Zavirovaný systém? Nevím co dál :-(

[Vstrom650]

Ahoj, v pátek jsem si sám postavil pc na doporučení zdejších expertů a vše fungovalo. Včera jsem si všiml, že i5 4460 je i v klidu zatížená na 100% a najednou BSOD s tim, že nastala kritická situace s vadou 0x000000F4 a následoval restart, situace se opakuje hned tak minutu po startu. Na netu jsem četl, že se mám podívat do nějakého správce událostí a byla tam kritická chyba ID 41 Kernel Power asi 5x, z toho 4x včera. Pak jsem se podíval ještě do složky minidump a bylo tam několik souborů, tak jsem je zabalil a hodil sem.
Pokud pc zapnu v nouzi, tak funguje normálně. Mrkněte na to někdo, prosím.

http://leteckaposta.cz/937437584

Jedná se o sestavu v podpisu.

[Reklama]

[guest]

Tady se řeší logy z HijackThis. Na BSOD je jiná sekce, tak to tady označ jako vyřešené a dej to tam.

[Aja12]

Vstrom650 byl do této sekce přesměrován z tohoto vlákna: viewtopic.php?f=118&t=134815 , zřejmě pouze zapomněl vložit log z HijackThis. A.

[Vstrom650]

Mě odtamtud poslali sem:-) Jestli HJC je nějaký program, tak ten log sem dnes dám. Za hodku budu doma, tak mi to tady prosím nezamykejte. Díky

[guest]

viewtopic.php?t=5119

[Vstrom650]

Tady přikládám log z nouzového režimu:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:20:32, on 24.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\Downloads\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HulaToo - {ab65caf0-fc3b-40f8-8b88-6d096a48f659} - C:\Program Files (x86)\HulaToo\HulaToobho.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msgr] C:\Users\Pavel\AppData\Local\msgr1msgr1.exe
O4 - HKCU\..\Run: [2b7b376e817e4259dc2503de270fd2fb] "C:\Users\Pavel\AppData\Roaming\Internet.exe" ..
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTRAY.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 2b7b376e817e4259dc2503de270fd2fb.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\Program Files\PCDApp\StartHelp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update HulaToo - Unknown owner - C:\Program Files (x86)\HulaToo\updateHulaToo.exe
O23 - Service: Util HulaToo - Unknown owner - C:\Program Files (x86)\HulaToo\bin\utilHulaToo.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (http://pietschsoft.com) - C:\Program Files (x86)\GIGABYTE\WiFiShare\VirtualRouterService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 10179 bytes

[jaro3]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[Vstrom650]

Tady vkládám log z AdwCleaner:

# AdwCleaner v3.213 - Report created 24/06/2014 at 21:25:21
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Pavel - PAVEL-PC
# Running from : C:\Users\Pavel\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : ProtectMonitor
Service Found : Update HulaToo
Service Found : Util HulaToo

***** [ Files / Folders ] *****

File Found : C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Windows\System32\Tasks\AmiUpdXp
File Found : C:\Windows\Tasks\AmiUpdXp.job
Folder Found : C:\Program Files (x86)\HulaToo
Folder Found : C:\Program Files\PCDApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\2b7b376e817e4259dc2503de270fd2fb
Key Found : HKCU\Software\HulaToo
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}
Key Found : [x64] HKCU\Software\HulaToo
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32C53681-8E69-4659-8320-7422685BD486}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{596EAA89-F3D2-4174-9BD9-F7D79C744CDA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\Software\HulaToo
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32C53681-8E69-4659-8320-7422685BD486}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HulaToo

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}

*************************

AdwCleaner[R0].txt - [3202 octets] - [24/06/2014 21:25:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3262 octets] ##########

[Vstrom650]

Log z Anti Malware:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24.6.2014
Scan Time: 21:38:56
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.24.12
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Pavel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 262760
Time Elapsed: 3 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 23
PUP.Optional.HulaToo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update HulaToo, , [bd8f6814532800367163a5cffe039d63],
PUP.Optional.HulaToo.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util HulaToo, , [83c91963403b84b2b3211a5a57aa867a],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [a8a42d4f8dee43f31fd36a13f1111de3],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [a8a42d4f8dee43f31fd36a13f1111de3],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ab65caf0-fc3b-40f8-8b88-6d096a48f659}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{596eaa89-f3d2-4174-9bd9-f7d79c744cda}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{32C53681-8E69-4659-8320-7422685BD486}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{32C53681-8E69-4659-8320-7422685BD486}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{596eaa89-f3d2-4174-9bd9-f7d79c744cda}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKU\S-1-5-21-1743914338-2357987704-1838134458-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKU\S-1-5-21-1743914338-2357987704-1838134458-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\HulaToo, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, HKLM\SOFTWARE\WOW6432NODE\HulaToo, , [f85414688eedbe78eb18a419bd4538c8],
PUP.Software.Updater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, , [e06ccdafa7d4f73f02e4fcd8669cc43c],
PUP.Optional.HulaToo.A, HKU\S-1-5-21-1743914338-2357987704-1838134458-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HulaToo, , [79d39ae2f2890b2bf012cfeea85a817f],

Registry Values: 2
Trojan.MSIL, HKU\S-1-5-21-1743914338-2357987704-1838134458-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|msgr, C:\Users\Pavel\AppData\Local\msgr1msgr1.exe, , [400cb7c5ccafd95dd60454ea40c1e020]
Trojan.MSIL, HKU\S-1-5-21-1743914338-2357987704-1838134458-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|2b7b376e817e4259dc2503de270fd2fb, "C:\Users\Pavel\AppData\Roaming\Internet.exe" .., , [a7a58cf02c4f59dd91a1d977e61e639d]

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\plugins, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\TEMP, , [4507c0bc017a63d30ff2f6c77191619f],

Files: 35
Trojan.MSIL, C:\Users\Pavel\AppData\Local\msgr1msgr1.exe, , [400cb7c5ccafd95dd60454ea40c1e020],
Trojan.MSIL, C:\Users\Pavel\AppData\Roaming\Internet.exe, , [a7a58cf02c4f59dd91a1d977e61e639d],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\updateHulaToo.exe, , [bd8f6814532800367163a5cffe039d63],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\utilHulaToo.exe, , [83c91963403b84b2b3211a5a57aa867a],
Trojan.MSIL.GenX, C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2b7b376e817e4259dc2503de270fd2fb.exe, , [94b817652f4c52e45131fc0457aaf709],
Trojan.MSIL, C:\Windows\System32\workgroup, , [70dc710b9ae162d4d604221c9f6214ec],
Hacktool.Agent, C:\Windows\SysWOW64\Windows Loader.exe, , [99b389f38af193a33c42103ec1401de3],
Trojan.MSIL, C:\Windows\SysWOW64\server.exe, , [5af28af2c5b6a1957e5cca7454ade51b],
Trojan.MSIL, C:\Users\Pavel\AppData\Local\Temp\msgr1msgr1.exe, , [ae9e7dfff08b56e0c66cf9574bb91fe1],
PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, , [db71116bf68555e10ec615930df50bf5],
PUP.Optional.Superfish.A, C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [63e99ce087f4e1558a037a3a19e912ee],
PUP.Optional.Superfish.A, C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [5fed5e1ebdbeef474944e1d3ce349070],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\HulaToo.ico, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\0, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\7za.exe, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\HulaTooBHO.dll, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\HulaTooUninstall.exe, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\updateHulaToo.InstallState, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\7za.exe, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\BrowserAdapterS.7z, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\HulaToo.BrowserAdapter.exe, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\HulaToo.PurBrowse64.exe, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\HulaToo.PurBrowseG.zip, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\HulaTooBAApp.dll, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\tmpD162.tmp, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\utilHulaToo.InstallState, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\{b2db3058-74ee-4ace-bcd8-8cd0fbe3a4f6}.dll, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\plugins\HulaToo.Bromon.dll, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\plugins\HulaToo.BroStats.dll, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\plugins\HulaToo.BrowserAdapterS.dll, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\plugins\HulaToo.CompatibilityChecker.dll, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\plugins\HulaToo.FFUpdate.dll, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\plugins\HulaToo.IEUpdate.dll, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Optional.HulaToo.A, C:\Program Files (x86)\HulaToo\bin\plugins\HulaToo.PurBrowseG.dll, , [4507c0bc017a63d30ff2f6c77191619f],
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, , [cf7df48825567db95095953f55ad03fd],

Physical Sectors: 0
(No malicious items detected)


(end)

[Orcus]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Vstrom650]

# AdwCleaner v3.213 - Report created 25/06/2014 at 14:35:26
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Pavel - PAVEL-PC
# Running from : C:\Users\Pavel\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : ProtectMonitor
[#] Service Deleted : Update HulaToo
[#] Service Deleted : Util HulaToo

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\HulaToo
Folder Deleted : C:\Program Files\PCDApp
File Deleted : C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\2b7b376e817e4259dc2503de270fd2fb
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32C53681-8E69-4659-8320-7422685BD486}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{596EAA89-F3D2-4174-9BD9-F7D79C744CDA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB65CAF0-FC3B-40F8-8B88-6D096A48F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32C53681-8E69-4659-8320-7422685BD486}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\HulaToo
Key Deleted : HKLM\Software\HulaToo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HulaToo

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&a=ddrnw&q={searchTerms}

*************************

AdwCleaner[R0].txt - [3370 octets] - [24/06/2014 21:25:21]
AdwCleaner[R1].txt - [3430 octets] - [25/06/2014 14:34:14]
AdwCleaner[S0].txt - [3364 octets] - [25/06/2014 14:35:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3424 octets] ##########

[Vstrom650]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Pavel on st 25.06.2014 at 14:53:07,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{31B9D9F5-D223-498C-BC62-646FFBDBCEB7}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 25.06.2014 at 14:54:24,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~