
[ShwSSDT:Addr] NtUserGetClassInfoEx[406] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x961002c4
[ShwSSDT:Addr] NtUserGetKeyState[436] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96100740
[ShwSSDT:Addr] NtUserMessageCall[490] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96100a54
[ShwSSDT:Addr] NtUserPostMessage[508] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96100d68
[ShwSSDT:Addr] NtUserPostThreadMessage[509] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96100dde
[ShwSSDT:Addr] NtUserRegisterRawInputDevices[524] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96100df0
[ShwSSDT:Addr] NtUserSendInput[536] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x961011f4
[ShwSSDT:Addr] NtUserSetClipboardViewer[544] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96101538
[ShwSSDT:Addr] NtUserSetWindowsHookEx[585] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96101b2e
[ShwSSDT:Addr] NtUserSetWinEventHook[588] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9610180e
[ShwSSDT:Addr] NtUserUnhookWindowsHookEx[607] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96101c98
[EAT:Addr] (explorer.exe) msls31.dll - DllCanUnloadNow : C:\Windows\system32\SearchFolder.dll @ 0x6d0829b6
[EAT:Addr] (explorer.exe) msls31.dll - DllGetClassObject : C:\Windows\system32\SearchFolder.dll @ 0x6d083e5e
[EAT:Addr] (explorer.exe) msls31.dll - DllRegisterServer : C:\Windows\system32\SearchFolder.dll @ 0x6d0ca698
[EAT:Addr] (explorer.exe) msls31.dll - DllUnregisterServer : C:\Windows\system32\SearchFolder.dll @ 0x6d0ca698

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST330013A ATA Device +++++
--- User ---
[MBR] 462febce03f136bff3e6c057d7712174
[BSP] 114aa3d4df6cd7cc03ebe9e0fad561b2 : Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 20002 MB
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 40966144 | Size: 8624 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3360320AS ATA Device +++++
--- User ---
[MBR] 8ff40fc765caab0f0863f97494150385
[BSP] df0a392734e2cd401a8b972b4043cfb9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24578048 | Size: 221600 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 478414848 | Size: 109797 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic 2.0 Reader -0 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic 2.0 Reader -1 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic 2.0 Reader -2 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic 2.0 Reader -3 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive6: Generic 2.0 Reader -4 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )


============================================
RKreport_DEL_06032014_192744.log - RKreport_SCN_06032014_192521.log

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vlož nový log z HJT.

[John82]

RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : JOHNNY [Práva správce]
Mód : Odebrat -- Datum : 06/11/2014 12:46:20

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Hidden!] -- [x] -> SMAZÁNO [TermThr]

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[PUM.Policies] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NAHRAZENO (1)
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NAHRAZENO (2)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-164063703-3488264780-2331714868-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 9 ¤¤¤
[Suspicious.Path] \\{0416CF05-D81D-4C79-B120-68F2AE2D66C3} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\Desktop\trilogyi.exe -d C:\Users\JOHNNY\Desktop) -> VYMAZÁNO
[Suspicious.Path] \\{0DBEA439-35F3-4BB2-B115-52E7D377F8B9} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\Desktop\pulsingcolorsviz.exe -d C:\Users\JOHNNY\Desktop) -> VYMAZÁNO
[Suspicious.Path] \\{274E2046-D5E5-4A30-B87E-11095A35E3F9} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\Desktop\far_cry_v1.4_standalone.exe -d C:\Users\JOHNNY\Desktop) -> VYMAZÁNO
[Suspicious.Path] \\{458202E9-A31A-4D15-84AE-316320B37455} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\JOHNNY\Desktop\TrackMania_PowerUp_Setup (1).exe" -d C:\Users\JOHNNY\Desktop) -> VYMAZÁNO
[Suspicious.Path] \\{77D6B34D-23CB-4985-9AAD-6A536F843A32} -- C:\Windows\system32\pcalua.exe (-a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe" -d C:\Windows\system32 -c /in "C:\Users\JOHNNY\Desktop\AxCrypt-1.6.4.4-Setup.exe") -> VYMAZÁNO
[Suspicious.Path] \\{8850AAFE-77BF-4A39-B8E3-516E8DB1671A} -- C:\Windows\system32\pcalua.exe (-a "C:\Program Files\LG Electronics\LG Bluetooth Drivers\UninstallShld.exe" -d C:\Windows\system32 -c C:\Program Files\LG Electronics\LG Bluetooth Drivers) -> VYMAZÁNO
[Suspicious.Path] \\{B8A6CFF5-D4F0-4BE3-89B9-7C54DA7853C1} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\AppData\Local\Temp\instructions.exe -d C:\Users\JOHNNY\Desktop -c C:\Users\JOHNNY\AppData\Local\Temp/instructions.exe /PID=7392 /SUBPID=0 /DISTID=10083 /VM=2 /NETWORDK=1 /CID=0 /PRODUCT_ID=9525 /RETURNING_USER_DAYS=2 /SERVER_URL=http://installer.ppdownload.com) -> VYMAZÁNO
[Suspicious.Path] \\{BC5AD692-DE8E-494C-9DD1-7BB20E91E495} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\Desktop\far_cry_v1.31.exe -d C:\Users\JOHNNY\Desktop) -> VYMAZÁNO
[Suspicious.Path] \\{E4A6B2BF-E178-4CE7-AD7D-17D656CA1504} -- C:\Windows\system32\pcalua.exe (-a C:\Users\JOHNNY\Desktop\trilogyii.exe -d C:\Users\JOHNNY\Desktop) -> VYMAZÁNO

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 46 ¤¤¤
[SSDT:Addr] NtCreateFile[66] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x961259dc
[SSDT:Addr] NtCreateSymbolicLinkObject[86] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96125dba
[SSDT:Addr] NtCreateThread[87] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96126102
[SSDT:Addr] NtDeleteKey[103] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96126476
[SSDT:Addr] NtDeleteValueKey[106] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96126544
[SSDT:Addr] NtDeviceIoControlFile[107] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96126690
[SSDT:Addr] NtLoadDriver[155] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96128062
[SSDT:Addr] NtMapViewOfSection[168] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96128480
[SSDT:Addr] NtOpenFile[179] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96128798
[SSDT:Addr] NtOpenKey[182] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96128962
[SSDT:Addr] NtOpenProcess[190] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96128974
[SSDT:Addr] NtOpenThread[198] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612903e
[SSDT:Addr] NtProtectVirtualMemory[215] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x961290d2
[SSDT:Addr] NtQueueApcThread[269] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x961290e4
[SSDT:Addr] NtSecureConnectPort[312] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x961293e6
[SSDT:Addr] NtSetContextThread[316] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96129452
[SSDT:Addr] NtSetSystemInformation[350] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612978a
[SSDT:Addr] NtSetValueKey[358] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x961297f4
[SSDT:Addr] NtTerminateProcess[370] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96129bc6
[SSDT:Addr] NtWriteVirtualMemory[399] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612bcba
[ShwSSDT:Addr] NtGdiAlphaBlend[7] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x961269ba
[ShwSSDT:Addr] NtGdiBitBlt[14] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96126cd2
[ShwSSDT:Addr] NtGdiDeleteObjectApp[125] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96126fe4
[ShwSSDT:Addr] NtGdiGetPixel[200] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96126ffe
[ShwSSDT:Addr] NtGdiMaskBlt[237] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96127324
[ShwSSDT:Addr] NtGdiOpenDCW[243] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612763c
[ShwSSDT:Addr] NtGdiPlgBlt[247] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96127716
[ShwSSDT:Addr] NtGdiStretchBlt[302] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96127a38
[ShwSSDT:Addr] NtGdiTransparentBlt[308] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96127d4e
[ShwSSDT:Addr] NtUserAttachThreadInput[318] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96129c36
[ShwSSDT:Addr] NtUserGetAsyncKeyState[402] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x96129fa8
[ShwSSDT:Addr] NtUserGetClassInfoEx[406] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612a2c4
[ShwSSDT:Addr] NtUserGetKeyState[436] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612a740
[ShwSSDT:Addr] NtUserMessageCall[490] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612aa54
[ShwSSDT:Addr] NtUserPostMessage[508] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612ad68
[ShwSSDT:Addr] NtUserPostThreadMessage[509] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612adde
[ShwSSDT:Addr] NtUserRegisterRawInputDevices[524] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612adf0
[ShwSSDT:Addr] NtUserSendInput[536] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612b1f4
[ShwSSDT:Addr] NtUserSetClipboardViewer[544] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612b538
[ShwSSDT:Addr] NtUserSetWindowsHookEx[585] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612bb2e
[ShwSSDT:Addr] NtUserSetWinEventHook[588] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612b80e
[ShwSSDT:Addr] NtUserUnhookWindowsHookEx[607] : C:\Windows\system32\drivers\AntiLog32.sys @ 0x9612bc98
[EAT:Addr] (explorer.exe) msls31.dll - DllCanUnloadNow : C:\Windows\system32\SearchFolder.dll @ 0x6d1929b6
[EAT:Addr] (explorer.exe) msls31.dll - DllGetClassObject : C:\Windows\system32\SearchFolder.dll @ 0x6d193e5e
[EAT:Addr] (explorer.exe) msls31.dll - DllRegisterServer : C:\Windows\system32\SearchFolder.dll @ 0x6d1da698
[EAT:Addr] (explorer.exe) msls31.dll - DllUnregisterServer : C:\Windows\system32\SearchFolder.dll @ 0x6d1da698

¤¤¤ Webové prohlížeče : 12 ¤¤¤
[CHROME:Addon] Default : Google Drive [apdfllckaahabafndbhieahigkjlhalf] -> VYMAZÁNO
[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2]
[CHROME:Addon] Default : Adblock Plus [cfhdojbkjhnklbpkdaibdccddilifddb] -> ERROR [2]
[CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2]
[CHROME:Addon] Default : Glowtxt [fkcilhknnakepbgkpmhhebooffgefidk] -> ERROR [2]
[CHROME:Addon] Default : Stopwatch [ggnidjbcahhbnleinchgobfnabopeioh] -> ERROR [2]
[CHROME:Addon] Default : AdBlock [gighmmpiobklfepjocnamgkkbiglidom] -> ERROR [2]
[CHROME:Addon] Default : Giant Translator [jabomenogfoilanojpoolflokcjfegld] -> ERROR [2]
[CHROME:Addon] Default : Night Time In New York City [jnimonidkipnhnpgkhgliocfnnpgkhek] -> ERROR [2]
[CHROME:Addon] Default : IP Address [jpnjjlbngpejmmhgcaagljaomgnginml] -> ERROR [2]
[CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2]

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST330013A ATA Device +++++
--- User ---
[MBR] 462febce03f136bff3e6c057d7712174
[BSP] 114aa3d4df6cd7cc03ebe9e0fad561b2 : Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 63 | Size: 20002 MB
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 40966144 | Size: 8624 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST3360320AS ATA Device +++++
--- User ---
[MBR] 8ff40fc765caab0f0863f97494150385
[BSP] df0a392734e2cd401a8b972b4043cfb9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24578048 | Size: 221600 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 478414848 | Size: 109797 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic 2.0 Reader -0 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic 2.0 Reader -1 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic 2.0 Reader -2 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic 2.0 Reader -3 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive6: Generic 2.0 Reader -4 USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )


============================================
RKreport_DEL_06032014_192744.log - RKreport_SCN_06032014_192521.log - RKreport_SCN_06102014_200712.log - RKreport_SCN_06112014_124230.log

[John82]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:49:20, on 11.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CapsUnlock\CapsUnlock.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe
C:\Users\JOHNNY\Desktop\Killers\RogueKiller.exe
C:\Users\JOHNNY\Desktop\Killers\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=6826
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: ?????????? ???????? - {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Abyssus] C:\Program Files\Razer\Abyssus\razerhid.exe
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-164063703-3488264780-2331714868-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-164063703-3488264780-2331714868-1004\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-164063703-3488264780-2331714868-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: CapsUnlock.lnk = C:\Program Files\CapsUnlock\CapsUnlock.exe
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

--
End of file - 5735 bytes