Prosím o kontrolu logu

[DeNNI85]

Zdravim, u pritelkyne na notebooku porad vyskakuji reklamy v chormu na casina, nejaky debilni hry apod. Avast nic nenasel, tak to bude chtit neco ucinejsiho. Muzete mrknout na log nize? Díky moc za pomoc.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:15:28, on 7.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Stažené\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení k účtu Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotaçoes Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotaçoes Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Users\Leniska\AppData\Local\Linkey\IEEXTE~1\iedll.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SmdmF Service (SmdmFService) - Aztec Media Inc - C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9021 bytes

[Reklama]

[DeNNI85]

Dále jsem spustil TFC:

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Leniska
->Temp folder emptied: 2234158 bytes
->Temporary Internet Files folder emptied: 1550976 bytes
->Google Chrome cache emptied: 370402234 bytes
->Flash cache emptied: 348 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 528850 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2909859 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 360,00 mb

[DeNNI85]

adcelaner:
# AdwCleaner v3.311 - Report created 07/11/2014 at 16:52:56
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Leniska - LENISKA-PC
# Running from : D:\STAŽENÉ\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****

Service Found : F06DEFF2-5B9C-490D-910F-35D3A9119622
Service Found : SmdmFService

***** [ Files / Folders ] *****

File Found : C:\Users\Leniska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Leniska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Internet Speed Checker
Folder Found : C:\Program Files (x86)\Internet Speed Checker
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\smdmf
Folder Found : C:\Users\Leniska\AppData\Local\globalUpdate
Folder Found : C:\Users\Leniska\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Folder Found : C:\Users\Leniska\AppData\Roaming\Systweak

***** [ Scheduled Tasks ] *****

Task Found : LaunchSignup
Task Found : f87c70cb-49ad-40f9-80ab-7d9c384f2885-1
Task Found : f87c70cb-49ad-40f9-80ab-7d9c384f2885-11
Task Found : f87c70cb-49ad-40f9-80ab-7d9c384f2885-2
Task Found : f87c70cb-49ad-40f9-80ab-7d9c384f2885-4
Task Found : f87c70cb-49ad-40f9-80ab-7d9c384f2885-5
Task Found : f87c70cb-49ad-40f9-80ab-7d9c384f2885-5_user
Task Found : f87c70cb-49ad-40f9-80ab-7d9c384f2885-6
Task Found : f87c70cb-49ad-40f9-80ab-7d9c384f2885-7

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\Leniska\AppData\Local\Linkey\IEEXTE~1\iedll.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\Users\Leniska\AppData\Local\Linkey\IEEXTE~1\iedll64.dll
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Internet Speed Checker
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Key Found : HKCU\Software\SmdmF
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Linkey
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Key Found : [x64] HKCU\Software\SmdmF
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Internet Speed Checker
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\SmdmF
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Leniska\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [8701 octets] - [07/11/2014 16:52:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8761 octets] ##########

[DeNNI85]

a poslední:
RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Leniska [Práva správce]
Mód : Prohledat -- Datum : 11/07/2014 17:02:12

¤¤¤ Procesy : 2 ¤¤¤
[PUP] (SVC) F06DEFF2-5B9C-490D-910F-35D3A9119622 -- \??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg[7] -> ERROR [41c]
[PUP] (SVC) SmdmFService -- C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe[7] -> ERROR [41c]

¤¤¤ Registry : 24 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622 (\??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SmdmFService (C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622 (\??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmdmFService (C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622 (\??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SmdmFService (C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe) -> Nalezeno
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3206257428-2509158748-1124933141-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3206257428-2509158748-1124933141-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{04D9B916-8E97-40CB-B2A4-6BDD40D48E4C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0DB4C4F8-789D-4EBE-8405-5CDDF25E5C80} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{04D9B916-8E97-40CB-B2A4-6BDD40D48E4C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0DB4C4F8-789D-4EBE-8405-5CDDF25E5C80} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{04D9B916-8E97-40CB-B2A4-6BDD40D48E4C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0DB4C4F8-789D-4EBE-8405-5CDDF25E5C80} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\Users\Leniska\AppData\Local\Linkey\IEEXTE~1\iedll64.dll -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\Users\Leniska\AppData\Local\Linkey\IEEXTE~1\iedll.dll -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 91 (Driver: Nahrán) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff885ad850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x703b0 (jmp 0xffffffff885aed60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff885aed20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff885aeba0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x70490 (jmp 0xffffffff885ae300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff885aee70)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff885aec30)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x703a0 (jmp 0xffffffff885ae870)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x70400 (jmp 0xffffffff885adc20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff885aebc0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff885aee60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff885ad850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x704a0 (jmp 0xffffffff885ae300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff885af0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x70350 (jmp 0xffffffff885ae730)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff885aeba0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff885aed20)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff885af0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff885aebc0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x70320 (jmp 0xffffffff885aed00)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x703b0 (jmp 0xffffffff885aed60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff885aee60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff885aee70)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff885aec30)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x702b0 (jmp 0xffffffff885ae5a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x702c0 (jmp 0xffffffff885ae030)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x70290 (jmp 0xffffffff885ae610)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x702a0 (jmp 0xffffffff885ae060)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x70330 (jmp 0xffffffff885ae5f0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x70340 (jmp 0xffffffff885ae070)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x703d0 (jmp 0xffffffff885ae6a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x703f0 (jmp 0xffffffff885aec10)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x70380 (jmp 0xffffffff885ae0c0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x70430 (jmp 0xffffffff885ad9a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x70490 (jmp 0xffffffff885ae300)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x703f0 (jmp 0xffffffff885aec10)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff885aeba0)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff885aed20)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff885ad850)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff885af0a0)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff885aee70)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff885ae980)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff885aebc0)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x70440 (jmp 0xffffffff885ade80)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x70280 (jmp 0xffffffff885ad700)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff885aebc0)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x70280 (jmp 0xffffffff885ad700)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff885af0a0)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff885aee70)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff885af0a0)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff885ae980)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff885aec30)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff885af0a0)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff885aebc0)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x70320 (jmp 0xffffffff885aed00)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x70390 (jmp 0xffffffff885aed20)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff885aec30)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff885aee60)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff885aee70)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff885aebc0)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff885af0a0)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff885aec30)
[IAT:Inl] (explorer.exe @ cscapi.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff885aeba0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x70340 (jmp 0xffffffff885ae070)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenThread : Unknown @ 0x70380 (jmp 0xffffffff885ae0c0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x702c0 (jmp 0xffffffff885ae030)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x70320 (jmp 0xffffffff885aed00)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff885aee60)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x702a0 (jmp 0xffffffff885ae060)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEventPair : Unknown @ 0x70300 (jmp 0xffffffff885ae130)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff885aec30)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff885af0a0)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x70310 (jmp 0xffffffff885aebc0)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x70450 (jmp 0xffffffff885af0a0)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff885aec30)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff885ae980)
[IAT:Inl] (explorer.exe @ tiptsf.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff885ae980)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x70370 (jmp 0xffffffff885aee60)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x701f0 (jmp 0xffffffff885ad850)
[IAT:Inl] (explorer.exe @ es.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff885aec30)
[IAT:Inl] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff885ae980)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff885aee70)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x701e0 (jmp 0xffffffff885ae140)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff885aeba0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x70330 (jmp 0xffffffff885ae5f0)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x702e0 (jmp 0xffffffff885aec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x70480 (jmp 0xffffffff885ae980)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x702d0 (jmp 0xffffffff885aeba0)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff885aee70)
[IAT:Inl] (explorer.exe @ bcrypt.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff885aee70)
[IAT:Inl] (explorer.exe @ bcryptprimitives.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x703e0 (jmp 0xffffffff885aee70)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++
--- User ---
[MBR] 8be76a6876c45e22a5eab544fac4e82e
[BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99900 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 MB
User = LL1 ... OK
User = LL2 ... OK

[DeNNI85]

Smazal jsem co našel ADWclenaer a po restartu to vypsalo tento log:

AdwCleaner v3.311 - Report created 07/11/2014 at 17:05:09
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Leniska - LENISKA-PC
# Running from : D:\STAŽENÉ\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Service Deleted : SmdmFService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\smdmf
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files (x86)\Internet Speed Checker
Folder Deleted : C:\Users\Leniska\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Leniska\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Leniska\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Leniska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Leniska\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchSignup
Task Deleted : f87c70cb-49ad-40f9-80ab-7d9c384f2885-1
Task Deleted : f87c70cb-49ad-40f9-80ab-7d9c384f2885-11
Task Deleted : f87c70cb-49ad-40f9-80ab-7d9c384f2885-2
Task Deleted : f87c70cb-49ad-40f9-80ab-7d9c384f2885-4
Task Deleted : f87c70cb-49ad-40f9-80ab-7d9c384f2885-5
Task Deleted : f87c70cb-49ad-40f9-80ab-7d9c384f2885-5_user
Task Deleted : f87c70cb-49ad-40f9-80ab-7d9c384f2885-6
Task Deleted : f87c70cb-49ad-40f9-80ab-7d9c384f2885-7

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174452}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172252}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175552}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176652}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\SmdmF
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Internet Speed Checker
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\Internet Speed Checker
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Leniska\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [8893 octets] - [07/11/2014 16:52:56]
AdwCleaner[R1].txt - [8653 octets] - [07/11/2014 17:04:25]
AdwCleaner[S0].txt - [8020 octets] - [07/11/2014 17:05:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8080 octets] ##########

otravné reklamy zmizely, tak snad je to čistý.

[jaro3]

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[DeNNI85]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Home Premium x64
Ran by Leniska on p  07.11.2014 at 22:53:54,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{66A2EE12-ECB3-4FC8-BF50-2CD7222F3161}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  07.11.2014 at 22:58:18,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[DeNNI85]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7.11.2014
Scan Time: 23:02:09
Logfile: am.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.07.06
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Leniska

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 308167
Time Elapsed: 17 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, , [668cb8808af275c105c23dfdb053be42],
PUP.Optional.InternetSpeedChecker, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Internet Speed Checker, , [46ac0a2e4a3281b5fb60e15b778cc43c],

Registry Values: 2
PUP.Optional.SettingsManager, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x64, c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll, , [d41eef49c9b352e470dd4ef0788b29d7]
PUP.Optional.SettingsManager, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER\APPCERTDLLS|x86, c:\program files (x86)\settings manager\smdmf\sysapcrt.dll, , [6d8576c25923a195ce7fd46a7192a957]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Linkey.A, C:\Users\Leniska\AppData\Roaming\RHEng\8906961EF4284010B8CD3BB75D5D4C26\SettingsManagerSetup.exe, , [a052a494c0bcdc5a2af99b04976a659b],

Physical Sectors: 0
(No malicious items detected)


(end)

[jaro3]

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[DeNNI85]

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Leniska [Práva správce]
Mód : Prohledat -- Datum : 11/08/2014 11:32:53

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3206257428-2509158748-1124933141-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3206257428-2509158748-1124933141-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{04D9B916-8E97-40CB-B2A4-6BDD40D48E4C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0DB4C4F8-789D-4EBE-8405-5CDDF25E5C80} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{04D9B916-8E97-40CB-B2A4-6BDD40D48E4C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0DB4C4F8-789D-4EBE-8405-5CDDF25E5C80} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{04D9B916-8E97-40CB-B2A4-6BDD40D48E4C} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0DB4C4F8-789D-4EBE-8405-5CDDF25E5C80} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 89 (Driver: Nahrán) ¤¤¤
[IAT:Inl] (explorer.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77b101f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x77b103b0 (jmp 0x15ed60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77b10390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77b102d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x77b10490 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77b103e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77b102e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtAssignProcessToJobObject : Unknown @ 0x77b103a0 (jmp 0x15e870)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetContextThread : Unknown @ 0x77b10400 (jmp 0x15dc20)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77b10310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77b10370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77b101f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtNotifyChangeMultipleKeys : Unknown @ 0x77b104a0 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ kernel32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77b10450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateIoCompletion : Unknown @ 0x77b10350 (jmp 0x15e730)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77b102d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77b10390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77b10450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77b10310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77b10320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x77b103b0 (jmp 0x15ed60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77b10370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77b103e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77b102e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateSemaphore : Unknown @ 0x77b102b0 (jmp 0x15e5a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x77b102c0 (jmp 0x15e030)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateMutant : Unknown @ 0x77b10290 (jmp 0x15e610)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x77b102a0 (jmp 0x15e060)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x77b10330 (jmp 0x15e5f0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x77b10340 (jmp 0x15e070)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtCreateThreadEx : Unknown @ 0x77b103d0 (jmp 0x15e6a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x77b103f0 (jmp 0x15ec10)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtOpenThread : Unknown @ 0x77b10380 (jmp 0x15e0c0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtSuspendThread : Unknown @ 0x77b10430 (jmp 0x15d9a0)
[IAT:Inl] (explorer.exe @ KERNELBASE.dll) ntdll.dll - NtNotifyChangeKey : Unknown @ 0x77b10490 (jmp 0x15e300)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtTerminateThread : Unknown @ 0x77b103f0 (jmp 0x15ec10)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77b102d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtDuplicateObject : Unknown @ 0x77b10390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77b101f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ ADVAPI32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77b10450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ sechost.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77b103e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77b10480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77b10310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ RPCRT4.dll) ntdll.dll - NtQueueApcThreadEx : Unknown @ 0x77b10440 (jmp 0x15de80)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x77b10280 (jmp 0x15d700)
[IAT:Inl] (explorer.exe @ GDI32.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77b10310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ USER32.dll) ntdll.dll - NtVdmControl : Unknown @ 0x77b10280 (jmp 0x15d700)
[IAT:Inl] (explorer.exe @ SHELL32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77b10450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77b103e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ ole32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77b10450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ MSCTF.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77b10480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ UxTheme.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77b102e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ SETUPAPI.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77b10450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ dwmapi.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77b10310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ Secur32.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77b10320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtDuplicateObject : Unknown @ 0x77b10390 (jmp 0x15ed20)
[IAT:Inl] (explorer.exe @ SSPICLI.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x77b102e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77b10370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ WINSTA.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77b103e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77b10310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ apphelp.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77b10450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ CLBCatQ.DLL) ntdll.dll - NtOpenEvent : Unknown @ 0x77b102e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ cscapi.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77b102d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenTimer : Unknown @ 0x77b10340 (jmp 0x15e070)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenThread : Unknown @ 0x77b10380 (jmp 0x15e0c0)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSemaphore : Unknown @ 0x77b102c0 (jmp 0x15e030)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenSection : Unknown @ 0x77b10320 (jmp 0x15ed00)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77b10370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenMutant : Unknown @ 0x77b102a0 (jmp 0x15e060)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEventPair : Unknown @ 0x77b10300 (jmp 0x15e130)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77b102e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ ntmarta.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77b10450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ gameux.dll) ntdll.dll - NtCreateSection : Unknown @ 0x77b10310 (jmp 0x15ebc0)
[IAT:Inl] (explorer.exe @ CRYPT32.dll) ntdll.dll - NtQueryObject : Unknown @ 0x77b10450 (jmp 0x15f0a0)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77b102e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ wer.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77b10480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ tiptsf.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77b10480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtOpenProcess : Unknown @ 0x77b10370 (jmp 0x15ee60)
[IAT:Inl] (explorer.exe @ authui.dll) ntdll.dll - NtSetSystemInformation : Unknown @ 0x77b101f0 (jmp 0x15d850)
[IAT:Inl] (explorer.exe @ es.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77b102e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ AUDIOSES.DLL) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77b10480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ NSI.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77b103e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77b102d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ WINMM.dll) ntdll.dll - NtCreateTimer : Unknown @ 0x77b10330 (jmp 0x15e5f0)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtOpenEvent : Unknown @ 0x77b102e0 (jmp 0x15ec30)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtAlpcSendWaitReceivePort : Unknown @ 0x77b10480 (jmp 0x15e980)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtCreateEvent : Unknown @ 0x77b102d0 (jmp 0x15eba0)
[IAT:Inl] (explorer.exe @ AVRT.dll) ntdll.dll - NtTerminateProcess : Unknown @ 0x77b103e0 (jmp 0x15ee70)
[IAT:Inl] (explorer.exe @ WS2_32.dll) ntdll.dll - NtLoadDriver : Unknown @ 0x77b101e0 (jmp 0x15e140)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++
--- User ---
[MBR] 8be76a6876c45e22a5eab544fac4e82e
[BSP] baa58400c4105655dd5a43eaed9ccc63 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99900 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_11072014_170251.log - RKreport_DEL_11072014_170306.log - RKreport_SCN_11072014_170212.log

[DeNNI85]

MBam zasílám printscreen, žádnou zprávu mi to nevyhodilo. smazal jsem vše co to našlo.

[jaro3]

MbAM udělej znovu.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.