HJT - Zamrzávání touchpadu a občas vypínání ntb Vyřešeno

[CZechBoY]

Zdravím,
tak po krátké době tu mám zase na kontrolu ntb.
Vůbec nechápu kde jsem mohl nabrat vir když poslední dobou skoro jen pracuji

Zapl jsem zkušební ochranu v MbAM (myslíte že je dobrá na to abych ji platil?) a identifikoval jsem nějaký přístup k ip 111.111.111.111 programem KMPlayer, konkrétně Pandora.tv - víte o tom někdo něco?

Už jsem udělal výmaz v MbAM a včera provedl kompletní test (ten byl negativní).
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2013.10.08.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
czech_000 :: NTB [administrátor]

8. 10. 2013 12:16:04
mbam-log-2013-10-08 (12-16-04).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 230498
Uplynulý čas: 4 minut, 36 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Users\czech_000\AppData\Local\temp\KMP_3.7.0.109.exe (PUP.Optional.Softonic) -> Přesun do karantény a smazání se zdařilo.

(konec)

HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:35:19, on 12. 10. 2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files (x86)\FeedDemon\FeedDemon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Program Files (x86)\QIP Infium\infium.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera_crashreporter.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 46.28.105.86 dilysos.cz
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - D:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKCU\..\Run: [FeedDemon] "D:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Infium] "D:\Program Files (x86)\QIP Infium\infium.exe" /autorun
O8 - Extra context menu item: Inspect Element with DebugBar - res://D:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll/247
O8 - Extra context menu item: Odeslat do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: Odeslat do Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Odeslat do Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 5.15.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71455945-BABD-4FB1-B236-685344ED7763}: NameServer = 10.0.0.100,8.8.8.8
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Acunetix WVS Scheduler v8 (AcuWVSSchedulerv8) - Unknown owner - D:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Úložná technologie Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Unknown owner - C:\Windows\system32\sfrem01.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - D:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - GlavSoft LLC. - D:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - D:\Program Files\Soluto\SolutoService.exe
O23 - Service: Glasovne poruke (Speechsrv) - Unknown owner - D:\Program Files (x86)\LAN Voice Chat\Speechs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - D:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - D:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - D:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 10710 bytes

[Reklama]

[memphisto]

Ta Pandora bude pravděpodobně nějaký dotaz na aktualizaci na jejich server(?)

V Mbam nech vše smazat a udělej ještě ADW

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

[CZechBoY]

Jj, ale stejně jsem to vypnul, nevidím důvod každou minutu aktualizovat.

MbAM už je log mazání ne?

AdWCleaner jsem už taky mazal

# AdwCleaner v3.007 - Report created 09/10/2013 at 17:24:26
# Updated 09/10/2013 by Xplode
# Operating System : Windows 8 Pro (64 bits)
# Username : czech_000 - NTB
# Running from : C:\Users\czech_000\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\CZECH_~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\CZECH_~1\AppData\Local\Temp\Uninstall.exe
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Users\czech_000\AppData\LocalLow\Conduit
Folder Found C:\Users\czech_000\AppData\Roaming\DriverCure
Folder Found C:\Users\czech_000\AppData\Roaming\ParetoLogic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Users\czech_000\AppData\Roaming\Mozilla\Firefox\Profiles\qtewduse.default-1376041014175\prefs.js ]

Line Found : user_pref("CT3282722_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1378158091891,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("smartbar.machineId", "0QADMJTCUI2KO6KH7RHOAWULGOKDMJKWBMQT+PEBLX63Y8QPKZXS2N1QL7D4FPOXEVTWJ2UJPV64N7ZUW2OSGG");

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\czech_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [2111 octets] - [09/10/2013 17:24:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2171 octets] ##########



mazání:
# AdwCleaner v3.007 - Report created 09/10/2013 at 17:25:15
# Updated 09/10/2013 by Xplode
# Operating System : Windows 8 Pro (64 bits)
# Username : czech_000 - NTB
# Running from : C:\Users\czech_000\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\czech_000\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\czech_000\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\czech_000\AppData\Roaming\ParetoLogic
File Deleted : C:\Users\CZECH_~1\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v24.0 (cs)

[ File : C:\Users\czech_000\AppData\Roaming\Mozilla\Firefox\Profiles\qtewduse.default-1376041014175\prefs.js ]

Line Deleted : user_pref("CT3282722_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1378158091891,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("smartbar.machineId", "0QADMJTCUI2KO6KH7RHOAWULGOKDMJKWBMQT+PEBLX63Y8QPKZXS2N1QL7D4FPOXEVTWJ2UJPV64N7ZUW2OSGG");

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\czech_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [2263 octets] - [09/10/2013 17:24:26]
AdwCleaner[S0].txt - [2033 octets] - [09/10/2013 17:25:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2093 octets] ##########

[Orcus]

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

[CZechBoY]

PANDORA.TV jsem odinstaloval, nemám náladu na to vyskakování - vypnutí notifikace není řešení.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 8 Pro x64
Ran by czech_000 on ne 13. 10. 2013 at 0:46:03,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\czech_000\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\czech_000\AppData\Roaming\mozilla\firefox\profiles\qtewduse.default-1376041014175\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 13. 10. 2013 at 0:52:23,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[memphisto]

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[CZechBoY]

RogueKiller V8.7.2 _x64_ [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : czech_000 [Práva správce]
Mód : Kontrola -- Datum : 10/13/2013 12:14:37
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 14 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{71455945-BABD-4FB1-B236-685344ED7763} : NameServer (10.0.0.100,8.8.8. -> NALEZENO
[DNS][PUM] HKLM\[...]\CS001\[...]\{71455945-BABD-4FB1-B236-685344ED7763} : NameServer (10.0.0.100,8.8.8. -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HID SVC][Skrytý od API] HKLM\[...]\CCSet\[...]\Services : S () -> NALEZENO
[HID SVC][Skrytý od API] HKLM\[...]\CS001\[...]\Services : S () -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
46.28.105.86 dilysos.cz


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardní diskové jednotky) - ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] af2d5d26254f379ef01a9d18b0ba1e96
[BSP] e5564d3a591cf8403f708aa9e7a52e9a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 150775 Mo
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 309506048 | Size: 1500 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 312578048 | Size: 801242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_10132013_121437.txt >>

[memphisto]

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.

[CZechBoY]

RogueKiller V8.7.2 _x64_ [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : czech_000 [Práva správce]
Mód : Odebrat -- Datum : 10/13/2013 22:37:21
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 12 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NAHRAZENO (0)
[HID SVC][Skrytý od API] HKLM\[...]\CCSet\[...]\Services : S () -> [0x3] Systém nemůže nalézt uvedenou cestu.
[HID SVC][Skrytý od API] HKLM\[...]\CS001\[...]\Services : S () -> [0x3] Systém nemůže nalézt uvedenou cestu.

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
46.28.105.86 dilysos.cz


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standardní diskové jednotky) - ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] af2d5d26254f379ef01a9d18b0ba1e96
[BSP] e5564d3a591cf8403f708aa9e7a52e9a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 150775 Mo
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 309506048 | Size: 1500 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 312578048 | Size: 801242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_10132013_223721.txt >>
RKreport[0]_S_10132013_121437.txt;RKreport[0]_S_10132013_223711.txt

















ComboFix 13-10-13.02 - czech_000 . 10. 2013 23:00:38.3.4 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1250.420.1029.18.3956.1516 [GMT 2:00]
Spuštěný z: c:\users\czech_000\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-13 do 2013-10-13 )))))))))))))))))))))))))))))))
.
.
2013-10-13 21:12 . 2013-10-13 21:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-13 21:12 . 2013-10-13 21:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-13 21:12 . 2013-10-13 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-13 21:12 . 2013-10-13 21:12 -------- d-----w- c:\users\czech_000\AppData\Local\temp
2013-10-09 16:16 . 2013-10-09 16:16 -------- d-----w- c:\users\czech_000\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-10-09 15:24 . 2013-10-09 15:25 -------- d-----w- C:\AdwCleaner
2013-10-09 14:01 . 2013-10-09 14:01 -------- d-----w- c:\users\czech_000\AppData\Roaming\LibreOfficeDev
2013-10-09 10:21 . 2013-06-22 05:45 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-08 15:32 . 2013-10-08 15:32 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-10-08 15:32 . 2013-10-08 15:32 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-10-08 09:32 . 2013-10-08 09:32 -------- d-----w- d:\program files (x86)\iTunes
2013-10-08 09:32 . 2013-10-08 09:32 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-04 13:53 . 2013-10-04 13:53 -------- d-----w- c:\windows\SysWow64\NV
2013-10-04 13:53 . 2013-10-04 13:53 -------- d-----w- c:\windows\system32\NV
2013-10-04 13:51 . 2013-10-04 13:51 -------- d-----w- d:\program files (x86)\NVIDIA Corporation
2013-10-04 13:39 . 2013-08-20 13:33 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-10-04 13:39 . 2013-08-20 13:32 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-10-04 13:39 . 2013-08-20 13:32 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-09-30 11:44 . 2013-09-30 11:44 -------- d-----w- C:\NvidiaLogging
2013-09-28 20:43 . 2013-09-28 20:46 -------- d-----w- c:\users\czech_000\bluej
2013-09-28 20:43 . 2013-09-28 20:43 973736 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-28 20:43 . 2013-09-28 20:43 312744 ----a-w- c:\windows\system32\javaws.exe
2013-09-28 20:43 . 2013-09-28 20:43 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-28 20:43 . 2013-09-28 20:43 189352 ----a-w- c:\windows\system32\javaw.exe
2013-09-28 20:43 . 2013-09-28 20:43 189352 ----a-w- c:\windows\system32\java.exe
2013-09-28 20:43 . 2013-09-28 20:43 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-09-28 20:34 . 2013-09-28 20:34 -------- d-----w- d:\program files (x86)\The KMPlayer
2013-09-28 20:30 . 2013-09-28 20:30 -------- d-----w- d:\program files (x86)\BlueJ
2013-09-25 07:41 . 2013-10-08 09:32 -------- d-----w- c:\programdata\Apple Computer
2013-09-23 08:15 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 11:18 . 2013-07-14 23:28 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-02 01:38 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 01:38 . 2012-07-26 08:14 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-12 08:58 . 2013-07-14 22:41 2986672 ----a-w- c:\windows\system32\nvapi64.dll
2013-09-12 08:58 . 2013-07-14 22:41 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-09-12 08:58 . 2013-07-14 22:41 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-09-12 08:58 . 2013-07-14 22:41 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-09-12 08:58 . 2013-07-14 22:41 1412832 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-09-12 08:58 . 2013-07-14 22:41 1222824 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-09-12 07:25 . 2013-07-14 22:43 6599968 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 07:25 . 2013-07-14 22:43 3452192 ----a-w- c:\windows\system32\nvsvc64.dll
2013-09-12 07:25 . 2013-07-14 22:43 920864 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 07:25 . 2013-07-14 22:43 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-09-12 07:25 . 2013-07-14 22:43 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 07:25 . 2013-07-14 22:43 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 07:25 . 2013-07-14 22:43 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-09-12 07:25 . 2013-07-14 22:43 1042208 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-09-12 07:25 . 2013-07-14 22:42 580384 ----a-w- c:\windows\SysWow64\oemdspif.dll
2013-09-11 22:06 . 2013-07-14 22:43 3361114 ----a-w- c:\windows\system32\nvcoproc.bin
2013-09-08 12:52 . 2013-08-31 23:07 1488160 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-09-08 12:52 . 2013-08-31 23:27 1496704 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1029\ResourceCache.dll
2013-08-17 18:07 . 2013-09-01 12:52 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2013-08-17 07:49 . 2013-07-14 16:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-08-09 19:45 . 2013-08-09 19:45 310368 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-08-09 19:45 . 2013-08-09 19:45 132704 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-08-09 15:48 . 2013-08-09 15:48 89088 ----a-w- c:\windows\SysWow64\NWKL2_64.DLL
2013-08-09 15:48 . 2013-08-09 15:48 89088 ----a-w- c:\windows\system32\NWKL2_64.DLL
2013-08-09 15:48 . 2013-08-09 15:48 86016 ----a-w- c:\windows\SysWow64\KL2DLL32.DLL
2013-08-09 15:48 . 2013-08-09 15:48 86016 ----a-w- c:\windows\system32\KL2DLL32.DLL
2013-08-09 15:48 . 2013-08-09 15:48 74240 ----a-w- c:\windows\SysWow64\KL2DLL64.DLL
2013-08-09 15:48 . 2013-08-09 15:48 74240 ----a-w- c:\windows\system32\KL2DLL64.DLL
2013-08-09 15:48 . 2013-08-09 15:48 143360 ----a-w- c:\windows\SysWow64\NWKL2_32.DLL
2013-08-09 15:48 . 2013-08-09 15:48 143360 ----a-w- c:\windows\system32\NWKL2_32.DLL
2013-08-09 15:48 . 2013-08-09 15:48 47104 ----a-w- c:\windows\SysWow64\ppmon.exe
2013-08-09 15:48 . 2013-08-09 15:48 47104 ----a-w- c:\windows\system32\ppmon.exe
2013-08-06 08:58 . 2013-08-27 15:42 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A24B45D3-B93C-44FD-8E36-4F747A822D77}\mpengine.dll
2013-07-28 09:02 . 2013-07-28 09:02 388096 ----a-r- c:\users\czech_000\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-24 12:52 . 2013-07-24 12:52 224016 --s---r- c:\windows\SysWow64\TABCTL32.OCX
2013-07-24 12:52 . 2013-07-24 12:52 152848 --s---r- c:\windows\SysWow64\COMDLG32.OCX
2013-07-24 12:52 . 2013-07-24 12:52 1010720 --s---r- c:\windows\SysWow64\MSCHRT20.OCX
2013-07-24 12:52 . 2013-07-24 12:52 1081616 --s---r- c:\windows\SysWow64\MSCOMCTL.OCX
2013-07-18 21:52 . 2013-07-14 13:50 6656 ----a-w- c:\windows\system32\lpcio.dll
2013-07-17 09:52 . 2013-07-17 09:52 4262128 ----a-w- c:\windows\system32\wlihvui.dll
2013-07-17 09:52 . 2013-07-17 09:52 2353904 ----a-w- c:\windows\system32\iwmssvc.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-18 08:20 222832 ----a-w- c:\users\czech_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-18 08:20 222832 ----a-w- c:\users\czech_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-18 08:20 222832 ----a-w- c:\users\czech_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FeedDemon"="d:\program files (x86)\FeedDemon\FeedDemon.exe" [2013-06-19 7400960]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Infium"="d:\program files (x86)\QIP Infium\infium.exe" [2010-09-01 5896656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys;c:\windows\SYSNATIVE\drivers\sfdrv01a.sys [x]
R3 AcuWVSSchedulerv8;Acunetix WVS Scheduler v8;d:\program files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe;d:\program files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;d:\program files\Intel\WiFi\bin\PanDhcpDns.exe;d:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NvStreamSvc;NVIDIA Streamer Service;d:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;d:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SolutoRemoteService;Soluto Remote Service;d:\program files\Soluto\SolutoRemoteService.exe;d:\program files\Soluto\SolutoRemoteService.exe [x]
R3 Speechsrv;Glasovne poruke;d:\program files (x86)\LAN Voice Chat\Speechs.exe;d:\program files (x86)\LAN Voice Chat\Speechs.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TeamViewer8;TeamViewer 8;d:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;d:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;d:\program files\Intel\WiFi\bin\ZeroConfigService.exe;d:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel® Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SolutoLauncherService;Soluto Launcher Service;d:\program files\Soluto\SolutoLauncherService.exe;d:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;d:\program files\Soluto\SolutoService.exe;d:\program files\Soluto\SolutoService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NETwNe64;@oem56.inf,___ %NIC_Service_DispName_WIN8_64%;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 8 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-07 14:08 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 05:56]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 15:20]
.
2013-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 15:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-18 08:20 261744 ----a-w- c:\users\czech_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-18 08:20 261744 ----a-w- c:\users\czech_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-18 08:20 261744 ----a-w- c:\users\czech_000\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2012-08-27 11577216]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-19 172168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-19 441992]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2013-07-14 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2013-07-14 191544]
"Soluto"="d:\program files\soluto\soluto.exe" [2013-08-17 1252896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Inspect Element with DebugBar - d:\program files (x86)\Core Services\DebugBar\DebugInfoBar.dll/247
IE: Odeslat do Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37 0.0.0.0
TCP: Interfaces\{71455945-BABD-4FB1-B236-685344ED7763}: NameServer = 10.0.0.100,8.8.8.8
FF - ProfilePath - c:\users\czech_000\AppData\Roaming\Mozilla\Firefox\Profiles\qtewduse.default-1376041014175\
FF - ExtSQL: 2013-08-24 14:18; {3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37}; c:\users\czech_000\AppData\Roaming\Mozilla\Firefox\Profiles\qtewduse.default-1376041014175\extensions\{3c6e1eed-a07e-4c80-9cf3-66ea0bf40b37}
FF - ExtSQL: 2013-09-07 23:10; {e3f6c2cc-d8db-498c-af6c-499fb211db97}; c:\users\czech_000\AppData\Roaming\Mozilla\Firefox\Profiles\qtewduse.default-1376041014175\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - ExtSQL: 2013-09-07 23:10; yslow@yahoo-inc.com; c:\users\czech_000\AppData\Roaming\Mozilla\Firefox\Profiles\qtewduse.default-1376041014175\extensions\yslow@yahoo-inc.com.xpi
FF - ExtSQL: 2013-09-07 23:10; wmf@javascriptrules.com; c:\users\czech_000\AppData\Roaming\Mozilla\Firefox\Profiles\qtewduse.default-1376041014175\extensions\wmf@javascriptrules.com.xpi
FF - ExtSQL: 2013-09-07 23:10; gwif-quality@goodwebsiteinspector.com; c:\users\czech_000\AppData\Roaming\Mozilla\Firefox\Profiles\qtewduse.default-1376041014175\extensions\gwif-quality@goodwebsiteinspector.com.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SynLenovoGestureMgr - d:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
.
.
Binary file temp00 matches
.
Celkový čas: 2013-10-13 23:18:42
ComboFix-quarantined-files.txt 2013-10-13 21:18
.
Před spuštěním: 97 702 633 472 bytes free
Po spuštění: 97 643 012 096 bytes free
.
- - End Of File - - 9EF29DA847FD81489145ECA23221E6B2

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Stáhni si aswMBR
http://files.avast.com/files/rootkit-scanner/aswmbr.exe
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Vlož nový log z HJT+info o problémech.

[CZechBoY]

Problémy žádný, akorát mě štve, že mi ntb celkem dost fouká, ikdyž je využití cpu na 5%



aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-14 11:16:53
-----------------------------
11:16:53.797 OS Version: Windows x64 6.2.9200
11:16:53.797 Number of processors: 4 586 0x2A07
11:16:53.798 ComputerName: NTB UserName:
11:16:56.684 Initialize success
11:17:05.685 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003f
11:17:05.687 Disk 0 Vendor: ST1000LM024_HN-M101MBB 2AR20002 Size: 953869MB BusType: 11
11:17:05.957 Disk 0 MBR read successfully
11:17:05.959 Disk 0 MBR scan
11:17:05.961 Disk 0 Windows 7 default MBR code
11:17:05.987 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350 MB offset 2048
11:17:05.998 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150775 MB offset 718848
11:17:06.014 Disk 0 Partition 3 00 12 Compaq diag NTFS 1500 MB offset 309506048
11:17:06.031 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 801242 MB offset 312578048
11:17:06.089 Disk 0 scanning C:\Windows\system32\drivers
11:17:17.109 Service scanning
11:17:45.203 Modules scanning
11:17:45.209 Disk 0 trace - called modules:
11:17:45.229 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
11:17:45.238 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006325740]
11:17:45.242 3 CLASSPNP.SYS[fffff88000b8fe0a] -> nt!IofCallDriver -> \Device\0000003f[0xfffffa8004a9c2d0]
11:17:45.245 Scan finished successfully
11:17:48.550 Disk 0 MBR has been saved successfully to "C:\Users\czech_000\Desktop\MBR.dat"
11:17:48.554 The log file has been saved successfully to "C:\Users\czech_000\Desktop\aswMBR.txt"

---

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:19:34, on 14. 10. 2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files (x86)\FeedDemon\FeedDemon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Program Files (x86)\QIP Infium\infium.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera_crashreporter.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Opera\17.0.1241.45\opera.exe
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 46.28.105.86 dilysos.cz
O2 - BHO: DebugBar BHO - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - D:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKCU\..\Run: [FeedDemon] "D:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Infium] "D:\Program Files (x86)\QIP Infium\infium.exe" /autorun
O8 - Extra context menu item: Inspect Element with DebugBar - res://D:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll/247
O8 - Extra context menu item: Odeslat do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: Odeslat do Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Odeslat do Bluetooth - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.co ... 5.15.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71455945-BABD-4FB1-B236-685344ED7763}: NameServer = 10.0.0.100,8.8.8.8
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Acunetix WVS Scheduler v8 (AcuWVSSchedulerv8) - Unknown owner - D:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Úložná technologie Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Unknown owner - C:\Windows\system32\sfrem01.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - D:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - GlavSoft LLC. - D:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - D:\Program Files\Soluto\SolutoService.exe
O23 - Service: Glasovne poruke (Speechsrv) - Unknown owner - D:\Program Files (x86)\LAN Voice Chat\Speechs.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Aktivátor Správce výběru OS Acronis (Správce výběru OS) - Unknown owner - D:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - D:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - D:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 10644 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

-To bude v nastavení reg. otáček foukání., nebo se to přehřívá.
-dej dotaz do jiné sekce..

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.