Prosím o kontrolu logu

K-A-R-E-L · Příspěvekod **K-A-R-E-L** » 14 led 2015 19:39

Ahoj,
ZoneAlarm mi hlásí detekci (viz příloha), ale jiné antiviry nic. Prosím o kontrolu logu, díky.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:42:08, on 14.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Users\Karel\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... 5651956&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.29.17\bh\zonealarm.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [X-Lite 4] "C:\Program Files (x86)\CounterPath\X-Lite 4\X-Lite4.exe" -bootload
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileOpen Manager Service (FileOpenManagerSvc) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 11221 bytes

Reklama

Příspěvekod **jaro3** » 15 led 2015 09:32

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

K-A-R-E-L · Příspěvekod **K-A-R-E-L** » 15 led 2015 16:53

OK, LOG z AdwCleaneru je zde:

# AdwCleaner v4.107 - Report created 15/01/2015 at 16:49:08
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Karel - PC-DOMA
# Running from : C:\Users\Karel\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Found : C:\Users\Karel\AppData\LocalLow\Check Point Software Technologies LTD
Folder Found : C:\Users\Karel\AppData\Roaming\Check Point Software Technologies LTD
Folder Found : C:\Users\Karel\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds& ... 5651956&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds& ... 5651956&q={searchTerms}

-\\ Mozilla Firefox v

-\\ Google Chrome v41.0.2272.3

[C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds& ... 5651956&q={searchTerms}
[C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds& ... 5651956&q={searchTerms}

*************************

AdwCleaner[R0].txt - [4472 octets] - [15/01/2015 16:49:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4532 octets] ##########

A z Malwarebytes zde:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15.1.2015
Čas skenování: 16:55:45
Protokol:
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.01.15.09
Databáze rootkitů: v2015.01.14.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Karel

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 368081
Uplynulý čas: 17 min, 23 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 0
(Žádné zákerné zjištěny položek)

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 0
(Žádné zákerné zjištěny položek)

Soubory: 0
(Žádné zákerné zjištěny položek)

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)

(end)

Příspěvekod **Orcus** » 15 led 2015 18:45

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

K-A-R-E-L · Příspěvekod **K-A-R-E-L** » 15 led 2015 22:57

OK, tak postupně jsou zde logy.

AdwCleaner:
# AdwCleaner v4.107 - Report created 15/01/2015 at 22:49:06
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Karel - PC-DOMA
# Running from : C:\Users\Karel\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Check Point Software Technologies LTD
Folder Deleted : C:\Users\Karel\AppData\LocalLow\Check Point Software Technologies LTD
Folder Deleted : C:\Users\Karel\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\Karel\AppData\Roaming\Check Point Software Technologies LTD

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

-\\ Google Chrome v41.0.2272.3

[C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds& ... 5651956&q={searchTerms}
[C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds& ... 5651956&q={searchTerms}

*************************

AdwCleaner[R0].txt - [4620 octets] - [15/01/2015 16:49:08]
AdwCleaner[R1].txt - [4680 octets] - [15/01/2015 22:47:24]
AdwCleaner[S0].txt - [4423 octets] - [15/01/2015 22:49:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4483 octets] ##########

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Karel on źt 15.01.2015 at 22:58:49,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 15.01.2015 at 23:11:13,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ten poslední RogueKiller se mi 2x na začátku hned po spuštění (ještě než šlo kliknout na ikonku prohledat) zasekl vždy na 60% (kontroluji skryté procesy). Ani pak nešel zavřít, napsalo to prosím čekejte ukončuji, ale ani po 10 min. nic. Přejmenování taky nepomohlo, dopadlo to stejně jako poprvé. Pak jsme to spustil hned po restartu PC jako první a šlo to. Jen to zaškrtávání nikde není Kontrola Faked ale je tam (mezi kontrola MBR a Antirootkid) položka Offline Reg, tak jsem bral že je tam asi místo toho Faked.

RogueKiller V10.1.2.0 (x64) [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Karel [Práva správce]
Mód : Prohledat -- Datum : 01/16/2015 00:02:12

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 40 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837} -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> Nalezeno
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Nalezeno
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837} -> Nalezeno
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} -> Nalezeno
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\RK_Karel_ON_D_2A50\Software\Microsoft\Windows\CurrentVersion\Run | Praetorian : C:\Documents and Settings\Karel\Local Settings\Data aplikací\Yandex\Updater\praetorian.exe -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\RK_Karel_ON_D_2A50\Software\Microsoft\Windows\CurrentVersion\Run | Praetorian : C:\Documents and Settings\Karel\Local Settings\Data aplikací\Yandex\Updater\praetorian.exe -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_465C\ControlSet001\Services\BCUService -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_465C\ControlSet002\Services\BCUService -> Nalezeno
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Internet Explorer\Main | Start Page : http://www.bigseekpro.com/splitcam/{3086622C-BC30-4514-BA64-4E07D435D96F} -> Nalezeno
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Nalezeno
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Internet Explorer\Main | Start Page : http://www.bigseekpro.com/splitcam/{3086622C-BC30-4514-BA64-4E07D435D96F} -> Nalezeno
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\RK_Karel_ON_D_2A50\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\RK_Karel_ON_D_2A50\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2785456505-2032376845-3939014736-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2785456505-2032376845-3939014736-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\RK_Karel_ON_D_2A50\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\RK_Karel_ON_D_2A50\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2785456505-2032376845-3939014736-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2785456505-2032376845-3939014736-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nalezeno
[PUM.Desktop] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Nalezeno
[PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A8AB\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 37 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\msisadrv.sys - IRP_MJ_CREATE[0] : Unknown @ 0x69de2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\msisadrv.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x69de2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\msisadrv.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x69de2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\msisadrv.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x69de2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\msisadrv.sys - IRP_MJ_POWER[22] : Unknown @ 0x69de2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\msisadrv.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x69de2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\msisadrv.sys - IRP_MJ_PNP[27] : Unknown @ 0x69de2c0
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x777a010a (jmp 0x15d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x777a010a (jmp 0x15ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x777a010a (jmp 0x15ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x777a010a (jmp 0x15eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x777a010a (jmp 0x15e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x777a010a (jmp 0x15ee70|jmp 0xfffffffffffffc19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x777a010a (jmp 0x15ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x777a010a (jmp 0x15e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x777a010a (jmp 0x15dc20|jmp 0xfffffffffffffbf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x777a010a (jmp 0x15ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x777a010a (jmp 0x15ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x777a010a (jmp 0x15e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x777a010a (jmp 0x15f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x777a010a (jmp 0x15e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x777a010a (jmp 0x15ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x777a010a (jmp 0x15e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x777a010a (jmp 0x15e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x777a010a (jmp 0x15e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x777a010a (jmp 0x15e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x777a010a (jmp 0x15e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x777a010a (jmp 0x15e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x777a010a (jmp 0x15e6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x777a010a (jmp 0x15ec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x777a010a (jmp 0x15e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x777a010a (jmp 0x15d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x777a010a (jmp 0x15e980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x777a010a (jmp 0x15de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x777a010a (jmp 0x15d700|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x777a010a (jmp 0x15e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x777a010a (jmp 0x15e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] d6c0d0112f1b492412f5a461ce8ea407
[BSP] e9114f542351059ea58e27cd74ff4a7b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 488376000 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2500AAJB-00J3A0 ATA Device +++++
--- User ---
[MBR] 79c7f026ade0bb23ae2a001d47d6e0c6
[BSP] a4522668fcbd4428ea048da2ae2e0f9d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

============================================
RKreport_DEL_06022014_110554.log - RKreport_SCN_06012014_181315.log - RKreport_SCN_06012014_213137.log - RKreport_SCN_06022014_110525.log

Příspěvekod **Orcus** » 16 led 2015 09:33

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
rogram nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

K-A-R-E-L · Příspěvekod **K-A-R-E-L** » 16 led 2015 16:24

Ok, RogueKiller je níže, ale USB disky ani externí připojené žádné nemám, ale přes USB je napojené Bluetooth na ovládání klávesnice, myši a sluchátek. Taky ten ZoneAlarm už nic nehlásí, tak nevím zda je to už ok či nikoliv.

RogueKiller V10.1.2.0 (x64) [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Karel [Práva správce]
Mód : Smazat -- Datum : 01/16/2015 16:19:00

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 40 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837} -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> Smazáno
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Smazáno
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837} -> Smazáno
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} -> Smazáno
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\RK_Karel_ON_D_6E08\Software\Microsoft\Windows\CurrentVersion\Run | Praetorian : C:\Documents and Settings\Karel\Local Settings\Data aplikací\Yandex\Updater\praetorian.exe [x] -> Smazáno
[Suspicious.Path] (X86) HKEY_USERS\RK_Karel_ON_D_6E08\Software\Microsoft\Windows\CurrentVersion\Run | Praetorian : C:\Documents and Settings\Karel\Local Settings\Data aplikací\Yandex\Updater\praetorian.exe -> ERROR [2]
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_95D4\ControlSet001\Services\BCUService -> Smazáno
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_95D4\ControlSet002\Services\BCUService -> Smazáno
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Internet Explorer\Main | Start Page : http://www.bigseekpro.com/splitcam/{3086622C-BC30-4514-BA64-4E07D435D96F} -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.google.com -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Internet Explorer\Main | Start Page : http://www.bigseekpro.com/splitcam/{3086622C-BC30-4514-BA64-4E07D435D96F} -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.google.com -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\RK_Karel_ON_D_6E08\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\RK_Karel_ON_D_6E08\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2785456505-2032376845-3939014736-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2785456505-2032376845-3939014736-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\RK_Karel_ON_D_6E08\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\RK_Karel_ON_D_6E08\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2785456505-2032376845-3939014736-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2785456505-2032376845-3939014736-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Desktop] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Smazáno
[PUM.Desktop] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> ERROR [2]
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_6246\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 47 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CREATE[0] : Unknown @ 0x69e02c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x69e02c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x69e02c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x69e02c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_POWER[22] : Unknown @ 0x69e02c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x69e02c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\pciide.sys - IRP_MJ_PNP[27] : Unknown @ 0x69e02c0
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x480ecc (jmp 0xffffffff894fec38)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - UnhookWindowsHookEx : Unknown @ 0x481284 (jmp 0xffffffff89501424)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWinEventHook : Unknown @ 0x4803a4 (jmp 0xffffffff894f91bc)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7722010a (jmp 0x15d850|jmp 0xfffffffffffffe09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7722010a (jmp 0x15ed60|jmp 0xfffffffffffffc49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7722010a (jmp 0x15ed20|jmp 0xfffffffffffffc69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateEvent : Unknown @ 0x7722010a (jmp 0x15eba0|jmp 0xfffffffffffffd29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x7722010a (jmp 0x15e300|jmp 0xfffffffffffffb69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x1f163c (jmp 0xffffffff891300cc)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenEvent : Unknown @ 0x7722010a (jmp 0x15ec30|jmp 0xfffffffffffffd19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x7722010a (jmp 0x15e870|jmp 0xfffffffffffffc59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x1f19f4 (jmp 0xffffffff8912f214)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x1f1284 (jmp 0xffffffff8912fad4)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - LdrUnloadDll : Unknown @ 0x1f075c (jmp 0xffffffff8915cc4c)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - LdrLoadDll : Unknown @ 0x1f03a4 (jmp 0xffffffff891588e4)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7722010a (jmp 0x15ebc0|jmp 0xfffffffffffffce9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtFreeVirtualMemory : Unknown @ 0x1f0ecc (jmp 0xffffffff8912fa3c)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAllocateVirtualMemory : Unknown @ 0x1f0b14 (jmp 0xffffffff8912f6e4)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7722010a (jmp 0x15ee60|jmp 0xfffffffffffffc89|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x7722010a (jmp 0x15e300|jmp 0xfffffffffffffb59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueryObject : Unknown @ 0x7722010a (jmp 0x15f0a0|jmp 0xfffffffffffffba9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x7722010a (jmp 0x15e730|jmp 0xfffffffffffffca9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7722010a (jmp 0x15ed00|jmp 0xfffffffffffffcd9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateSemaphore : Unknown @ 0x7722010a (jmp 0x15e5a0|jmp 0xfffffffffffffd49|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenSemaphore : Unknown @ 0x7722010a (jmp 0x15e030|jmp 0xfffffffffffffd39|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7722010a (jmp 0x15e610|jmp 0xfffffffffffffd69|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenMutant : Unknown @ 0x7722010a (jmp 0x15e060|jmp 0xfffffffffffffd59|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateTimer : Unknown @ 0x7722010a (jmp 0x15e5f0|jmp 0xfffffffffffffcc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenTimer : Unknown @ 0x7722010a (jmp 0x15e070|jmp 0xfffffffffffffcb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7722010a (jmp 0x15e6a0|jmp 0xfffffffffffffc29|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtTerminateThread : Unknown @ 0x7722010a (jmp 0x15ec10|jmp 0xfffffffffffffc09|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenThread : Unknown @ 0x7722010a (jmp 0x15e0c0|jmp 0xfffffffffffffc79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7722010a (jmp 0x15d9a0|jmp 0xfffffffffffffbc9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x7722010a (jmp 0x15e980|jmp 0xfffffffffffffb79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x7722010a (jmp 0x15de80|jmp 0xfffffffffffffbb9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7722010a (jmp 0x15d700|jmp 0xfffffffffffffd79|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - UnhookWinEvent : Unknown @ 0x48075c (jmp 0xffffffff89506e6c)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtOpenEventPair : Unknown @ 0x7722010a (jmp 0x15e130|jmp 0xfffffffffffffcf9|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7722010a (jmp 0x15e140|jmp 0xfffffffffffffe19|jmp 0xfffffffffffffff0)
[IAT:Inl(Hook.IEAT)] (explorer.exe) USER32.dll - SetWindowsHookExA : Unknown @ 0x480b14 (jmp 0xffffffff894e77f4)

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[IE:Addon] System : avast! Online Security [{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] d6c0d0112f1b492412f5a461ce8ea407
[BSP] e9114f542351059ea58e27cd74ff4a7b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 488376000 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD2500AAJB-00J3A0 ATA Device +++++
--- User ---
[MBR] 79c7f026ade0bb23ae2a001d47d6e0c6
[BSP] a4522668fcbd4428ea048da2ae2e0f9d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 238464 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

============================================
RKreport_DEL_06022014_110554.log - RKreport_SCN_01162015_000207.log - RKreport_SCN_06012014_181315.log - RKreport_SCN_06012014_213137.log
RKreport_SCN_06022014_110525.log - RKreport_SCN_01162015_161521.log

Ten druhý log je zde:

Zoek.exe v5.0.0.0 Updated 15-01-2015
Tool run by Karel on p 16.01.2015 at 16:24:59,77.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Karel\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16.1.2015 16:27:04 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Program Files\Google deleted successfully
C:\Program Files\HP Toner Cartridge Authentication deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Unity deleted successfully
C:\Users\Karel\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Karel\AppData\Local\Auto-Mouse-Clicker deleted successfully
C:\Users\Karel\AppData\Local\GHISLER deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2785456505-2032376845-3939014736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0DF1ABD2-D97D-4F99-948C-B2D9EECC2728} deleted successfully
HKEY_USERS\S-1-5-21-2785456505-2032376845-3939014736-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b312965f-9b46-4f00-ac3f-a6c62f6e4c3e} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:

Added to C:\Users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\boost_interprocess deleted
C:\Users\Karel\AppData\Local\cache deleted
"C:\Windows\Installer\2e086.msi" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

==== Firefox Plugins ======================

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.3 (Possible outdated, latest Stable version: 39.0.2171.99)

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ECE53735164E0DF47B24323A2534D6A3 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{53735ECE-E461-4FD0-B742-23A352436D3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\ECE53735164E0DF47B24323A2534D6A3 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Karel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Karel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=44 folders=5 1678533 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Karel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Karel\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
C:\RECYCLER successfully emptied

==== EOF on p 16.01.2015 at 16:46:51,67 ======================

Příspěvekod **jaro3** » 16 led 2015 18:56

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vlož nový log z HJT + info o problémech.

K-A-R-E-L · Příspěvekod **K-A-R-E-L** » 16 led 2015 19:43

OK, log je níže:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-01-16 19:25:48
-----------------------------
19:25:48.876 OS Version: Windows x64 6.1.7601 Service Pack 1
19:25:48.876 Number of processors: 2 586 0x602
19:25:48.876 ComputerName: PC-DOMA UserName: Karel
19:25:50.014 Initialize success
19:25:54.741 VM: initialized successfully
19:25:54.741 VM: outdated driver version !
19:25:55.521 AVAST engine defs: 15011600
19:26:22.119 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:26:22.135 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
19:26:22.151 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
19:26:22.151 Disk 1 Vendor: WDC_WD2500AAJB-00J3A0 01.03E01 Size: 238475MB BusType: 3
19:26:22.182 Disk 0 MBR read successfully
19:26:22.182 Disk 0 MBR scan
19:26:22.182 Disk 0 Windows 7 default MBR code
19:26:22.182 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
19:26:22.197 Disk 0 default boot code
19:26:22.197 Disk 0 Partition - 00 0F Extended LBA 238464 MB offset 488376000
19:26:22.213 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238464 MB offset 488376063
19:26:22.728 Disk 0 scanning C:\Windows\system32\drivers
19:26:35.582 Service scanning
19:26:49.997 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:26:54.645 Modules scanning
19:26:54.661 Disk 0 trace - called modules:
19:26:54.692 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069de2c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:26:54.708 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007949060]
19:26:54.708 3 CLASSPNP.SYS[fffff88001bcc43f] -> nt!IofCallDriver -> [0xfffffa8007941e40]
19:26:54.723 5 ACPI.sys[fffff8800199b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800793e060]
19:26:54.723 \Driver\atapi[0xfffffa80073a0b10] -> IRP_MJ_CREATE -> 0xfffffa80069de2c0
19:26:55.691 AVAST engine scan C:\Windows
19:26:58.514 AVAST engine scan C:\Windows\system32
19:30:33.295 AVAST engine scan C:\Windows\system32\drivers
19:30:47.928 AVAST engine scan C:\Users\Karel
19:35:34.126 AVAST engine scan C:\ProgramData
19:40:20.792 Disk 0 statistics 3877226/0/0 @ 4,47 MB/s
19:40:20.808 Scan finished successfully
19:41:22.537 Disk 0 MBR has been saved successfully to "C:\Users\Karel\Desktop\MBR.dat"
19:41:22.537 The log file has been saved successfully to "C:\Users\Karel\Desktop\aswMBR.txt"

Příspěvekod **jaro3** » 17 led 2015 09:34

Vlož nový log z HJT + info o problémech.

K-A-R-E-L · Příspěvekod **K-A-R-E-L** » 17 led 2015 19:40

Ok, log je níže, o žádných problémech již nic nevím (resp.mi je nic nehlásí), takže asi je to nejspíš vyřešeno.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:38:19, on 17.1.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Users\Karel\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [X-Lite 4] "C:\Program Files (x86)\CounterPath\X-Lite 4\X-Lite4.exe" -bootload
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileOpen Manager Service (FileOpenManagerSvc) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 11163 bytes

Příspěvekod **Orcus** » 18 led 2015 09:37

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy, je to vše a můžeš dát vyřešeno , zelenou fajfku.

Prosím o kontrolu logu Vyřešeno

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online