PC nachází neustále viry

kulda.s · Příspěvekod **kulda.s** » 09 led 2015 00:14

Dobrý den,

Posílám svůj log na kontrolu. Nejspíše jsem do PC stáhl nějaký zavirovaný program, který ted můj PC uplně ochromil. Antivirus stále neachází různé hrozby a viry.

Zde zasílám log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:14:45, on 9.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)

FIREFOX: 34.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\STEPAN\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem) (globalUpdatem) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6378 bytes

Reklama

Příspěvekod **jaro3** » 09 led 2015 09:45

logy vkládej normálně.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

kulda.s · Příspěvekod **kulda.s** » 10 led 2015 23:50

AdwCleaner log

# AdwCleaner v4.107 - Report created 10/01/2015 at 22:51:36
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : STEPAN - STEPAN-PC
# Running from : C:\Users\STEPAN\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : globalUpdate
Service Found : globalUpdatem

***** [ Files / Folders ] *****

Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Users\STEPAN\AppData\Local\globalUpdate
Folder Found : C:\Users\STEPAN\AppData\Roaming\Mozilla\Firefox\Profiles\siyludjp.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}

***** [ Scheduled Tasks ] *****

Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : f0695370-ae09-47e2-88b7-0d58aefd5912-1
Task Found : f0695370-ae09-47e2-88b7-0d58aefd5912-2
Task Found : f0695370-ae09-47e2-88b7-0d58aefd5912-4
Task Found : f0695370-ae09-47e2-88b7-0d58aefd5912-5
Task Found : f0695370-ae09-47e2-88b7-0d58aefd5912-5_user

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901163}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901163}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902263}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905563}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906663}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644904463}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644904463}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0 (x86 cs)

*************************

AdwCleaner[R0].txt - [6619 octets] - [10/01/2015 22:51:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6679 octets] ##########

Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10.1.2015
Scan Time: 23:18:01
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.10.17
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: STEPAN

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303154
Time Elapsed: 7 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 22
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\HDQ-1.2cV08.01, , [06c324d1e4a5fd39d6648d5f937109f7],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, , [4d7c37be2f5a80b6191b424547bc0000],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [2c9ddb1a137647ef9367d1d0c93ac43c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [4683e90cabde7cba4bcb9a4d2dd72ed2],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [73563db877120f2710077c6b0004bc44],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2987554068-1797795274-2773523164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [6c5dd124286177bf6df573656c98ba46],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2987554068-1797795274-2773523164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HDQ-1.2cV08.01, , [ccfd35c05f2a52e42913925a719338c8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2987554068-1797795274-2773523164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [f7d23db8662384b270a5daa15fa4f010],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2987554068-1797795274-2773523164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HDQ-1.2cV08.01, , [0cbd8b6ab8d1290d2a6893dc9f6410f0],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, , [6168c72e088159ddc783b29a798a8f71],

Registry Values: 1
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, , [4d7c37be2f5a80b6191b424547bc0000]

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{90837AF3-1469-4F84-A851-DDD58F12A46A}, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.CrossRider.A, C:\Program Files\HDQ-1.2cV08.01, , [eadf668f3455e5515df0283857ac9070],

Files: 30
PUP.Optional.Bundle, C:\Users\STEPAN\AppData\Roaming\Font__7226_il56.exe, , [f9d033c2731658de07fd90777b87dc24],
PUP.Optional.CrossRider.A, C:\Program Files\HDQ-1.2cV08.01\utils.exe, , [28a1bc397e0b59dd5a09d97350b0b749],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-1, , [d3f6b243cdbc1c1a2b047413649f0df3],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-2, , [f9d0fbfa028770c684ab91f658ab2bd5],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-4, , [f4d554a1850470c6909f99ee857e53ad],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-5, , [6d5c1cd92960f14543ec3651d92a6b95],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-5_user, , [6b5e13e2296096a00b241572a55e827e],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-1.job, , [5178579e2f5ad75f8c26e9fbef15946c],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-2.job, , [9c2de70ed8b12d09a111e4006a9ac739],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-4.job, , [01c81ed76f1a42f4dbd704e0cf35768a],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-5.job, , [1cad46afe3a646f0b10105df788cc13f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-5_user.job, , [b217698c7f0a8bab3e741bc9857f3bc5],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, , [1bae54a1810837ff666214d0897be11f],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, , [7d4ce4115f2a4ee8448502e2be4650b0],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, , [8b3e8f66fe8b0531b713da0ad62eda26],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, , [b2179461187138feb11ab62e8f758b75],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, , [6168c72e088159ddc783b29a798a8f71],
PUP.Optional.CrossRider.A, C:\Program Files\HDQ-1.2cV08.01\background.html, , [eadf668f3455e5515df0283857ac9070],
PUP.Optional.CrossRider.A, C:\Program Files\HDQ-1.2cV08.01\f0695370-ae09-47e2-88b7-0d58aefd5912.xpi, , [eadf668f3455e5515df0283857ac9070],
PUP.Optional.CrossRider.A, C:\Program Files\HDQ-1.2cV08.01\HDQ-1.2cV08.01.ico, , [eadf668f3455e5515df0283857ac9070],

Physical Sectors: 0
(No malicious items detected)

(end)

Příspěvekod **Orcus** » 11 led 2015 12:45

Znovu spusť MbAM a dej Skenovat nyní
Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
Zkopíruj sem celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

kulda.s · Příspěvekod **kulda.s** » 12 led 2015 03:08

Malwarebytes Anti-Malware log
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12.1.2015
Čas skenování: 1:08:00
Protokol: test.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.01.11.11
Databáze rootkitů: v2015.01.07.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: STEPAN

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 304246
Uplynulý čas: 13 min, 5 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 22
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\HDQ-1.2cV08.01, Do karantény, [a582ea0ce5a460d65595be2e46be669a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, Do karantény, [998e1fd70f7a270f796b4443fc07a45c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Do karantény, [58cfac4a65248caa07a3940ec3408977],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Do karantény, [7bac46b050393ef85c6a6b7c5ea641bf],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Do karantény, [ae79b244f594221413b410d78f7510f0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2987554068-1797795274-2773523164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Do karantény, [e047eb0b6e1bb284a46efcdde12304fc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2987554068-1797795274-2773523164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HDQ-1.2cV08.01, Do karantény, [44e3e90dc3c6e155bd2f9557d92bf40c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2987554068-1797795274-2773523164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Do karantény, [e245a353d9b016205a6b9eddbd46946c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2987554068-1797795274-2773523164-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\HDQ-1.2cV08.01, Do karantény, [dd4a956128615dd9f2509cd49b68c040],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, Do karantény, [998e8076f39657df3abd5cf046bde61a],

Hodnoty registru: 1
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Do karantény, [998e1fd70f7a270f796b4443fc07a45c]

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 7
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{90837AF3-1469-4F84-A851-DDD58F12A46A}, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.CrossRider.A, C:\Program Files\HDQ-1.2cV08.01, Do karantény, [4add9e586f1a8ea8a3577ce48b78c63a],

Soubory: 29
PUP.Optional.CrossRider.A, C:\Program Files\HDQ-1.2cV08.01\utils.exe, Do karantény, [0324cd29f2976fc73b2880cc8c741ce4],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-1, Do karantény, [71b616e03a4f231316c9335412f1af51],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-2, Do karantény, [0522db1be3a6f2448a556c1b9f64a858],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-4, Do karantény, [02255a9c8bfe47ef924dd5b26a99b848],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-5, Do karantény, [1b0cf3030c7d24125d82780f9b6845bb],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-5_user, Do karantény, [4addb5415d2cc96d538c8601b053827e],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-1.job, Do karantény, [dc4be610e9a09a9cacb603e23ec6bf41],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-2.job, Do karantény, [b6712cca03867db99ec4de075fa56e92],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-4.job, Do karantény, [b37453a3f297dc5a99c9e6ffe61e14ec],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-5.job, Do karantény, [ac7b1dd9dbae0a2c7ae8c61fe22206fa],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f0695370-ae09-47e2-88b7-0d58aefd5912-5_user.job, Do karantény, [77b0a94d781180b6e87a29bc2bd9b24e],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Do karantény, [7ea9b3430782d660f187d312c83cbe42],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, Do karantény, [002721d59fea57df740508dddd2742be],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Do karantény, [85a2995d6d1cda5c136745a07e862bd5],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, Do karantény, [0126599d2a5fa690eb906f7662a2e31d],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, Do karantény, [998e8076f39657df3abd5cf046bde61a],
PUP.Optional.CrossRider.A, C:\Program Files\HDQ-1.2cV08.01\background.html, Do karantény, [4add9e586f1a8ea8a3577ce48b78c63a],
PUP.Optional.CrossRider.A, C:\Program Files\HDQ-1.2cV08.01\f0695370-ae09-47e2-88b7-0d58aefd5912.xpi, Do karantény, [4add9e586f1a8ea8a3577ce48b78c63a],
PUP.Optional.CrossRider.A, C:\Program Files\HDQ-1.2cV08.01\HDQ-1.2cV08.01.ico, Do karantény, [4add9e586f1a8ea8a3577ce48b78c63a],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)

(end)

AdwCleaner log
# AdwCleaner v4.107 - Report created 12/01/2015 at 01:28:21
# Updated 07/01/2015 by Xplode
# Database : 2015-01-11.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : STEPAN - STEPAN-PC
# Running from : C:\Users\STEPAN\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Users\STEPAN\AppData\Local\globalUpdate

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611901163}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622902263}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655905563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666906663}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644904463}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611901163}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0 (x86 cs)

*************************

AdwCleaner[R0].txt - [6759 octets] - [10/01/2015 22:51:36]
AdwCleaner[R1].txt - [5087 octets] - [12/01/2015 01:26:06]
AdwCleaner[S0].txt - [5036 octets] - [12/01/2015 01:28:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5096 octets] ##########

Junkware Removal Tool log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by STEPAN on po 12.01.2015 at 1:32:43,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\STEPAN\AppData\Roaming\mozilla\firefox\profiles\siyludjp.default\minidumps [3 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 12.01.2015 at 1:37:30,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller
RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Nouzový režim
Uživatel : STEPAN [Práva správce]
Mód : Prohledat -- Datum : 01/12/2015 03:00:36

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{766CB6AA-A513-4618-836E-D5B671B102E0} | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{766CB6AA-A513-4618-836E-D5B671B102E0} | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{766CB6AA-A513-4618-836E-D5B671B102E0} | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] ABSIIDH.job -- C:\Users\STEPAN\AppData\Roaming\ABSIIDH.exe (/infocmdline=mhOX0iY49rb0XdAXhvuQYQrj7b6uDHX00K5I6e1fXjmXNQC1h7LlZZoqJRPuIiORQPSrQe0aXlvMMVOLkTiy6SDxQXaiPUfLYPiCbdO68by17jEe5L7sJM0vBwdVrtczfZ41TuYPKWQHWxrBfCwLiy4ceEHlITJncxBLVnqhjq1LYxO9Hr5vwhA1NY8I22YfnLn+UPkFfXVOOtkZQf5NNekcDMLBxree2eIOXgbwT567myKDLUBlqImOWh2+wHxnaYDjvrBLLBHv7UBbTgvL3KQ/gro+YDtuU5L8AQuZH1iBlMpOj+FhjdiYElh/kanKJdkkrCkVDk4zFpojhBxODG/gWuGoHxDRMmrd4oxlmlNU1/hhsrW3LleiqfSX/IPu1tUfrHI0fw49uXIpGIr3zqnTaYH2r8jsW3d9ByLN6ZLfxIAxlpahgRFG2Z/A5SdZmK63OWAWhCN5LUKa+YfStLXm7kF5uZCL3i6USOca5TnigVx5UOFBzHclze4gt8jp) -> Nalezeno
[Suspicious.Path] GUYGPP.job -- C:\Users\STEPAN\AppData\Roaming\GUYGPP.exe (/infocmdline=nGuY6akFs9jiZXf/2gGn6Hnmn72d36WeCtQnW4IVnjQzRZGFFnseQoJJVuzPuoAxWuiHe7COfeyhifDQcjgLDFkNPyhEY4VZerndBAe/Z6ZjOVlx07zYOCgvemeoT4hiSQYG2wz58Uj0+N2R4lVBt/ynFyshi3sTTpX3+vVoDCM1leEsd/V0GVckE9HZwqrFvRHC/IxKlBe6HUjbNR453oKmUZj6FOs/RfNKgpUDxRHrMReLKcM6mUx93qIzMj5qq4KpM7TbHZZ1Ii3bIDMXxv6s37UmZljIpVajVtK89QYYN8pjjh26RSj+XqZaahe5cW+FSMDYaDfvjNkRSrmmgi4yD8C2jEWFx2n+8YLun2Hxn6CxnGsdjCds9TkxTGWFXrxaTAv4cnbOKWlFaqxh2+Lic2iwn8zyvJ5s4qV4h28zHYqxKo4wkIrm+3f1rWwZ/hVANp2hsfBMiyZFqkcRaWEda/nbfHOdXL2Vu7WhAidFywVUC1YX+iCoiXig66CB) -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0xc000035f]) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] siyludjp.default : user_pref("browser.startup.homepage", "www.google.cz"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] 29603016f3e045253da63810e995c82c
[BSP] 5a79376a05189b0bbc91024b7675125f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 470795 MB
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **jaro3** » 12 led 2015 10:01

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

kulda.s · Příspěvekod **kulda.s** » 12 led 2015 22:24

RogueKiller log:
RogueKiller V10.1.2.0 [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Nouzový režim
Uživatel : STEPAN [Práva správce]
Mód : Smazat -- Datum : 01/12/2015 21:40:24

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{766CB6AA-A513-4618-836E-D5B671B102E0} | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{766CB6AA-A513-4618-836E-D5B671B102E0} | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{766CB6AA-A513-4618-836E-D5B671B102E0} | DhcpNameServer : 192.168.2.1 10.0.0.138 -> Nahrazeno ()
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] ABSIIDH.job -- C:\Users\STEPAN\AppData\Roaming\ABSIIDH.exe (/infocmdline=mhOX0iY49rb0XdAXhvuQYQrj7b6uDHX00K5I6e1fXjmXNQC1h7LlZZoqJRPuIiORQPSrQe0aXlvMMVOLkTiy6SDxQXaiPUfLYPiCbdO68by17jEe5L7sJM0vBwdVrtczfZ41TuYPKWQHWxrBfCwLiy4ceEHlITJncxBLVnqhjq1LYxO9Hr5vwhA1NY8I22YfnLn+UPkFfXVOOtkZQf5NNekcDMLBxree2eIOXgbwT567myKDLUBlqImOWh2+wHxnaYDjvrBLLBHv7UBbTgvL3KQ/gro+YDtuU5L8AQuZH1iBlMpOj+FhjdiYElh/kanKJdkkrCkVDk4zFpojhBxODG/gWuGoHxDRMmrd4oxlmlNU1/hhsrW3LleiqfSX/IPu1tUfrHI0fw49uXIpGIr3zqnTaYH2r8jsW3d9ByLN6ZLfxIAxlpahgRFG2Z/A5SdZmK63OWAWhCN5LUKa+YfStLXm7kF5uZCL3i6USOca5TnigVx5UOFBzHclze4gt8jp) -> Smazáno
[Suspicious.Path] GUYGPP.job -- C:\Users\STEPAN\AppData\Roaming\GUYGPP.exe (/infocmdline=nGuY6akFs9jiZXf/2gGn6Hnmn72d36WeCtQnW4IVnjQzRZGFFnseQoJJVuzPuoAxWuiHe7COfeyhifDQcjgLDFkNPyhEY4VZerndBAe/Z6ZjOVlx07zYOCgvemeoT4hiSQYG2wz58Uj0+N2R4lVBt/ynFyshi3sTTpX3+vVoDCM1leEsd/V0GVckE9HZwqrFvRHC/IxKlBe6HUjbNR453oKmUZj6FOs/RfNKgpUDxRHrMReLKcM6mUx93qIzMj5qq4KpM7TbHZZ1Ii3bIDMXxv6s37UmZljIpVajVtK89QYYN8pjjh26RSj+XqZaahe5cW+FSMDYaDfvjNkRSrmmgi4yD8C2jEWFx2n+8YLun2Hxn6CxnGsdjCds9TkxTGWFXrxaTAv4cnbOKWlFaqxh2+Lic2iwn8zyvJ5s4qV4h28zHYqxKo4wkIrm+3f1rWwZ/hVANp2hsfBMiyZFqkcRaWEda/nbfHOdXL2Vu7WhAidFywVUC1YX+iCoiXig66CB) -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0xc000035f]) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] siyludjp.default : user_pref("browser.startup.homepage", "www.google.cz"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502IJ ATA Device +++++
--- User ---
[MBR] 29603016f3e045253da63810e995c82c
[BSP] 5a79376a05189b0bbc91024b7675125f : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 470795 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_01122015_030031.log - RKreport_SCN_01122015_213858.log

Zoek log:
Zoek.exe v5.0.0.0 Updated 09-January-2015
Tool run by STEPAN on po 12.01.2015 at 21:47:44,23.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\STEPAN\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12.1.2015 21:49:05 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\AGEIA Technologies deleted successfully
C:\Program Files\Seznam.cz deleted successfully
C:\Users\STEPAN\AppData\Roaming\NetMedia Providers deleted successfully
C:\Users\STEPAN\AppData\Roaming\Publish Providers deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2987554068-1797795274-2773523164-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27A493D-A7C5-44EB-8190-B4FD939AFED5} deleted successfully
HKEY_USERS\S-1-5-21-2987554068-1797795274-2773523164-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2f6ac0f6-6302-4309-bdec-4760429914bf} deleted successfully
HKEY_USERS\S-1-5-21-2987554068-1797795274-2773523164-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCEC2F02-228F-40ED-9723-392577FFF4D} deleted successfully
HKEY_USERS\S-1-5-21-2987554068-1797795274-2773523164-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5FBABF8-D059-484F-966B-E07DBDE37979} deleted successfully
HKEY_USERS\S-1-5-21-2987554068-1797795274-2773523164-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc4f988c-1098-443a-8abf-20cfd3e52425} deleted successfully
HKEY_USERS\S-1-5-21-2987554068-1797795274-2773523164-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAB2F76A-EC37-4806-87B6-A553B71E5118} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2f6ac0f6-6302-4309-bdec-4760429914bf} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc4f988c-1098-443a-8abf-20cfd3e52425} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\STEPAN\AppData\Roaming\Mozilla\Firefox\Profiles\siyludjp.default\prefs.js:

Added to C:\Users\STEPAN\AppData\Roaming\Mozilla\Firefox\Profiles\siyludjp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\STEPAN\AppData\Roaming\Thunderbird\Profiles\2y9t0o0a.default\prefs.js:

Added to C:\Users\STEPAN\AppData\Roaming\Thunderbird\Profiles\2y9t0o0a.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\Users\STEPAN\AppData\Roaming\WinInstallFlashLog.ini deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\STEPAN\AppData\Roaming\Mozilla\Firefox\Profiles\siyludjp.default\Invalidprefs.js deleted
"C:\Users\STEPAN\AppData\Roaming\ABSIIDH" deleted
"C:\Windows\system32\tasks\ABSIIDH" deleted
"C:\Users\STEPAN\AppData\Roaming\GUYGPP" deleted
"C:\Windows\system32\tasks\GUYGPP" deleted
"C:\Users\STEPAN\AppData\Roaming\tricomfi\colers.dll" deleted
"C:\Users\STEPAN\AppData\Roaming\tricomfi" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\STEPAN\AppData\Roaming\Mozilla\Firefox\Profiles\siyludjp.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\STEPAN\AppData\Roaming\Thunderbird\Profiles\2y9t0o0a.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\STEPAN\AppData\Roaming\Mozilla\Firefox\Profiles\siyludjp.default
424899266BA430CCE5DDB6C1B4BE1B99 - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll - Shockwave Flash
098B936D00D46F8D9609A8552C6E9B67 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision
797B59E2270C5DD8953217109565CA36 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION
0806948270D853B709CCBBF38AF167E4 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25
238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18
9419AA8A2799526EC32B473C2BB7A10D - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director
54740489C66AFC8B78CF9A2893A5DA63 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
8E151A2A185DAF9852322028ABE55534 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll - Silverlight Plug-In
8B93EF56BEF58F2EB6B6D92B57715131 - c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrlui.dll - Microsoft (R) Silverlight

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{7125DD0D-4E66-48B6-AA0F-DC45A77D651B} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_16194"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\278e1f47f6d87cc4856d6cd0d8ef34de deleted successfully

==== Empty IE Cache ======================

C:\Users\STEPAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\STEPAN\AppData\Local\Mozilla\Firefox\Profiles\siyludjp.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=10 folders=2 155221 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\STEPAN\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\STEPAN\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\STEPAN\AppData\Roaming\tricomfi" not found

==== EOF on po 12.01.2015 at 22:02:57,59 ======================

Příspěvekod **jaro3** » 13 led 2015 10:05

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

kulda.s · Příspěvekod **kulda.s** » 13 led 2015 17:26

ComboFix 15-01-08.01 - STEPAN 13.01.2015 17:13:58.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2047.1096 [GMT 1:00]
Spuštěný z: c:\users\STEPAN\Desktop\ComboFix.exe
AV: AVG AntiVirus 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-13 do 2015-01-13 )))))))))))))))))))))))))))))))
.
.
2015-01-13 16:22 . 2015-01-13 16:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-12 21:01 . 2015-01-12 20:47 24064 ----a-w- c:\windows\zoek-delete.exe
2015-01-12 21:01 . 2015-01-13 16:22 -------- d-----w- c:\users\STEPAN\AppData\Local\Temp
2015-01-12 20:47 . 2015-01-12 20:59 -------- d-----w- C:\zoek_backup
2015-01-12 00:46 . 2015-01-12 20:36 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-12 00:46 . 2015-01-12 00:46 -------- d-----w- c:\programdata\RogueKiller
2015-01-12 00:32 . 2015-01-12 00:32 -------- d-----w- c:\windows\ERUNT
2015-01-10 22:14 . 2015-01-12 00:07 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-10 22:14 . 2015-01-10 22:14 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-01-10 22:14 . 2015-01-10 22:14 -------- d-----w- c:\programdata\Malwarebytes
2015-01-10 22:14 . 2014-11-21 05:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-10 22:14 . 2014-11-21 05:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-10 22:14 . 2014-11-21 05:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-10 22:12 . 2015-01-10 22:12 -------- d-----w- c:\users\STEPAN\AppData\Local\Programs
2015-01-10 21:51 . 2015-01-12 00:28 -------- d-----w- C:\AdwCleaner
2015-01-10 13:54 . 2015-01-10 13:54 -------- d-sh--w- c:\users\STEPAN\AppData\Local\EmieBrowserModeList
2015-01-09 01:16 . 2015-01-09 01:16 -------- d-----w- c:\windows\system32\appraiser
2015-01-08 23:36 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2015-01-08 23:36 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2015-01-08 23:36 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2015-01-08 23:36 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-01-08 23:36 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2015-01-08 23:25 . 2014-11-22 02:15 10948096 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2015-01-08 23:25 . 2014-11-27 01:10 815280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-01-08 23:25 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2015-01-08 23:25 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2015-01-08 23:24 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-01-08 23:24 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2015-01-08 23:24 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-01-08 23:24 . 2014-11-11 01:32 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-01-08 23:22 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2015-01-08 23:22 . 2014-09-19 09:23 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-01-08 23:22 . 2014-09-19 09:23 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-01-08 23:22 . 2014-09-19 09:23 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-01-08 23:22 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-01-08 23:22 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2015-01-08 23:22 . 2014-10-10 00:45 2379264 ----a-w- c:\windows\system32\win32k.sys
2015-01-08 23:22 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2015-01-08 23:22 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2015-01-08 23:21 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-01-08 23:21 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-01-08 12:54 . 2015-01-08 12:54 -------- d-----w- c:\users\STEPAN\AppData\Roaming\Sony
2015-01-08 12:43 . 2015-01-08 22:30 -------- d-----w- c:\users\STEPAN\AppData\Roaming\Seznam.cz
2015-01-08 12:42 . 2015-01-08 12:54 -------- d-----w- c:\users\STEPAN\AppData\Local\Sony
2015-01-08 12:41 . 2015-01-08 12:41 -------- d-----w- c:\program files\Microsoft Silverlight
2015-01-08 12:28 . 2015-01-08 12:28 -------- d-----w- c:\program files\Vstplugins
2015-01-08 12:28 . 2015-01-08 12:28 -------- d-----w- c:\program files\Sony
2015-01-08 12:26 . 2015-01-08 12:26 -------- d-----w- c:\program files\Sony Setup
2015-01-07 20:55 . 2015-01-07 20:55 -------- d-----w- c:\users\STEPAN\AppData\Roaming\Atari
2015-01-07 20:50 . 2015-01-07 20:50 -------- d-----w- c:\program files\GOG.com
2015-01-06 15:50 . 2014-12-13 07:03 620176 ----a-w- c:\windows\system32\nvStreaming.exe
2015-01-04 22:50 . 2015-01-04 22:50 -------- d-----w- c:\users\STEPAN\AppData\Local\Thunderbird
2015-01-04 22:50 . 2015-01-04 22:50 -------- d-----w- c:\users\STEPAN\AppData\Roaming\Thunderbird
2015-01-04 22:50 . 2015-01-04 22:50 -------- d-----w- c:\program files\Mozilla Thunderbird
2015-01-04 18:45 . 2015-01-04 18:45 -------- d-----w- c:\users\STEPAN\AppData\Roaming\OpenOffice
2015-01-04 18:42 . 2015-01-04 18:42 -------- d-----w- c:\program files\OpenOffice 4
2015-01-03 11:35 . 2015-01-03 11:35 -------- d-----w- c:\users\STEPAN\AppData\Roaming\Wargaming.net
2015-01-03 01:25 . 2014-11-22 10:46 32912 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2015-01-02 22:22 . 2015-01-02 22:22 -------- d-----w- C:\Games
2015-01-01 21:41 . 2015-01-06 00:12 -------- d-----w- c:\program files\Diablo III
2014-12-31 00:51 . 2014-12-31 00:51 -------- d-----w- c:\programdata\SystemRequirementsLab
2014-12-31 00:51 . 2014-12-31 00:51 -------- d-----w- c:\program files\SystemRequirementsLab
2014-12-25 02:25 . 2015-01-02 15:12 -------- d-----w- c:\users\STEPAN\AppData\Roaming\Apple Computer
2014-12-25 02:25 . 2014-12-25 02:25 -------- d-----w- c:\users\STEPAN\AppData\Local\Apple Computer
2014-12-25 02:25 . 2012-10-03 15:14 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-12-25 02:25 . 2014-12-25 02:25 -------- dc----w- c:\windows\system32\DRVSTORE
2014-12-25 02:24 . 2014-12-25 02:24 -------- d-----w- c:\program files\iPod
2014-12-25 02:24 . 2014-12-25 02:25 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-12-25 02:24 . 2014-12-25 02:25 -------- d-----w- c:\program files\iTunes
2014-12-25 02:24 . 2014-12-25 02:24 -------- d-----w- c:\programdata\Apple Computer
2014-12-25 02:23 . 2014-12-25 02:23 -------- d-----w- c:\users\STEPAN\AppData\Local\Apple
2014-12-25 02:23 . 2014-12-25 02:23 -------- d-----w- c:\program files\Apple Software Update
2014-12-25 02:23 . 2014-12-25 02:23 -------- d-----w- c:\program files\Bonjour
2014-12-25 02:23 . 2015-01-02 01:32 -------- d-----w- c:\program files\Common Files\Apple
2014-12-25 02:23 . 2014-12-25 02:23 -------- d-----w- c:\programdata\Apple
2014-12-18 13:24 . 2014-12-18 13:25 -------- d-----w- c:\users\STEPAN\AppData\Local\Google
2014-12-18 13:24 . 2015-01-08 12:42 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-18 13:30 . 2014-11-01 14:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-18 13:30 . 2014-11-01 14:57 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-13 10:02 . 2014-10-28 23:20 60560 ----a-w- c:\windows\system32\OpenCL.dll
2014-12-13 10:02 . 2014-08-19 21:16 16039176 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-12-13 10:02 . 2014-08-19 21:16 14128496 ----a-w- c:\windows\system32\nvd3dum.dll
2014-12-13 10:02 . 2014-08-19 21:15 2897640 ----a-w- c:\windows\system32\nvapi.dll
2014-12-13 07:30 . 2014-10-28 23:20 4403016 ----a-w- c:\windows\system32\nvcpl.dll
2014-12-13 07:30 . 2014-10-28 23:20 3056784 ----a-w- c:\windows\system32\nvsvc.dll
2014-12-13 07:30 . 2014-10-28 23:20 669840 ----a-w- c:\windows\system32\nvvsvc.exe
2014-12-13 07:30 . 2014-10-28 23:20 62784 ----a-w- c:\windows\system32\nvshext.dll
2014-12-13 07:30 . 2014-10-28 23:20 375112 ----a-w- c:\windows\system32\nvmctray.dll
2014-12-13 07:30 . 2014-10-28 23:20 2554000 ----a-w- c:\windows\system32\nvsvcr.dll
2014-12-13 00:12 . 2014-11-04 22:10 2210040 ----a-w- c:\windows\system32\nvspcap.dll
2014-12-13 00:12 . 2014-11-04 22:10 1291464 ----a-w- c:\windows\system32\nvspbridge.dll
2014-12-08 20:25 . 2014-12-08 20:25 208152 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-11-22 10:46 . 2014-11-04 22:09 32400 ----a-w- c:\windows\system32\nvaudcap32v.dll
2014-11-18 20:41 . 2014-11-18 20:41 154904 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-11-13 00:14 . 2014-11-18 14:31 906440 ----a-w- c:\windows\system32\nvdispgenco3234475.dll
2014-11-13 00:14 . 2014-11-18 14:31 1042064 ----a-w- c:\windows\system32\nvdispco3234475.dll
2014-11-04 21:59 . 2014-11-04 22:00 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-11-01 15:07 . 2014-11-01 15:07 243128 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-10-30 09:07 . 2014-08-19 21:16 906048 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2014-10-30 04:49 . 2014-11-04 22:23 908608 ----a-w- c:\windows\system32\nvdispgenco3234460.dll
2014-10-30 04:49 . 2014-11-04 22:23 1043264 ----a-w- c:\windows\system32\nvdispco3234460.dll
2014-10-29 20:58 . 2014-10-29 00:23 409088 ----a-w- c:\windows\system32\systemcpl.dll
2014-10-29 20:58 . 2014-10-29 00:22 13824 ----a-w- c:\windows\system32\slwga.dll
2014-10-29 02:17 . 2014-10-29 02:17 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-10-29 02:17 . 2014-10-29 02:17 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-10-29 02:17 . 2014-10-29 02:17 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-10-29 02:17 . 2014-10-29 02:17 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-10-29 02:17 . 2014-10-29 02:17 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-10-29 02:17 . 2014-10-29 02:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-10-29 02:17 . 2014-10-29 02:17 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-10-29 02:17 . 2014-10-29 02:17 337408 ----a-w- c:\windows\system32\html.iec
2014-10-29 02:17 . 2014-10-29 02:17 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-10-29 02:17 . 2014-10-29 02:17 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-10-29 02:17 . 2014-10-29 02:17 182272 ----a-w- c:\windows\system32\msls31.dll
2014-10-29 02:17 . 2014-10-29 02:17 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-10-29 02:17 . 2014-10-29 02:17 139264 ----a-w- c:\windows\system32\wextract.exe
2014-10-29 02:17 . 2014-10-29 02:17 13312 ----a-w- c:\windows\system32\mshta.exe
2014-10-29 02:17 . 2014-10-29 02:17 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-10-29 02:16 . 2014-10-29 02:16 69632 ----a-w- c:\windows\system32\smss.exe
2014-10-29 02:16 . 2014-10-29 02:16 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-10-29 02:16 . 2014-10-29 02:16 619520 ----a-w- c:\windows\system32\tdh.dll
2014-10-29 02:16 . 2014-10-29 02:16 38912 ----a-w- c:\windows\system32\csrsrv.dll
2014-10-29 02:16 . 2014-10-29 02:16 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-10-29 02:16 . 2014-10-29 02:16 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-10-29 02:16 . 2014-10-29 02:16 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-10-29 02:14 . 2014-10-29 02:14 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-29 02:14 . 2014-10-29 02:14 906240 ----a-w- c:\windows\system32\FntCache.dll
2014-10-29 02:14 . 2014-10-29 02:14 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2014-10-29 02:14 . 2014-10-29 02:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-29 02:14 . 2014-10-29 02:14 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-29 02:14 . 2014-10-29 02:14 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-29 02:14 . 2014-10-29 02:14 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-10-29 02:14 . 2014-10-29 02:14 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-29 02:14 . 2014-10-29 02:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-29 02:14 . 2014-10-29 02:14 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-29 02:14 . 2014-10-29 02:14 293376 ----a-w- c:\windows\system32\dxgi.dll
2014-10-29 02:14 . 2014-10-29 02:14 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-29 02:14 . 2014-10-29 02:14 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-10-29 02:14 . 2014-10-29 02:14 220160 ----a-w- c:\windows\system32\d3d10core.dll
2014-10-29 02:14 . 2014-10-29 02:14 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-10-29 02:14 . 2014-10-29 02:14 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2014-10-29 02:14 . 2014-10-29 02:14 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2014-10-29 02:14 . 2014-10-29 02:14 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2014-10-29 02:14 . 2014-10-29 02:14 1080832 ----a-w- c:\windows\system32\d3d10.dll
2014-10-29 02:14 . 2014-10-29 02:14 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-29 02:13 . 2014-10-29 02:13 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-10-29 00:38 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2014-10-20 02:37 . 2014-10-29 20:16 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33EC61ED-A0FC-4895-A8C2-B80150EE1E79}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-10-23 4825880]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-12-18 3667472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-12-13 2210040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-10-29 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-12-18 3432976]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2014-10-29 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-11-18 154904]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-12-08 208152]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-12-18 298080]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 915600]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 18186896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-13 410768]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet - adaptér;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-11-01 243128]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-01 13:30]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1 10.0.0.138
FF - ProfilePath - c:\users\STEPAN\AppData\Roaming\Mozilla\Firefox\Profiles\siyludjp.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-HDQ-1.2cV08.01 - c:\program files\HDQ-1.2cV08.01\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-01-13 17:23:36
ComboFix-quarantined-files.txt 2015-01-13 16:23
.
Před spuštěním: Volných bajtů: 388 561 604 608
Po spuštění: Volných bajtů: 388 226 015 232
.
- - End Of File - - B5B84195DA22A934BDA5D19E76E7B2CA
A36C5E4F47E84449FF07ED3517B43A31

Příspěvekod **jaro3** » 13 led 2015 19:35

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vlož nový log z HJT + info o problémech.

kulda.s · Příspěvekod **kulda.s** » 13 led 2015 19:56

Problémy ustali. Antivir mi nic nehlásí, i PC už není zahlcené a funguje rychle

aswMBR log:
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-01-13 19:47:22
-----------------------------
19:47:22.664 OS Version: Windows 6.1.7601 Service Pack 1
19:47:22.664 Number of processors: 2 586 0xF0D
19:47:22.664 ComputerName: STEPAN-PC UserName: STEPAN
19:47:49.855 Initialize success
19:47:49.933 VM: initialized successfully
19:47:49.933 VM: Intel CPU virtualization not supported
19:48:29.106 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
19:48:29.106 Disk 0 Vendor: SAMSUNG_HD502IJ 1AA01113 Size: 470897MB BusType: 3
19:48:29.231 Disk 0 MBR read successfully
19:48:29.246 Disk 0 MBR scan
19:48:29.246 Disk 0 Windows 7 default MBR code
19:48:29.262 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:48:29.262 Disk 0 default boot code
19:48:29.277 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 470795 MB offset 206848
19:48:29.277 Disk 0 scanning sectors +964395008
19:48:29.340 Disk 0 scanning C:\Windows\system32\drivers
19:48:34.925 Service scanning
19:48:48.933 Modules scanning
19:48:49.448 Disk 0 trace - called modules:
19:48:49.464 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys
19:48:49.464 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a51798]
19:48:49.479 3 CLASSPNP.SYS[89e5c59e] -> nt!IofCallDriver -> [0x8595f938]
19:48:49.479 5 ACPI.sys[8964b3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x85977908]
19:48:49.479 Disk 0 statistics 70529/0/0 @ 7,22 MB/s
19:48:49.495 Scan finished successfully
19:51:54.933 Disk 0 MBR has been saved successfully to "C:\Users\STEPAN\Desktop\MBR.dat"
19:51:54.933 The log file has been saved successfully to "C:\Users\STEPAN\Desktop\aswMBR.txt"

HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:53:52, on 13.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

FIREFOX: 34.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wuauclt.exe
C:\Users\STEPAN\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5001 bytes

Příspěvekod **jaro3** » 14 led 2015 10:43

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

Stáhni si zde DelFix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

PC nachází neustále viry Vyřešeno

PC nachází neustále viry

Re: PC nachází neustále viry

Re: PC nachází neustále viry

Re: PC nachází neustále viry

Re: PC nachází neustále viry

Re: PC nachází neustále viry

Re: PC nachází neustále viry

Re: PC nachází neustále viry

Re: PC nachází neustále viry

Re: PC nachází neustále viry

Re: PC nachází neustále viry

Re: PC nachází neustále viry

Kdo je online