Kontrola logu Vyřešeno

[astupka]

Zdravím,
byl jsem se m odkázán z BSOD sekce pro vyloučení nějaké havěti. log viz v textu, snad jsem ho udělal dobře. Děkuji

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:47:58, on 5.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
D:\Programy\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
D:\Users\Ales\AppData\Roaming\Seznam.cz\bin\postak.exe
D:\Programy\QuietHDD 1.5 build 250\quietHDD.exe
D:\Programy\EgisTec BioExcess\BioExcess\EgisTSR.exe
D:\Programy\DropboxPortableHome\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Programy\DropboxPortableServis\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Programy\Mozilla Firefox\firefox.exe
D:\Programy\DropboxPortableAles\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Programy\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
D:\Users\Ales\Desktop\hijackthis.exe
C:\Windows\syswow64\MsiExec.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru/?utm_source=qip2012&utm_m ... 2012_start
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru/?utm_source=qip2012&utm_m ... 2012_start
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - D:\Programy\EgisTec BioExcess\BioExcess\EgisPBIE.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VitaKeyTSR] D:\Programy\EgisTec BioExcess\BioExcess\EgisTSR.exe /run
O4 - HKCU\..\Run: [Seznam Postak] "D:\Users\Ales\AppData\Roaming\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [Yodm3D] D:\Programy\Yodm3D\Yodm3D.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox Ales.lnk = D:\Programy\DropboxPortableAles\DropboxPortableAHK.exe
O4 - Startup: Dropbox Home.lnk = D:\Programy\DropboxPortableHome\DropboxPortableAHK.exe
O4 - Startup: DropboxServis.exe.lnk = D:\Programy\DropboxPortableServis\DropboxPortableAHK.exe
O4 - Startup: quietHDD.exe.lnk = D:\Programy\QuietHDD 1.5 build 250\quietHDD.exe
O4 - Startup: SSD Life.lnk = D:\Programy\SSDlife\ssdlife.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\Programy\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: d:\programy\national instruments\shared\mdns responder\nimdnsnsp.dll
O23 - Service: ABBYY FineReader 11 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.11.0) - ABBYY - D:\Programy\ABBYY FineReader 11\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - D:\Programy\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corp. - D:\Programy\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - D:\Programy\EgisTec BioExcess\BioExcess\EgisService.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\Program Files (x86)\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Unknown owner - C:\Windows\system32\imdsksvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - D:\Programy\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - D:\Programy\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - D:\Programy\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: National Instruments mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - D:\Programy\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI System Web Server (niSvcLoc) - National Instruments Corporation - D:\Programy\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: NetLimiter 4 Service (nlsvc) - Locktime Software - D:\Programy\NetLimiter 4\NLSvc.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Programy\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Služba zařazování tisku (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Ochrana softwaru (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility Service (XTU3SERVICE) - Intel(R) Corporation - C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe

--
End of file - 11555 bytes

[Reklama]

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[astupka]

OK, výpis z adwcleaneru viz níže, nicméně malwarebytes anti-malware mi po scanu žádné hrozby nevypsal, prý vše v pořádku...

# AdwCleaner v4.111 - Logfile created 05/03/2015 at 11:01:09
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Ales - ALES-PC
# Running from : D:\Users\Ales\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\ytd video downloader
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : D:\Users\Ales\AppData\Local\Plus500
Folder Deleted : D:\Users\Ales\AppData\Roaming\ParetoLogic
Folder Deleted : D:\Users\Ales\AppData\Roaming\pdfforge
Folder Deleted : D:\Users\Ales\AppData\Roaming\IHlpr
Folder Deleted : D:\Users\Ales\AppData\Roaming\Mozilla\Firefox\Profiles\s445h79f.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File Deleted : D:\Users\Ales\AppData\Roaming\Mozilla\Firefox\Profiles\s445h79f.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]

-\\ Mozilla Firefox v35.0.1 (x86 cs)


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [2759 bytes] - [05/03/2015 10:54:42]
AdwCleaner[S0].txt - [2193 bytes] - [05/03/2015 11:01:09]

########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [2252 bytes] ##########

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[astupka]

1)
# AdwCleaner v4.111 - Logfile created 05/03/2015 at 19:07:00
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Ales - ALES-PC
# Running from : D:\Users\Ales\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v35.0.1 (x86 cs)


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R2].txt - [781 bytes] - [05/03/2015 19:04:13]
AdwCleaner[S2].txt - [709 bytes] - [05/03/2015 19:07:00]

########## EOF - D:\AdwCleaner\AdwCleaner[S2].txt - [767 bytes] ##########





2)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional x64
Ran by Ales on źt 05.03.2015 at 19:09:36,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "D:\Users\Ales\AppData\Roaming\thinstall"
Successfully deleted: [Folder] "D:\Users\Ales\appdata\local\thinstall"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 05.03.2015 at 19:16:51,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





3)
RogueKiller V10.5.1.0 (x64) [Mar 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Ales [Práva správce]
Started from : D:\Users\Ales\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 03/05/2015 19:24:14

¤¤¤ Procesy : 5 ¤¤¤
[Suspicious.Path] postak.exe(4000) -- D:\Users\Ales\AppData\Roaming\Seznam.cz\bin\postak.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] Dropbox.exe(4876) -- D:\Programy\DropboxPortableHome\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe[-] -> Zastaveno [TermProc]
[Suspicious.Path] Dropbox.exe(4972) -- D:\Programy\DropboxPortableServis\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe[-] -> Zastaveno [TermProc]
[Suspicious.Path] Dropbox.exe(5036) -- D:\Programy\DropboxPortableAles\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe[-] -> Zastaveno [TermProc]
[Suspicious.Path] explorer.exe(5596) -- D:\Programy\DropboxPortableAles\.dbfiles\profile\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll[7] -> Uvolněno

¤¤¤ Registry : 30 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" | (default) : {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" | (default) : {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" | (default) : {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" | (default) : {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" | (default) : {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" | (default) : {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" | (default) : {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" | (default) : {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" | (default) : {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" | (default) : {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" | (default) : {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" | (default) : {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" | (default) : {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" | (default) : {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" | (default) : {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" | (default) : {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> Nalezeno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Run | Seznam Postak : "D:\Users\Ales\AppData\Roaming\Seznam.cz\bin\postak.exe" -s -> Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Run | Seznam Postak : "D:\Users\Ales\AppData\Roaming\Seznam.cz\bin\postak.exe" -s -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \\Intel(R) Rapid Start Technology Manager -- D:\Users\Ales\Desktop\Intel Rapid Start Technology Driver 4.0.0.1068 (30.06.2014)\Intel_rst\GUI\RapidStartConfig.exe -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 genuine.microsoft.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 sls.microsoft.com

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WDFLDR.SYS - IRP_MJ_CREATE[0] : Unknown @ 0x66ab2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WDFLDR.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0x66ab2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WDFLDR.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x66ab2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WDFLDR.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x66ab2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WDFLDR.SYS - IRP_MJ_POWER[22] : Unknown @ 0x66ab2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WDFLDR.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x66ab2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\WDFLDR.SYS - IRP_MJ_PNP[27] : Unknown @ 0x66ab2c0

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] s445h79f.default : user_pref("browser.startup.homepage", "chrome://speeddial/content/speeddial.xul"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 21bcabbb26247e6505bdf97a72d61424
[BSP] 7cdd61b80a227ee346f9263441f776bb : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 327681 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 671092736 | Size: 512002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1719672832 | Size: 63046 MB
3 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 1848792330 | Size: 51136 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] e68dd7337a98974bc4540ca0e3cea013
[BSP] 800e348367034d36a2c541576c36ac62 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: KINGSTON SV300S37A120G ATA Device +++++
--- User ---
[MBR] 2d33ab6fe0d51161b344cb0cfb79920e
[BSP] cb2739ff4fd372e8cad6a2176c654e3c : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1638 MB [Unknown Bootstrap | Unknown Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3356672 | Size: 112832 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Generic Storage Device USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: SanDisk Extreme USB Device +++++
--- User ---
[MBR] befa08b08105031931d176845bf53364
[BSP] 7a042195d0c143a9e9af247664d0f242 : Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 29917 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

[astupka]

1)

RogueKiller V10.5.1.0 (x64) [Mar 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Ales [Práva správce]
Started from : D:\Users\Ales\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 03/06/2015 11:10:33

¤¤¤ Procesy : 2 ¤¤¤
[Suspicious.Path] explorer.exe(3208) -- D:\Programy\DropboxPortableAles\.dbfiles\profile\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll[7] -> Uvolněno
[Suspicious.Path] explorer.exe(3548) -- D:\Programy\DropboxPortableAles\.dbfiles\profile\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll[7] -> Uvolněno

¤¤¤ Registry : 30 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" | (default) : {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" | (default) : {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" | (default) : {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" | (default) : {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" | (default) : {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" | (default) : {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" | (default) : {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" | (default) : {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1" | (default) : {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2" | (default) : {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3" | (default) : {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4" | (default) : {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5" | (default) : {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6" | (default) : {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7" | (default) : {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8" | (default) : {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} -> Smazáno
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Run | Seznam Postak : "D:\Users\Ales\AppData\Roaming\Seznam.cz\bin\postak.exe" -s [7][x] -> Smazáno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Run | Seznam Postak : "D:\Users\Ales\AppData\Roaming\Seznam.cz\bin\postak.exe" -s -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nahrazeno (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-194089544-3378924502-1467466070-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \\Intel(R) Rapid Start Technology Manager -- D:\Users\Ales\Desktop\Intel Rapid Start Technology Driver 4.0.0.1068 (30.06.2014)\Intel_rst\GUI\RapidStartConfig.exe -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 genuine.microsoft.com -> Smazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.com -> Smazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 sls.microsoft.com -> Smazáno

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\SCSIPORT.SYS - IRP_MJ_CREATE[0] : Unknown @ 0x673a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\SCSIPORT.SYS - IRP_MJ_CLOSE[2] : Unknown @ 0x673a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\SCSIPORT.SYS - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x673a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\SCSIPORT.SYS - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x673a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\SCSIPORT.SYS - IRP_MJ_POWER[22] : Unknown @ 0x673a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\SCSIPORT.SYS - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x673a2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\SCSIPORT.SYS - IRP_MJ_PNP[27] : Unknown @ 0x673a2c0

¤¤¤ Webové prohlížeče : 13 ¤¤¤
[IE:Addon] System : Adobe Acrobat Create PDF Toolbar [{47833539-D0C5-4125-9FA8-0819E2EAAC93}] -> Smazáno
[FIREFX:Addon] s445h79f.default : ViewMarks [{7443739c-bff6-4af0-aea5-7ed29006966c}] -> Smazáno
[FIREFX:Addon] s445h79f.default : Turn Off the Lights [stefanvandamme@stefanvd.net] -> Smazáno
[FIREFX:Addon] s445h79f.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] s445h79f.default : Flash Video Downloader - YouTube HD Download [4K] [artur.dubovoy@gmail.com] -> Smazáno
[FIREFX:Addon] s445h79f.default : Speed Dial [{64161300-e22b-11db-8314-0800200c9a66}] -> Smazáno
[FIREFX:Addon] s445h79f.default : Tab Mix Plus [{dc572301-7619-498c-a57d-39143191b318}] -> Smazáno
[FIREFX:Addon] s445h79f.default : Save File to [savefileto@mozdev.org] -> Smazáno
[FIREFX:Addon] s445h79f.default : S3.Google Translator [s3google@translator] -> Smazáno
[FIREFX:Addon] s445h79f.default : Download Flash and Video [{bee6eb20-01e0-ebd1-da83-080329fb9a3a}] -> Smazáno
[FIREFX:Addon] s445h79f.default : Adobe Acrobat - Create PDF [web2pdfextension@web2pdf.adobedotcom] -> Smazáno
[FIREFX:Addon] s445h79f.default : Online Accounts Extension [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] -> Smazáno
[PUM.HomePage][FIREFX:Config] s445h79f.default : user_pref("browser.startup.homepage", "chrome://speeddial/content/speeddial.xul"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 ATA Device +++++
--- User ---
[MBR] 21bcabbb26247e6505bdf97a72d61424
[BSP] 7cdd61b80a227ee346f9263441f776bb : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 327681 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 671092736 | Size: 512002 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1719672832 | Size: 63046 MB
3 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 1848792330 | Size: 51136 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: KINGSTON SV300S37A120G ATA Device +++++
--- User ---
[MBR] 2d33ab6fe0d51161b344cb0cfb79920e
[BSP] cb2739ff4fd372e8cad6a2176c654e3c : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1638 MB [Unknown Bootstrap | Unknown Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3356672 | Size: 112832 MB [Unknown Bootstrap | Unknown Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] e68dd7337a98974bc4540ca0e3cea013
[BSP] 800e348367034d36a2c541576c36ac62 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: Generic Storage Device USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )


============================================
RKreport_SCN_03052015_192414.log - RKreport_SCN_03062015_110745.log











2)


Zoek.exe v5.0.0.0 Updated 05-March-2015
Tool run by Ales on p  06.03.2015 at 11:12:58,64.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\Ales\Desktop\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6.3.2015 11:15:00 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\DassaultSystemes deleted successfully
D:\Users\Ales\AppData\Roaming\DassaultSystemes deleted successfully
D:\Users\Ales\AppData\Roaming\EDrawings deleted successfully
D:\Users\Ales\AppData\Roaming\EurekaLog deleted successfully
D:\Users\Ales\AppData\Roaming\JAM Software deleted successfully
D:\Users\Ales\AppData\Roaming\Opera deleted successfully
D:\Users\Ales\AppData\Roaming\Opera Software deleted successfully
D:\Users\Ales\AppData\Roaming\Vso deleted successfully
D:\Users\Ales\AppData\Local\Opera deleted successfully
D:\Users\Ales\AppData\Local\Opera Software deleted successfully
D:\Users\Ales\AppData\Local\PACE Anti-Piracy deleted successfully
D:\Users\Ales\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from D:\Users\Ales\AppData\Roaming\Mozilla\Firefox\Profiles\s445h79f.default\prefs.js:
user_pref("browser.search.suggest.enabled", false);

Added to D:\Users\Ales\AppData\Roaming\Mozilla\Firefox\Profiles\s445h79f.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

D:\Users\Ales\AppData\Roaming\ProductData deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
D:\Users\Ales\AppData\Local\HWVendorDetection.log deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\restore srh icons.vbs deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
D:\Users\Ales\AppData\Roaming\Mozilla\Firefox\Profiles\s445h79f.default\searchplugins\qipsearch.xml deleted
D:\Users\Ales\AppData\Roaming\Mozilla\Firefox\Profiles\s445h79f.default\Invalidprefs.js deleted

==== Firefox Start and Search pages ======================

ProfilePath: D:\Users\Ales\AppData\Roaming\Mozilla\Firefox\Profiles\s445h79f.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}"="D:\Programy\EgisTec BioExcess\BioExcess\FFExt" [20.02.2015 09:13]

==== Firefox Extensions ======================

==== Firefox Plugins ======================

Profilepath: D:\Users\Ales\AppData\Roaming\Mozilla\Firefox\Profiles\s445h79f.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
559E8D42BE485208F1C4BB294D6840A4 - D:\Programy\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6
5D4279248A0E506CF007BD51EBF74CEA - D:\Programy\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6
F9DE379CE8A782530A4FA0B731F3A49B - D:\Programy\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6
049BD7AD3B94F24FA274ED1F7FC5871B - D:\Programy\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6
D937A4645EFF8CB4F123E3C899C052B2 - D:\Programy\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6
9DF0C4F0CEF60158614EDD1B3AB441EE - D:\Programy\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll - Adobe Acrobat
0806948270D853B709CCBBF38AF167E4 - D:\Programy\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9DF0C4F0CEF60158614EDD1B3AB441EE - D:\Programy\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat


==== Chromium Look ======================

Google Chrome Version: 40.0.2214.115 (Possible outdated, latest Stable version: 41.0.2272.76)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - D:\Programy\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[03.12.2014 07:31]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

D:\Users\Ales\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
D:\Users\Ales\AppData\Local\Vivaldi\User Data\Default\Preferences was reset successfully
D:\Users\Ales\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
D:\Users\Ales\AppData\Local\Vivaldi\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Users\Ales\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
D:\Users\Ales\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
D:\Users\Ales\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

D:\Users\Ales\AppData\Local\Mozilla\Firefox\Profiles\s445h79f.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

D:\Users\Ales\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
D:\Users\Ales\AppData\Local\Vivaldi\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=16 folders=15 41367728 bytes)

==== Empty Temp Folders ======================

D:\Users\Ales\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"D:\Users\Ales\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on p  06.03.2015 at 11:41:09,34 ======================

[astupka]

Ještě, abych nezapoměl, během toho druhého testu ZOEKu mi to během scanu vyhodilo hlášku, že program DaS21 přestal pracovat, ale jinak scan jel dál. Jinak žádné problémy nebyly

[memphisto]

Jak to vypadá s chodem PC? Problémy?

[astupka]

No, jak jsem psal hned v úvodu...

- byl jsem sem odkázán z BSOD sekce, aby se vyloučila nějaká havěť v PC... (viewtopic.php?f=118&t=150744)

- v podstatě jsem měl původně problém s BSOD - patrně, jak mi bylo sděleno, ve vnitřním časovači CPU, a pak další - podle odborníků v BSOD - zřejmě hw v ovladačích - moc tomu nerozumím, ale zřejmě BSOD neukazuje na nic konkrétního (konkrétní ovladač), tak mě odkázali právě sem, jestli se tam nenajde nějaká havěť.

Doufám, že jsem to napsal dobře a nepíšu info v rozporu s BSOD týmem.

[Orcus]

A BSOD tedy trvá nebo ne?

[astupka]

No, pravda, že včera ani dnes zatím žádná :)