Prosím o kontrolu logu

Berry · Příspěvekod **Berry** » 02 dub 2015 21:11

Dobrý večer. Prosím o kontrolu. Můj notebook přestává "fungovat".
Notebook začal být úplně pomalý. Nalezeno plno infiltrací, antivir kontrola nedojede do konce, Google Chrome nelze spustit - prý je v něm Trojský kůň,
přestávají pracovat programy. :huh:

Prosím o pomoc.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:53:38, on 2.4.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Users\Jakub\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... 0653106531
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&t ... 0653106531
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&t ... 0653106531
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mystartsearch.com/web/?type= ... 3106531&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mystartsearch.com/web/?type= ... 3106531&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.10.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [popweb] "C:\Program Files\Max Software\Keylogger\scragent.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_305_ActiveX.exe -update activex
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScrKlgSvc - Unknown owner - C:\Program Files\Max Software\Keylogger\skgsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 8524 bytes

Reklama

Příspěvekod **jaro3** » 03 dub 2015 09:36

Keylogger tam máš vědomě?

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Berry · Příspěvekod **Berry** » 03 dub 2015 15:53

Ahoj.
- Keylooger nainstaloval můj chlap. Vím jen, že se tím dají zjistit hesla. Asi mě potřebuje sledovat??? :huh:

- Používám jen Google Chrome , ATF jsem tedy nepoužila.
- Objevilo se nám, že nás sleduje 1 cizí uživatel přes Google Chrome. ???

# AdwCleaner v4.200 - Log vytvooen 03/04/2015 v 14:59:59
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Uživatelské jméno : Markéta - NOTEBOOK_HP
# Spuštino z : C:\Users\Markéta\Desktop\adwcleaner_4.200.exe
# Nastavení : Sken

***** [ Služby ] *****

Služba Nalezeno : {572f484b-455f-44b0-9d6a-da3ad2071365}t
Služba Nalezeno : 24c54e38

***** [ Soubory / Složky ] *****

Složka Nalezeno : C:\Program Files\Common Files\ParetoLogic
Složka Nalezeno : C:\Program Files\DeltaFix
Složka Nalezeno : C:\Program Files\uniSiales
Složka Nalezeno : C:\Program Files\XTab
Složka Nalezeno : C:\Program Files\YourFileDownloader
Složka Nalezeno : C:\Program Files\YourFileDownloader
Složka Nalezeno : C:\ProgramData\apn
Složka Nalezeno : C:\ProgramData\Ask
Složka Nalezeno : C:\ProgramData\Babylon
Složka Nalezeno : C:\ProgramData\BitGuard
Složka Nalezeno : C:\ProgramData\Browser Manager
Složka Nalezeno : C:\ProgramData\BrowserProtect
Složka Nalezeno : C:\ProgramData\DriverCure
Složka Nalezeno : C:\ProgramData\Fighters
Složka Nalezeno : C:\ProgramData\IHProtectUpDate
Složka Nalezeno : C:\ProgramData\ParetoLogic
Složka Nalezeno : C:\ProgramData\Trymedia
Složka Nalezeno : C:\ProgramData\wincert
Složka Nalezeno : C:\Users\Jakub\AppData\Local\OpenCandy
Složka Nalezeno : C:\Users\Jakub\AppData\Local\PackageAware
Složka Nalezeno : C:\Users\Jakub\AppData\LocalLow\AlterGeo
Složka Nalezeno : C:\Users\Jakub\AppData\LocalLow\HPAppData
Složka Nalezeno : C:\Users\Jakub\AppData\Roaming\Babylon
Složka Nalezeno : C:\Users\Jakub\AppData\Roaming\DriverCure
Složka Nalezeno : C:\Users\Jakub\AppData\Roaming\GrabPro
Složka Nalezeno : C:\Users\Jakub\AppData\Roaming\OpenCandy
Složka Nalezeno : C:\Users\Jakub\AppData\Roaming\ProgSense
Složka Nalezeno : C:\Users\Jakub\AppData\Roaming\Systweak
Složka Nalezeno : C:\Users\Jakub\AppData\Roaming\YourFileDownloader
Složka Nalezeno : C:\Users\Jakub\AppData\Roaming\YourFileDownloader
Složka Nalezeno : C:\Users\Markéta\AppData\Local\Winamp Toolbar
Složka Nalezeno : C:\Users\Markéta\AppData\LocalLow\HPAppData
Složka Nalezeno : C:\Users\Markéta\AppData\Roaming\GrabPro
Složka Nalezeno : C:\Users\Markéta\AppData\Roaming\ProgSense
Složka Nalezeno : C:\Users\Markéta\AppData\Roaming\Systweak
Soubor Nalezeno : C:\Windows\system32\drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}t.sys
Soubor Nalezeno : C:\Windows\system32\roboot.exe

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Data Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 10.0.10.1:3128
Data Nalezeno : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "C:\Program Files\Internet Explorer\IEXPLORE.EXE" hxxp://www.mystartsearch.com/?type=sc&t ... 0653106531
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Hodnota Nalezeno : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Hodnota Nalezeno : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Hodnota Nalezeno : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Klíe Nalezeno : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíe Nalezeno : HKCU\Software\AVG Secure Search
Klíe Nalezeno : HKCU\Software\DataMngr
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Klíe Nalezeno : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CB3625F4-78A9-4B2D-85E7-836F10B269D4}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E12CCFD6-0A70-487B-B0D8-C24D261ECA01}
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F02A0ABD-0609-473E-8626-0C9AE4C9508E}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Orbit_is1
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\XTab
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKCU\Software\Orbit
Klíe Nalezeno : HKCU\Software\ProgSense
Klíe Nalezeno : HKCU\Software\systweak
Klíe Nalezeno : HKCU\Software\Winamp Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Klíe Nalezeno : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Klíe Nalezeno : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Klíe Nalezeno : HKLM\SOFTWARE\Babylon
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\driverscanner
Klíe Nalezeno : HKLM\SOFTWARE\Classes\iLivid.torrent
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Prod.cap
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Klíe Nalezeno : HKLM\SOFTWARE\DataMngr
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Klíe Nalezeno : HKLM\SOFTWARE\IHProtect
Klíe Nalezeno : HKLM\SOFTWARE\Iminent
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB3625F4-78A9-4B2D-85E7-836F10B269D4}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Klíe Nalezeno : HKLM\SOFTWARE\mystartsearchSoftware
Klíe Nalezeno : HKLM\SOFTWARE\ParetoLogic
Klíe Nalezeno : HKLM\SOFTWARE\PIP
Klíe Nalezeno : HKLM\SOFTWARE\SupDp
Klíe Nalezeno : HKLM\SOFTWARE\SweetIM
Klíe Nalezeno : HKLM\SOFTWARE\systweak
Klíe Nalezeno : HKLM\SOFTWARE\Trymedia Systems
Klíe Nalezeno : HKLM\SOFTWARE\Uniblue
Klíe Nalezeno : HKLM\SOFTWARE\Uniblue\DriverScanner
Klíe Nalezeno : HKLM\SOFTWARE\YourFileDownloader

***** [ Prohlížeee ] *****

-\\ Internet Explorer v9.0.8112.16455

Nastavení Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.search.ask.com/?o=APN10645A& ... 51-216&t=4
Nastavení Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&t ... 0653106531
Nastavení Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.mystartsearch.com/?type=hp&t ... 0653106531
Nastavení Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://www.mystartsearch.com/web/?type= ... 3106531&q={searchTerms}
Nastavení Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.mystartsearch.com/web/?type= ... 3106531&q={searchTerms}

-\\ Google Chrome v37.0.2062.103

[C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gc ... nrs=AG6&q={searchTerms}
[C:\Users\Markéta\AppData\Local\Google\Chrome\User Data\Default\Web data] - Nalezeno [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [18176 bytu] - [03/04/2015 14:59:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18235 bytu] ##########

- - - - - - - - -

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 3.4.2015
Čas skenování: 15:17:11
Protokol:
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.03.04
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: MarkÃ©ta

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 382857
Uplynulý čas: 25 min, 26 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 9
PUP.Optional.Multiplug, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [65cb1a4ea4e658def57f1d13cb3807f9],
PUP.Optional.Multiplug, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [65cb1a4ea4e658def57f1d13cb3807f9],
PUP.Optional.Multiplug, HKU\S-1-5-21-2180271012-3865079212-1960874270-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, , [65cb1a4ea4e658def57f1d13cb3807f9],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [161ade8a256568cea4ecf43dec176f91],
PUP.Optional.Multiplug, HKU\S-1-5-21-2180271012-3865079212-1960874270-1001_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}, , [58d837311278cf67d3a188a8f3102ad6],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\1ClickDownload, , [43ed94d45d2d1e180934110c6a9b18e8],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\SweetIM, , [75bb0068c1c9cd693e59f9cd57ac936d],
PUP.Optional.Qone8, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [1818fc6c6d1d999d30471b0cb94c867a],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\SYSTWEAK\RegClean Pro, , [8aa66cfc5d2d6fc7ff8b9c857e87dc24],

Hodnoty registru: 3
PUP.Optional.Babylon.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), , [2c04e7814a405adcb65f7ad1d035f907]
PUP.Optional.Babylon.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, http://search.babylon.com/?q={searchTerms}&affID=112555&tt=3112_3&babsrc=SP_ss&mntrId=a8fb61d6000000000000002186be1cb2, , [e34dce9a8307ca6c73a29daead58ff01]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?type= ... 3106531&q={searchTerms}, , [dc54c8a031593bfb8f2781c9ac5957a9]

Data registru: 1
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&t ... 0653106531, Dobré: (www.google.com), Špatné: (http://www.mystartsearch.com/?type=hp&t ... 0653106531),,[59d7a2c63f4bf244d905a74341c4ae52]

Složky: 1
PUP.Optional.Datamngr.A, C:\Users\MarkÃ©ta\AppData\LocalLow\DataMngr, , [ec44adbb3f4b85b1ffd9a9db9e65cd33],

Soubory: 7
Trojan.Repacked, C:\Users\Jakub\Downloads\Pro+Flight+Simulator.exe, , [cd6382e6c4c6d165309ae4cf7b859c64],
PUP.Optional.OpenCandy, C:\Users\Jakub\Downloads\aTube_Catcher_Setup.exe, , [81afca9e642687af6fdbeb325bab2cd4],
PUP.Optional.SweetIM, C:\Users\Jakub\Downloads\sweetimsetup (1).exe, , [0e22b3b5fa90d95d9c3f1309a0663ec2],
PUP.Optional.SweetIM, C:\Users\Jakub\Downloads\sweetimsetup.exe, , [cd631157e0aa4ee86675091330d6ee12],
PUP.Optional.OpenCandy, C:\Users\Jakub\Downloads\winamp563_full_emusic-7plus_all.exe, , [5ed2d494147667cf1d2d7da0a165a45c],
PSWTool.OphCrack, C:\Users\Jakub\Downloads\ophcrack.exe, , [e64acc9ca0ea8caa3dbbb5fa2ed47b85],
PUP.Optional.Datamngr.A, C:\Users\MarkÃ©ta\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [ec44adbb3f4b85b1ffd9a9db9e65cd33],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

Příspěvekod **jaro3** » 04 dub 2015 09:10

Asi...

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Berry · Příspěvekod **Berry** » 04 dub 2015 12:07

Můžu se zeptat - mám hodně dat a stáhnutých věcí na externím disku. Měla jsem ho připojit, aby byl také zkontrolován?
Nosím ho často do práce a domů. Napadlo mě to až teď. Asi bych ho měla taky zkontrolovat.

# AdwCleaner v4.200 - Log vytvooen 04/04/2015 v 10:51:15
# Aktualizováno 29/03/2015 by Xplode
# Databáze : 2015-03-29.1 [Server]
# Operaení system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Uživatelské jméno : Markéta - NOTEBOOK_HP
# Spuštino z : C:\Users\Markéta\Desktop\adwcleaner_4.200.exe
# Nastavení : Eištiní

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

***** [ Prohlížeee ] *****

-\\ Internet Explorer v9.0.8112.16455

-\\ Google Chrome v37.0.2062.103

*************************

AdwCleaner[R0].txt - [18314 bytu] - [03/04/2015 14:59:59]
AdwCleaner[R1].txt - [893 bytu] - [04/04/2015 10:49:42]
AdwCleaner[S0].txt - [15550 bytu] - [03/04/2015 15:04:43]
AdwCleaner[S1].txt - [819 bytu] - [04/04/2015 10:51:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [876 bytu] ##########

- - - - - - - - - - -- -

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Mark‚ta on so 04.04.2015 at 10:59:42,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Mark‚ta\appdata\locallow\datamngr"

~~~ Event Viewer Logs were cleared

- - - - - - - - -- - - - - -

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 4.4.2015
Čas skenování: 11:09:38
Protokol: aaaaaaaa.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.04.02
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: MarkA©ta

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 383276
Uplynulý čas: 24 min, 22 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 9
PUP.Optional.Multiplug, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Do karantény, [128076f293f7b5814f791b164ab98b75],
PUP.Optional.Multiplug, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Do karantény, [128076f293f7b5814f791b164ab98b75],
PUP.Optional.Multiplug, HKU\S-1-5-21-2180271012-3865079212-1960874270-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Do karantény, [128076f293f7b5814f791b164ab98b75],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Do karantény, [94fec99f4d3d73c341a36fc37c872ad6],
PUP.Optional.Multiplug, HKU\S-1-5-21-2180271012-3865079212-1960874270-1001_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Do karantény, [e6ac590f5b2f2b0be2e677ba956e3ec2],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\1ClickDownload, Do karantény, [41519fc9a3e74ee8467bfd21e71e5ca4],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\SweetIM, Do karantény, [128074f4305aab8b8f8cecdc29da48b8],
PUP.Optional.Qone8, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Do karantény, [e4ae4e1a5a30f145b546b7710ff6d22e],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\SYSTWEAK\RegClean Pro, Do karantény, [b1e10365c9c167cf6ca230f3ac59ea16],

Hodnoty registru: 3
PUP.Optional.Babylon.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|DisplayName, Search the web (Babylon), Do karantény, [731fcc9c5c2e5fd7d4c46ede040119e7]
PUP.Optional.Babylon.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, http://search.babylon.com/?q={searchTerms}&affID=112555&tt=3112_3&babsrc=SP_ss&mntrId=a8fb61d6000000000000002186be1cb2, Do karantény, [c9c938302466d363e3b5b498f411da26]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://www.mystartsearch.com/web/?type= ... 3106531&q={searchTerms}, Do karantény, [c5cde583701a50e6b683ff4dae5712ee]

Data registru: 1
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-2180271012-3865079212-1960874270-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.mystartsearch.com/?type=hp&t ... 0653106531, Dobré: (www.google.com), Špatné: (http://www.mystartsearch.com/?type=hp&t ... 0653106531),Nahrazeno,[fd95db8da0eaf73f721059930afb718f]

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 6
Trojan.Repacked, C:\Users\Jakub\Downloads\Pro+Flight+Simulator.exe, Do karantény, [672b3236fc8e4aec0a988d2709f73ac6],
PUP.Optional.OpenCandy, C:\Users\Jakub\Downloads\aTube_Catcher_Setup.exe, Do karantény, [3b571c4c6b1fed4905ea49d526e0738d],
PUP.Optional.SweetIM, C:\Users\Jakub\Downloads\sweetimsetup (1).exe, Do karantény, [f39f66021278171f453b899540c6db25],
PUP.Optional.SweetIM, C:\Users\Jakub\Downloads\sweetimsetup.exe, Do karantény, [5f33db8d6f1baa8ca4dca87666a09f61],
PUP.Optional.OpenCandy, C:\Users\Jakub\Downloads\winamp563_full_emusic-7plus_all.exe, Do karantény, [99f9a5c3b2d80e28767965b993739c64],
PSWTool.OphCrack, C:\Users\Jakub\Downloads\ophcrack.exe, Do karantény, [276bdc8ca4e62e0850e0694810f2e31d],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

- - - - - - - - - - - - -

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : Markéta [Práva správce]
Started from : C:\Users\Markéta\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 04/04/2015 11:59:52

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\Jakub\AppData\Local\Temp\ALSysIO.sys) -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Jakub\AppData\Local\Temp\catchme.sys) -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\Jakub\AppData\Local\Temp\ALSysIO.sys) -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Jakub\AppData\Local\Temp\catchme.sys) -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\Jakub\AppData\Local\Temp\ALSysIO.sys) -> Nalezeno
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\Jakub\AppData\Local\Temp\catchme.sys) -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2180271012-3865079212-1960874270-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-2180271012-3865079212-1960874270-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_CREATE[0] : Unknown @ 0x8692c1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x8692c1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x8692c1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x8692c1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_POWER[22] : Unknown @ 0x8692c1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x8692c1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_PNP[27] : Unknown @ 0x8692c1f8

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT1 +++++
--- User ---
[MBR] 6af242a7e61ad6c196382b631a84aaa1
[BSP] 3bb3dbf1aca114abc3cdf691ccfbdd83 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 240802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 493164544 | Size: 56523 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 608925696 | Size: 7913 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **Orcus** » 04 dub 2015 12:31

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Co problémy? + nový log z HJT

Berry · Příspěvekod **Berry** » 05 dub 2015 10:26

Počítač je už rychlejší, vždy při restartu nebo zapínání probíhá konfigurace aktualizací: fáze 3-3 ...je tam dlouho 0% a pak se ukáže uživatelský panel.

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : Markéta [Práva správce]
Started from : C:\Users\Markéta\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 04/05/2015 10:17:22

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno
[C:\WINDOWS\System32\drivers\etc\hosts] ::1 localhost -> Smazáno

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_CREATE[0] : Unknown @ 0x8672a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x8672a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x8672a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x8672a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_POWER[22] : Unknown @ 0x8672a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x8672a1f8
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\iastorv.sys - IRP_MJ_PNP[27] : Unknown @ 0x8672a1f8

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT1 +++++
--- User ---
[MBR] 6af242a7e61ad6c196382b631a84aaa1
[BSP] 3bb3dbf1aca114abc3cdf691ccfbdd83 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 240802 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 493164544 | Size: 56523 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 608925696 | Size: 7913 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_04052015_090006.log - RKreport_SCN_04042015_115951.log - RKreport_SCN_04052015_085829.log - RKreport_SCN_04052015_101637.log

- - - - - - - -- - -

Zoek.exe v5.0.0.0 Updated 02-April-2015
Tool run by Mark‚ta on ne 05.04.2015 at 9:05:08,34.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Markéta\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

5.4.2015 9:06:49 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\Emkvchvoxjzvdbmt deleted successfully
C:\Program Files\Emkvchvoxjzvdbmt2 deleted successfully
C:\Program Files\Empire Interactive deleted successfully
C:\Program Files\Freemake deleted successfully
C:\Program Files\Trend Micro deleted successfully
C:\Program Files\Winamp deleted successfully
C:\Program Files\Common Files\eSellerate deleted successfully
C:\Users\Jakub\AppData\Local\Seznam.cz deleted successfully
C:\Users\Jakub\AppData\Local\The Weather Channel deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2180271012-3865079212-1960874270-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\S-1-5-21-2180271012-3865079212-1960874270-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8B475C01-0C48-4F25-9CC2-552F5ECFF336} deleted successfully
HKEY_USERS\S-1-5-21-2180271012-3865079212-1960874270-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2180271012-3865079212-1960874270-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Program Files\Emkvchvoxjzvdbmt not found
C:\Program Files\Emkvchvoxjzvdbmt2 not found
C:\Program Files\Empire Interactive not found
C:\Program Files\Freemake not found
C:\Program Files\Trend Micro not found
C:\Program Files\Winamp not found
C:\Windows\system32\appdata deleted
C:\Program Files\Mozilla Firefox\user.js deleted
C:\user.js deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\PROGRA~2\hpqp.txt deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
C:\PROGRA~2\DVD.exe deleted
C:\PROGRA~2\Games.exe deleted
C:\PROGRA~2\Karaoke.exe deleted
C:\PROGRA~2\MobileTV.exe deleted
C:\PROGRA~2\MPV.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [03.05.2011 21:52]

==== Chromium Look ======================

Google Chrome Version: 41.0.2272.118 (Latest Stable version: 41.0.2272.118)

==== Chromium Fix ======================

C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 4\Local Storage\http_www.mystartsearch.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://www.google.com"
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_cs"

==== Reset Google Chrome ======================

C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 4\Preferences was reset successfully
C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 4\Secure Preferences was reset successfully
C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 4\Web Data was reset successfully
C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 4\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera deleted successfully
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp deleted successfully

==== Empty IE Cache ======================

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Jakub\AppData\Local\Google\Chrome\User Data\Profile 4\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=42 folders=14 15041753 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jakub\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Mark‚ta\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Jakub\AppData\Local\temp\9E2D00F8-BAB0-7891-BAD9-6EB056F1CF9E" not deleted
"C:\Users\Jakub\AppData\Local\temp\ibtmp7c69303" not deleted
"C:\Users\Jakub\AppData\Local\temp\ibtmp92fd302" not deleted
"C:\Users\Jakub\AppData\Local\temp\ibtmp94d3285" not deleted
"C:\Users\Jakub\AppData\Local\temp\ibtmpa27e462" not deleted
"C:\Users\Jakub\AppData\Local\temp\ibtmpc2f8301" not deleted
"C:\Users\Jakub\AppData\Local\temp\ibtmpdd36304" not deleted
"C:\Users\Jakub\AppData\Local\temp\is1373634743" not deleted
"C:\Users\Jakub\AppData\Local\temp\is1668783924" not deleted
"C:\Users\Jakub\AppData\Local\temp\is256538528" not deleted

==== EOF on ne 05.04.2015 at 9:59:31,00 ======================

- - - - - - - -- -- - -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:08, on 5.4.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wuauclt.exe
C:\Users\Markéta\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [popweb] "C:\Program Files\Max Software\Keylogger\scragent.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [GSplay.exe] C:\Users\Mark%c3%a9ta\Desktop\GSplay.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://F:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://F:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://F:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://F:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ScrKlgSvc - Unknown owner - C:\Program Files\Max Software\Keylogger\skgsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 8135 bytes

Příspěvekod **jaro3** » 05 dub 2015 11:27

Ten ext. disk připoj.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Berry · Příspěvekod **Berry** » 06 dub 2015 11:10

ComboFix 15-04-01.01 - Markéta 06.04.2015 10:39:22.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.1519 [GMT 2:00]
Spuštěný z: c:\users\MarkÚta\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\spsys.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-06 do 2015-04-06 )))))))))))))))))))))))))))))))
.
.
2015-04-06 08:53 . 2015-04-06 08:54 -------- d-----w- c:\users\Markéta\AppData\Local\temp
2015-04-06 08:53 . 2015-04-06 08:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-06 08:53 . 2015-04-06 08:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-05 07:51 . 2015-04-05 07:05 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-05 07:43 . 2015-04-05 07:43 -------- d-----w- c:\users\MarkÚta
2015-04-05 07:39 . 2015-04-05 07:59 -------- d-----w- C:\zoek
2015-04-04 09:50 . 2015-04-05 08:09 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-04 09:50 . 2015-04-04 12:09 -------- d-----w- c:\programdata\RogueKiller
2015-04-04 08:59 . 2015-04-04 08:59 -------- d-----w- C:\RegBackup
2015-04-03 13:16 . 2015-04-04 09:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-03 13:15 . 2015-04-03 13:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-03 13:15 . 2015-03-17 04:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-03 13:15 . 2015-03-17 04:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-03 13:15 . 2015-03-17 04:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-03 12:59 . 2015-04-04 08:51 -------- d-----w- C:\AdwCleaner
2015-04-02 22:20 . 2009-07-21 21:33 490496 ------w- c:\windows\system32\stapi32.dll
2015-03-28 22:52 . 2015-03-23 01:32 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3694F0B-4633-4DB7-8630-D715726D4E2A}\mpengine.dll
2015-03-23 18:41 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2015-03-23 18:41 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-03-23 18:41 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-03-23 18:39 . 2013-06-29 02:07 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-03-23 18:39 . 2013-06-29 02:07 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-03-23 18:39 . 2013-06-29 02:07 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-03-23 18:39 . 2013-06-29 02:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2015-03-23 18:39 . 2011-05-05 13:54 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-03-23 18:39 . 2011-05-05 13:54 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2015-03-23 18:38 . 2013-07-12 09:04 134272 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2015-03-23 18:38 . 2013-07-12 09:04 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2015-03-23 18:36 . 2013-07-03 02:33 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2015-03-23 18:36 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-28 13:24 . 2012-04-30 12:05 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-28 13:24 . 2011-12-03 22:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 03:23 . 2009-10-01 07:49 246920 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-09-16 2736128]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"popweb"="c:\program files\Max Software\Keylogger\scragent.exe" [2013-10-23 58880]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"WirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"SysTrayApp"=c:\program files\IDT\WDM\sttray.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="f:\program files\Winamp\winampa.exe"
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe"
.
R3 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-04 12:54 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-28 19:50]
.
2015-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-28 19:50]
.
2015-02-28 c:\windows\Tasks\HPCeeScheduleForJakub.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout Free Download Managerem - file://f:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://f:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://f:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://f:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: 4shared.com\www
Trusted Zone: blogspot.com\digifree
Trusted Zone: facebook.com\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
TCP: DhcpNameServer = 192.168.1.254
.
.
------- Asociace souborů -------
.
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKCU-Run-GSplay.exe - c:\users\Mark%c3%a9ta\Desktop\GSplay.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-06 10:54
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQuerySystemInformation
.
skenování skrytých procesů ...
.
c:\program files\Max Software\Keylogger\skgsvc.exe [2492] 0x899BE020
c:\program files\Max Software\Keylogger\scragent.exe [3228] 0x87857CC0
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2015-04-06 10:57:50
ComboFix-quarantined-files.txt 2015-04-06 08:57
.
Před spuštěním: Volných bajtů: 61 825 658 880
Po spuštění: Volných bajtů: 61 766 651 904
.
- - End Of File - - B164DE7CEA51E595089C906BD59A8826
85D751F0E41B8E520AEE8C07A8DA777B

Berry · Příspěvekod **Berry** » 06 dub 2015 11:23

Externí disk je stále zapojen, ale nezobrazuje se nikde. Nedá se otevřít. Jen v dolním pravém rohu na liště se ukazuje ikonka připojeného disku s možností odebrat hardware. Co s tím? Zkusila jsem dát do vedlejšího vstupu pro USB a nic. Nenačte se, nezobrazí.

Také se objevila ikonka: Nepodařilo se připojení ke službě systému Windows. Nelze se připojit ke službě Služba oznamování událostí systému. Tento problém brání limitovaným uživatelům v přihlašování do systému.

Příspěvekod **Orcus** » 06 dub 2015 19:57

Co se týče externího disku, prosím o screenshot ze Windows konzole "Správa disků".

Spuštění modulu Správa disků:
1. Přihlaste se jako správce nebo jako člen skupiny správců.
2. Klikněte na tlačítko Start a na příkaz Spustit, zadejte příkaz compmgmt.msc a pak klikněte na tlačítko OK.
3. Ve stromové struktuře konzoly klepněte na položku Správa disků. Zobrazí se okno Správa disků.

+

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

ClearJavaCache::

KillAll::

Quarantine::
c:\program files\Max Software\Keylogger\scragent.exe
c:\program files\Max Software\Keylogger\skgsvc.exe

File::
:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\HPCeeScheduleForJakub.job

Folder::
c:\program files\Google\Update\

DDS::
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout Free Download Managerem - file://f:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://f:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://f:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://f:\program files\Free Download Manager\dlall.htm
Trusted Zone: 4shared.com\www
Trusted Zone: blogspot.com\digifree
Trusted Zone: facebook.com\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading

RegLock::
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

====================================================

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Berry · Příspěvekod **Berry** » 12 dub 2015 18:59

Omlouvám se, že to tak trvalo. Byla jsem pryč.

Nevím, jak sem vložit ten screenshot.

ClearJavaCache::

KillAll::

Quarantine::
c:\program files\Max Software\Keylogger\scragent.exe
c:\program files\Max Software\Keylogger\skgsvc.exe

File::
:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\HPCeeScheduleForJakub.job

Folder::
c:\program files\Google\Update\

DDS::
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout Free Download Managerem - file://f:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://f:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://f:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://f:\program files\Free Download Manager\dlall.htm
Trusted Zone: 4shared.com\www
Trusted Zone: blogspot.com\digifree
Trusted Zone: facebook.com\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading

RegLock::
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.

- - - - - - - - -- - - - - -- -

ComboFix 15-04-01.01 - Markéta 12.04.2015 18:20:58.9.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.1544 [GMT 2:00]
Spuštěný z: c:\users\MarkÚta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\MarkÚta\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-03-12 do 2015-04-12 )))))))))))))))))))))))))))))))
.
.
2015-04-12 16:41 . 2015-04-12 16:41 -------- d-----w- c:\users\Markéta\AppData\Local\temp
2015-04-12 16:41 . 2015-04-12 16:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-12 16:41 . 2015-04-12 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-05 07:51 . 2015-04-05 07:05 24064 ----a-w- c:\windows\zoek-delete.exe
2015-04-05 07:43 . 2015-04-05 07:43 -------- d-----w- c:\users\MarkÚta
2015-04-05 07:39 . 2015-04-05 07:59 -------- d-----w- C:\zoek
2015-04-04 09:50 . 2015-04-05 08:09 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-04 09:50 . 2015-04-04 12:09 -------- d-----w- c:\programdata\RogueKiller
2015-04-04 08:59 . 2015-04-04 08:59 -------- d-----w- C:\RegBackup
2015-04-03 13:16 . 2015-04-04 09:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-03 13:15 . 2015-04-03 13:15 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-03 13:15 . 2015-03-17 04:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-03 13:15 . 2015-03-17 04:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-03 13:15 . 2015-03-17 04:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-03 12:59 . 2015-04-04 08:51 -------- d-----w- C:\AdwCleaner
2015-04-02 22:20 . 2009-07-21 21:33 490496 ------w- c:\windows\system32\stapi32.dll
2015-03-28 22:52 . 2015-03-23 01:32 9119072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3694F0B-4633-4DB7-8630-D715726D4E2A}\mpengine.dll
2015-03-23 18:41 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2015-03-23 18:41 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-03-23 18:41 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-03-23 18:39 . 2013-06-29 02:07 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-03-23 18:39 . 2013-06-29 02:07 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-03-23 18:39 . 2013-06-29 02:07 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-03-23 18:39 . 2013-06-29 02:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2015-03-23 18:39 . 2011-05-05 13:54 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-03-23 18:39 . 2011-05-05 13:54 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2015-03-23 18:38 . 2013-07-12 09:04 134272 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2015-03-23 18:38 . 2013-07-12 09:04 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2015-03-23 18:36 . 2013-07-03 02:33 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2015-03-23 18:36 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-28 13:24 . 2012-04-30 12:05 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-28 13:24 . 2011-12-03 22:57 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 03:23 . 2009-10-01 07:49 246920 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-09-16 2736128]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"VolPanel"="c:\program files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
"popweb"="c:\program files\Max Software\Keylogger\scragent.exe" [2013-10-23 58880]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"LightScribe Control Panel"=c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"WirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"DpAgent"=c:\program files\DigitalPersona\Bin\dpagent.exe
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"SysTrayApp"=c:\program files\IDT\WDM\sttray.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="f:\program files\Winamp\winampa.exe"
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe"
.
R3 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-04 12:54 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-28 19:50]
.
2015-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-03-28 19:50]
.
2015-02-28 c:\windows\Tasks\HPCeeScheduleForJakub.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 13:14]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - f:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Stáhnout Free Download Managerem - file://f:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://f:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://f:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://f:\program files\Free Download Manager\dlall.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: 4shared.com\www
Trusted Zone: blogspot.com\digifree
Trusted Zone: facebook.com\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-12 18:41
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQuerySystemInformation
.
skenování skrytých procesů ...
.
c:\program files\Max Software\Keylogger\skgsvc.exe [2432] 0x89A74020
c:\program files\Max Software\Keylogger\scragent.exe [904] 0x86004360
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2548)
c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
.
Celkový čas: 2015-04-12 18:46:01
ComboFix-quarantined-files.txt 2015-04-12 16:45
ComboFix2.txt 2015-04-06 08:57
.
Před spuštěním: Volných bajtů: 58 318 016 512
Po spuštění: Volných bajtů: 58 249 539 584
.
- - End Of File - - 1EFD990AC8E1706167184E3C34576C73
85D751F0E41B8E520AEE8C07A8DA777B

- - - - - - - - - -- - -- - -

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-04-12 18:53:01
-----------------------------
18:53:01.056 OS Version: Windows 6.0.6002 Service Pack 2
18:53:01.056 Number of processors: 2 586 0xF0D
18:53:01.057 ComputerName: NOTEBOOK_HP UserName: Markéta
18:53:04.837 Initialize success
18:53:04.877 VM: initialized successfully
18:53:04.879 VM: Intel CPU virtualization not supported
18:53:19.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:53:19.708 Disk 0 Vendor: WDC_WD32 13.0 Size: 305245MB BusType: 3
18:53:19.828 Disk 0 MBR read successfully
18:53:19.832 Disk 0 MBR scan
18:53:19.837 Disk 0 unknown MBR code
18:53:20.506 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 240802 MB offset 63
18:53:20.533 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 56523 MB offset 493164544
18:53:20.552 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7913 MB offset 608925696
18:53:20.585 Disk 0 scanning sectors +625131520
18:53:20.759 Disk 0 scanning C:\Windows\system32\drivers
18:53:27.127 Service scanning
18:53:37.583 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:53:41.358 Modules scanning
18:53:41.368 Disk 0 trace - called modules:
18:53:41.419 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll iaStor.sys spgc.sys >>UNKNOWN [0x866e0938]<<
18:53:41.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8798fac8]
18:53:41.429 3 CLASSPNP.SYS[8b5188b3] -> nt!IofCallDriver -> [0x8788c470]
18:53:41.434 5 hpdskflt.sys[8c3aef92] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86d96028]
18:53:41.439 Disk 0 statistics 105577/0/0 @ 7,50 MB/s
18:53:41.445 Scan finished successfully
18:53:55.377 Disk 0 MBR has been saved successfully to "C:\Users\Markéta\Desktop\MBR.dat"
18:53:55.392 The log file has been saved successfully to "C:\Users\Markéta\Desktop\aswMBR.txt"

Prosím o kontrolu logu Vyřešeno

Prosím o kontrolu logu Vyřešeno

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online