Prosim o kontrolu logu-pomaly ntb, omigasearch, a dalsi Vyřešeno

[Radys26]

ahoj,

prosim o kontrolu logu z HJT. mam problem s pomalejsim ntb pri pripojeni na net pres mozillu, nedavno se mi navic nejak dostala jako hlavni stranka pri otevreni firefoxu omigasearch, kterou jsem se snazil pres nastaveni v mozille odstranit, ale nejak se nedari, porad zustava..
od te same doby mam dole u hodin ve skrytych ikonach novou ikonu s oznacenim "Search Protect - click to configure", pri kliknuti se ale nestane absolutne nic, nevim ktera aplikace toto spousti, ikona ma podobny obrazek jako Internet Exprorer, nevim, jak se ji zbavit, nevim k cemu je a sam jsem ji tam umyslne neinstaloval

toto je odkaz, ktery se mi objevi pri kazdem spusteni firefoxu.. misto seznam.cz nebo googlu tak tohle:
http://isearch.omiga-plus.com/?type=sc& ... 8686286862

a zde je log z HJT:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:53:00, on 12.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)

FIREFOX: 36.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Radys\AppData\Roaming\TorrentStream\updater\tsupdate.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Users\Radys\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\Radys\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [TorrentStream] C:\Users\Radys\AppData\Roaming\TorrentStream\engine\tsengine.exe
O4 - HKCU\..\Run: [Samsung Drive Manager] C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Dropbox.lnk = Radys\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IHProtect Service - XTab system - C:\Program Files (x86)\XTab\ProtectService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 16600 bytes

[Reklama]

[Orcus]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[Radys26]

tady je log z MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12.3.2015
Čas skenování: 16:25:04
Protokol:
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.03.12.04
Databáze rootkitů: v2015.02.25.01
Licence: Zkušební verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Radys

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 358604
Uplynulý čas: 16 min, 0 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 4
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1876, , [31731d270981f145b522382e2bd5817f]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1712, , [6242db6924667fb7326b32dc7d859070]
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, 5408, , [b6eea99b6c1ee74f066073bc986a936d]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, 4992, , [fda7f64e4248d95dee1f575d3fc4e020]

Moduly: 9
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, , [1e86b58f0d7d4bebb14fd39baf51b24e],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [fda7f64e4248d95dee1f575d3fc4e020],

Klíče registru: 18
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [31731d270981f145b522382e2bd5817f],
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [6242db6924667fb7326b32dc7d859070],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [535171d3ec9e70c6f0df82d506fdd22e],
PUP.Optional.Babylon.A, HKU\S-1-5-21-835238276-3543191195-3145402640-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [c4e0390b721833037acb20fe08fb46ba],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [f8ac67dd5337ae8804c312107c87f30d],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [bde71a2a454539fd8c45c66fa35d33cd],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [bde71a2a454539fd8c45c66fa35d33cd],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [bde71a2a454539fd8c45c66fa35d33cd],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [bde71a2a454539fd8c45c66fa35d33cd],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [9f05053f1476ac8a29a49b7eb451a060],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [a6fe49fb94f6a78ff01c14a0867d9f61],
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, , [aafaa2a29eecbf771508b175be4751af],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, , [455fe4608a00d6605ba8eb43986d669a],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [8c18e2620a804aec5e6f8a8ffd0804fc],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [2480cd779ded8caad8f34d7c5ca71de3],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [9311162e4f3b2d09c4427a45db28a060],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-835238276-3543191195-3145402640-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [7c286ed63456ee48d6bc14fb6e97966a],
PUP.Optional.Qone8, HKU\S-1-5-21-835238276-3543191195-3145402640-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [188cbc886c1e8da9b21af2275baa0ff1],

Hodnoty registru: 3
PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default\extensions\fftoolbar2014@etech.com, , [a9fb073dbad0979faefa6a491de6b14f]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default\extensions\faststartff@gmail.com, , [297b68dc6624d85e1311bc7130d512ee]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, ild, , [2480cd779ded8caad8f34d7c5ca71de3]

Data registru: 7
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc& ... 8686286862, Dobré: (iexplore.exe), Špatné: (C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc& ... 8686286862),,[edb78cb8107a76c088de91563fc632ce]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://isearch.omiga-plus.com/web/?type ... 6286862&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://isearch.omiga-plus.com/web/?type ... 6286862&q={searchTerms}),,[455f57edb7d3af871258d51240c509f7]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://isearch.omiga-plus.com/?type=hpp ... 8686286862, Dobré: (www.google.com), Špatné: (http://isearch.omiga-plus.com/?type=hpp ... 8686286862),,[00a467dd6c1e46f073f6786fe520956b]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://isearch.omiga-plus.com/?type=hpp ... 8686286862, Dobré: (www.google.com), Špatné: (http://isearch.omiga-plus.com/?type=hpp ... 8686286862),,[099b7fc5b3d7fe38551634b356af768a]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga-plus.com/web/?type ... 6286862&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://isearch.omiga-plus.com/web/?type ... 6286862&q={searchTerms}),,[0d9730149cee3ff7d29ca344996ca55b]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[20847acab8d22313366601e41bea748c]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc& ... 8686286862, Dobré: (iexplore.exe), Špatné: (C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc& ... 8686286862),,[a5ff9ba96b1f2214fa6c8067f4114db3]

Složky: 31
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [0c98c381f991ea4c6c8d5131ac579967],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [0c98c381f991ea4c6c8d5131ac579967],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [d7cdc183038754e2850ac8d7cb383ec2],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [d7cdc183038754e2850ac8d7cb383ec2],

Soubory: 82
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [31731d270981f145b522382e2bd5817f],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, , [6242db6924667fb7326b32dc7d859070],
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, , [b6eea99b6c1ee74f066073bc986a936d],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, , [1e86b58f0d7d4bebb14fd39baf51b24e],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, , [218376ce157542f4d22e2a444cb402fe],
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, , [bde71a2a454539fd8c45c66fa35d33cd],
PUP.Optional.Downloader, C:\Users\Radys\Downloads\HDvid-codec-FF.exe, , [881c90b4c0caab8bc5d0bc12c441bd43],
PUP.Optional.Softonic.A, C:\Users\Radys\Downloads\SoftonicDownloader_for_password-cracker.exe, , [881c083c5139d95d02468ebd78890ff1],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\BrowserAction.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\CmdShell.exe, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, , [fda7f64e4248d95dee1f575d3fc4e020],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [0c98c381f991ea4c6c8d5131ac579967],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, , [d7cdc183038754e2850ac8d7cb383ec2],
PUP.Optional.Babylon.A, C:\Users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default\prefs.js, Dobré: (), Špatné: (user_pref("extensions.BabylonToolbar_i.newTab", false);), ,[4a5a172d55352a0cf243f62daa5c34cc]

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)


a LOG z ADWCleaner:

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 16:08:59
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Radys - RADYSPC
# Running from : C:\Users\Radys\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : WindowsMangerProtect
Service Found : IHProtect Service

***** [ Files / Folders ] *****

File Found : C:\Users\Radys\daemonprocess.txt
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\PANDORA.TV
Folder Found : C:\Program Files (x86)\XTab
Folder Found : C:\ProgramData\IHProtectUpDate
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\Radys\AppData\Local\genienext
Folder Found : C:\Users\Radys\AppData\Local\Mobogenie
Folder Found : C:\Users\Radys\AppData\Local\PackageAware
Folder Found : C:\Users\Radys\AppData\Roaming\pdfforge
Folder Found : C:\Users\Radys\AppData\Roaming\YourFileDownloader
Folder Found : C:\Users\Radys\Documents\Mobogenie

***** [ Scheduled tasks ] *****

Task Found : YourFile Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc& ... 8686286862
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2D760099-EFD8-4AA4-8950-F38F21205F82}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKCU\Software\Mozilla\Extends
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\YourFileDownloader
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2D760099-EFD8-4AA4-8950-F38F21205F82}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\YourFileDownloader
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\IHProtect
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\omiga-plusSoftware
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\YourFileDownloader
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [magicplayer@torrentstream.org]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type ... 6286862&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hpp ... 8686286862
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga-plus.com/?type=hpp ... 8686286862
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type ... 6286862&q={searchTerms}

-\\ Mozilla Firefox v36.0 (x86 cs)

[ac1bsmet.default] - Line Found : user_pref("browser.search.defaultengine", "Web Search");
[ac1bsmet.default] - Line Found : user_pref("browser.search.hiddenOneOffs", "Google,Seznam,DuckDuckGo,Heuréka,Mapy.cz,Slunečnice,Web Search,Wikipedie (cs)");
[ac1bsmet.default] - Line Found : user_pref("browser.search.searchengine.alias", "omiga-plus");
[ac1bsmet.default] - Line Found : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/web/favicon.ico");
[ac1bsmet.default] - Line Found : user_pref("browser.search.searchengine.name", "omiga-plus");
[ac1bsmet.default] - Line Found : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422111547&from=ild&uid=WDCXWD6400BPVT-60HXZT1_WD-WXH1A318686286862&q={searchTerms}");
[ac1bsmet.default] - Line Found : user_pref("browser.search.selectedEngine", "omiga-plus");
[ac1bsmet.default] - Line Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
[ac1bsmet.default] - Line Found : user_pref("extensions.quick_start.enable_search1", false);
[ac1bsmet.default] - Line Found : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[ac1bsmet.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[ac1bsmet.default] - Line Found : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

-\\ Google Chrome v


-\\ Chromium v

*************************

AdwCleaner[R0].txt - [9500 bytes] - [12/03/2015 16:08:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9559 bytes] ##########

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Offline Reg
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[Radys26]

tady jsou logy v poradi v jakem jsi poslal:

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 19:01:17
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Radys - RADYSPC
# Running from : C:\Users\Radys\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : WindowsMangerProtect
Service Deleted : IHProtect Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\PANDORA.TV
Folder Deleted : C:\Program Files (x86)\XTab
Folder Deleted : C:\Users\Radys\AppData\Local\genienext
Folder Deleted : C:\Users\Radys\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Radys\AppData\Local\PackageAware
Folder Deleted : C:\Users\Radys\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Radys\AppData\Roaming\YourFileDownloader
Folder Deleted : C:\Users\Radys\Documents\Mobogenie
File Deleted : C:\Users\Radys\daemonprocess.txt

***** [ Scheduled tasks ] *****

Task Deleted : YourFile Update

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Radys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Radys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Radys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Radys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [magicplayer@torrentstream.org]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC29EDF6-AD3C-4E1C-A087-D6CB81400C43}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2D760099-EFD8-4AA4-8950-F38F21205F82}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\omiga-plusSoftware
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v36.0 (x86 cs)

[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "Google,Seznam,DuckDuckGo,Heuréka,Mapy.cz,Slunečnice,Web Search,Wikipedie (cs)");
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "omiga-plus");
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/web/favicon.ico");
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "omiga-plus");
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1422111547&from=ild&uid=WDCXWD6400BPVT-60HXZT1_WD-WXH1A318686286862&q={searchTerms}");
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "omiga-plus");
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[ac1bsmet.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

-\\ Google Chrome v


-\\ Chromium v


*************************

AdwCleaner[R0].txt - [9742 bytes] - [12/03/2015 16:08:59]
AdwCleaner[R1].txt - [9801 bytes] - [12/03/2015 18:54:55]
AdwCleaner[S0].txt - [8425 bytes] - [12/03/2015 19:01:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8484 bytes] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Radys on źt 12.03.2015 at 19:11:44,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update outobox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util outobox
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Radys\appdata\local\{347A26D7-3403-459E-B9F1-289ED01AC2EE}



~~~ FireFox

Successfully deleted the following from C:\Users\Radys\AppData\Roaming\mozilla\firefox\profiles\ac1bsmet.default\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "ild");
user_pref("browser.search.searchengine.uid", "WDCXWD6400BPVT-60HXZT1_WD-WXH1A318686286862");
Emptied folder: C:\Users\Radys\AppData\Roaming\mozilla\firefox\profiles\ac1bsmet.default\minidumps [113 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 12.03.2015 at 19:16:25,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 12.3.2015
Čas skenování: 19:47:48
Protokol: mbam.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.03.12.05
Databáze rootkitů: v2015.02.25.01
Licence: Zkušební verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Radys

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 358490
Uplynulý čas: 14 min, 57 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 0
(Žádné zákerné zjištěny položek)

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 0
(Žádné zákerné zjištěny položek)

Složky: 0
(Žádné zákerné zjištěny položek)

Soubory: 2
PUP.Optional.Downloader, C:\Users\Radys\Downloads\HDvid-codec-FF.exe, Do karantény, [b7ee21238406a69032c3636ba164fb05],
PUP.Optional.Softonic.A, C:\Users\Radys\Downloads\SoftonicDownloader_for_password-cracker.exe, Do karantény, [0d98c87c414968ce9bb1cd7e2dd48b75],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

RogueKiller V10.5.4.0 (x64) [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka :

http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64

bits version
Spuštěno : Normální režim
Uživatel : Radys [Práva správce]
Started from : C:\Users\Radys\Downloads\RogueKillerX64.exe
Mód : Prohledat -- Datum : 03/12/2015 21:10:28

¤¤¤ Procesy : 2 ¤¤¤
[Suspicious.Path] tsengine.exe(3808) -- C:\Users\Radys

\AppData\Roaming\TorrentStream\engine\tsengine.exe[7] ->

Zastaveno [TermProc]
[Suspicious.Path] tsupdate.exe(7900) -- C:\Users\Radys

\AppData\Roaming\TorrentStream\updater\tsupdate.exe[7] ->

Zastaveno [TermProc]

¤¤¤ Registry : 22 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-835238276-

3543191195-3145402640-1001\Software\Microsoft\Windows

\CurrentVersion\Run | TorrentStream : C:\Users\Radys

\AppData\Roaming\TorrentStream\engine\tsengine.exe ->

Nalezeno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-835238276-

3543191195-3145402640-1001\Software\Microsoft\Windows

\CurrentVersion\Run | TorrentStream : C:\Users\Radys

\AppData\Roaming\TorrentStream\engine\tsengine.exe ->

Nalezeno
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft

\Internet Explorer\Main | Start Page :

https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-835238276-

3543191195-3145402640-1001\Software\Microsoft\Internet

Explorer\Main | Start Page : https://www.seznam.cz/?

clid=22668 -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-835238276-

3543191195-3145402640-1001\Software\Microsoft\Internet

Explorer\Main | Start Page : https://www.seznam.cz/?

clid=22668 -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software

\Microsoft\Internet Explorer\Main | Search Page :

http://search.seznam.cz/?sourceid=quicksearch_22668&q=

{searchTerms} -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet

\Services\Tcpip\Parameters | DhcpNameServer : 212.96.160.50

212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)]

-> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System

\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer :

212.96.160.50 212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH

REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System

\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer :

212.96.160.50 212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH

REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet

\Services\Tcpip\Parameters\Interfaces\{08242D95-B92D-4006-

9272-982DAD997E27} | DhcpNameServer : 212.96.160.50

212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)]

-> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet

\Services\Tcpip\Parameters\Interfaces\{4162738F-1F6F-4D07-

BF17-27BCC8998BDA} | DhcpNameServer : 172.20.10.1 [(Private

Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet

\Services\Tcpip\Parameters\Interfaces\{6ECCF934-AC3E-41FC-

9AFD-EA799E30F182} | DhcpNameServer : 93.153.117.33

93.153.117.1 [(Unknown Country?) (XX)][(Unknown Country?)

(XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System

\ControlSet001\Services\Tcpip\Parameters\Interfaces

\{08242D95-B92D-4006-9272-982DAD997E27} | DhcpNameServer :

212.96.160.50 212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH

REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System

\ControlSet001\Services\Tcpip\Parameters\Interfaces

\{4162738F-1F6F-4D07-BF17-27BCC8998BDA} | DhcpNameServer :

172.20.10.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System

\ControlSet001\Services\Tcpip\Parameters\Interfaces

\{6ECCF934-AC3E-41FC-9AFD-EA799E30F182} | DhcpNameServer :

93.153.117.33 93.153.117.1 [(Unknown Country?) (XX)]

[(Unknown Country?) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System

\ControlSet002\Services\Tcpip\Parameters\Interfaces

\{08242D95-B92D-4006-9272-982DAD997E27} | DhcpNameServer :

212.96.160.50 212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH

REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System

\ControlSet002\Services\Tcpip\Parameters\Interfaces

\{4162738F-1F6F-4D07-BF17-27BCC8998BDA} | DhcpNameServer :

172.20.10.1 [(Private Address) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System

\ControlSet002\Services\Tcpip\Parameters\Interfaces

\{6ECCF934-AC3E-41FC-9AFD-EA799E30F182} | DhcpNameServer :

93.153.117.33 93.153.117.1 [(Unknown Country?) (XX)]

[(Unknown Country?) (XX)] -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1

-> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1

-> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1

-> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software

\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons

\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1

-> Nalezeno

¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] G2MUpdateTask-S-1-5-21-835238276-

3543191195-3145402640-1001.job -- C:\Users\Radys\AppData

\Local\Citrix\GoToMeeting\2417\g2mupdate.exe -> Nalezeno
[Suspicious.Path] \\G2MUpdateTask-S-1-5-21-835238276-

3543191195-3145402640-1001 -- C:\Users\Radys\AppData\Local

\Citrix\GoToMeeting\2417\g2mupdate.exe -> Nalezeno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Nahrán) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0

: \Driver\MfeEpePc @ Unknown (\SystemRoot\System32\Drivers

\MfeEpePc.sys)

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] ac1bsmet.default : user_pref

("browser.startup.homepage", "http://www.seznam.cz/"); ->

Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BPVT-60HXZT1 +++++
--- User ---
[MBR] d199047477b894ae2d385467fbe6a0a1
[BSP] d4065d26e0ae07e47fc70680adf8d2e7 : Windows Vista/7/8

MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 |

Size: 300 MB [Windows Vista/7/8 Bootstrap | Windows

Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616448 |

Size: 587698 MB [Windows Vista/7/8 Bootstrap | Windows

Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors):

1204224000 | Size: 17357 MB [Windows Vista/7/8 Bootstrap |

Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors):

1239771136 | Size: 5122 MB
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Radys26]

posilam logy podle poradi v jakem jsi napsal:

RogueKiller V10.5.4.0 (x64) [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Radys [Práva správce]
Started from : C:\Users\Radys\Downloads\RogueKillerX64.exe
Mód : Smazat -- Datum : 03/13/2015 15:58:42

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 22 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-835238276-3543191195-3145402640-1001\Software\Microsoft\Windows\CurrentVersion\Run | TorrentStream : C:\Users\Radys\AppData\Roaming\TorrentStream\engine\tsengine.exe [7] -> Smazáno
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-835238276-3543191195-3145402640-1001\Software\Microsoft\Windows\CurrentVersion\Run | TorrentStream : C:\Users\Radys\AppData\Roaming\TorrentStream\engine\tsengine.exe -> ERROR [2]
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-835238276-3543191195-3145402640-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-835238276-3543191195-3145402640-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 212.96.160.50 212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 212.96.160.50 212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 212.96.160.50 212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08242D95-B92D-4006-9272-982DAD997E27} | DhcpNameServer : 212.96.160.50 212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4162738F-1F6F-4D07-BF17-27BCC8998BDA} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6ECCF934-AC3E-41FC-9AFD-EA799E30F182} | DhcpNameServer : 93.153.117.33 93.153.117.1 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{08242D95-B92D-4006-9272-982DAD997E27} | DhcpNameServer : 212.96.160.50 212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4162738F-1F6F-4D07-BF17-27BCC8998BDA} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6ECCF934-AC3E-41FC-9AFD-EA799E30F182} | DhcpNameServer : 93.153.117.33 93.153.117.1 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{08242D95-B92D-4006-9272-982DAD997E27} | DhcpNameServer : 212.96.160.50 212.96.164.158 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4162738F-1F6F-4D07-BF17-27BCC8998BDA} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6ECCF934-AC3E-41FC-9AFD-EA799E30F182} | DhcpNameServer : 93.153.117.33 93.153.117.1 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nahrazeno ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 2 ¤¤¤
[Suspicious.Path] G2MUpdateTask-S-1-5-21-835238276-3543191195-3145402640-1001.job -- C:\Users\Radys\AppData\Local\Citrix\GoToMeeting\2417\g2mupdate.exe -> Smazáno
[Suspicious.Path] \\G2MUpdateTask-S-1-5-21-835238276-3543191195-3145402640-1001 -- C:\Users\Radys\AppData\Local\Citrix\GoToMeeting\2417\g2mupdate.exe -> Smazáno

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: Nahrán) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\MfeEpePc @ Unknown (\SystemRoot\System32\Drivers\MfeEpePc.sys)

¤¤¤ Webové prohlížeče : 6 ¤¤¤
[IE:Addon] System : avast! Online Security [{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}] -> Smazáno
[FIREFX:Addon] ac1bsmet.default : Greasemonkey [{e4a8a97b-f2ed-450b-b12d-ee082ba24781}] -> Smazáno
[FIREFX:Addon] ac1bsmet.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] ac1bsmet.default : HP Detect [{ab91efd4-6975-4081-8552-1b3922ed79e2}] -> Smazáno
[FIREFX:Addon] ac1bsmet.default : avast! Online Security [wrc@avast.com] -> Smazáno
[PUM.HomePage][FIREFX:Config] ac1bsmet.default : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nahrazeno (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BPVT-60HXZT1 +++++
--- User ---
[MBR] d199047477b894ae2d385467fbe6a0a1
[BSP] d4065d26e0ae07e47fc70680adf8d2e7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 300 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616448 | Size: 587698 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1204224000 | Size: 17357 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1239771136 | Size: 5122 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_03122015_211027.log - RKreport_SCN_03132015_155310.log




Zoek.exe v5.0.0.0 Updated 12-March-2015
Tool run by Radys on p  13.03.2015 at 15:59:56,09.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Radys\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

13.3.2015 16:05:03 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\PokerStars deleted successfully
C:\PROGRA~2\TomTom DesktopSuite deleted successfully
C:\PROGRA~2\VS Revo Group deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\PDFC deleted successfully
C:\PROGRA~3\Validity deleted successfully
C:\PROGRA~3\WinZip deleted successfully
C:\Users\Radys\AppData\Roaming\GHISLER deleted successfully
C:\Users\Radys\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Radys\AppData\Roaming\WORK deleted successfully
C:\Users\Radys\AppData\Local\cache deleted successfully
C:\Users\Radys\AppData\Local\GameSpy deleted successfully
C:\Users\Radys\AppData\Local\PDFC deleted successfully
C:\Users\Radys\AppData\Local\PokerStars deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-835238276-3543191195-3145402640-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_USERS\S-1-5-21-835238276-3543191195-3145402640-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_USERS\S-1-5-21-835238276-3543191195-3145402640-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully
HKEY_USERS\S-1-5-21-835238276-3543191195-3145402640-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A459898-47DF-4030-92DB-7E7708AF6A10} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-835238276-3543191195-3145402640-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\otis@digitalpersona.com deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default\prefs.js:
user_pref("browser.startup.homepage", "about:home"about:home);
user_pref("browser.newtab.url", "http://www.google.cz");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Radys\AppData\Roaming\TomTom\HOME\Profiles\564k8wri.default\prefs.js:

Added to C:\Users\Radys\AppData\Roaming\TomTom\HOME\Profiles\564k8wri.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default

user.js not found
---- Lines Search-Results removed from prefs.js ----
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline url(\"IMAGE\") right no
---- FireFox user.js and prefs.js backups ----

prefs_13.03.2015_1618_.backup

ProfilePath: C:\Users\Radys\AppData\Roaming\TomTom\HOME\Profiles\564k8wri.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_13.03.2015_1618_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\PokerStars not found
C:\PROGRA~2\TomTom DesktopSuite not found
C:\PROGRA~2\VS Revo Group not found
C:\PROGRA~2\Supertintin for Skype deleted
C:\windows\syswow64\appdata deleted
C:\Users\Radys\.android deleted
C:\PROGRA~2\xOption deleted
C:\PROGRA~2\SopCast deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-835238276-3543191195-3145402640-1001 deleted
C:\Users\Radys\Downloads\bsplayer137.826.exe deleted
C:\Users\Radys\Downloads\bsplayer257.1051_clip.exe deleted
C:\windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default\jetpack deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Radys\AppData\Roaming\TomTom\HOME\Profiles\564k8wri.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22.07.2014 09:57]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Radys\AppData\Roaming\TomTom\HOME\Profiles\564k8wri.default
- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com
- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash
290A0130C74ADCD4546BC6900D1665D9 - C:\windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
6622169512C931AC6DD18CBAC037B6FB - C:\Users\Radys\AppData\Roaming\TorrentStream\player\npts_plugin.dll - Torrent Stream P2P Multimedia Plug-in 2
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Radys\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
15E298B5EC5B89C5994A59863969D9FF - C:\windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Radys\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[22.07.2014 09:55]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
ochbjojkpcmlfeagbaahkofepalngihg - C:\Users\Radys\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx[29.04.2014 22:29]

==== Chromium Startpages ======================

C:\Users\Radys\AppData\Local\Chromium\User Data\Default\Preferences
"homepage": "http://www.google.com/",


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Page"="http://www.google.com"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Search Bar"="https://www.seznam.cz/?clid=22668"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Radys\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Radys\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Radys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78XKZZYF will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Radys\AppData\Local\Mozilla\Firefox\Profiles\ac1bsmet.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Radys\AppData\Local\Chromium\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=131 folders=30 43484221 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Radys\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Radys\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Radys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78XKZZYF" not found

==== EOF on p  13.03.2015 at 16:26:38,71 ======================



ComboFix 15-03-09.01 - Radys 13.03.2015 16:34:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4030.1841 [GMT 1:00]
Spuštěný z: c:\users\Radys\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Radys\Documents\~WRL0003.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-13 do 2015-03-13 )))))))))))))))))))))))))))))))
.
.
2015-03-13 15:49 . 2015-03-13 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-13 15:27 . 2015-03-13 15:27 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2015-03-13 15:27 . 2015-03-13 15:27 -------- d--h--w- c:\programdata\CanonEPP
2015-03-13 15:24 . 2015-03-13 15:24 -------- d-----w- c:\programdata\Validity
2015-03-13 15:22 . 2015-03-13 15:52 -------- d-----w- c:\users\Radys\AppData\Local\Temp
2015-03-13 15:22 . 2015-03-13 14:59 24064 ----a-w- c:\windows\zoek-delete.exe
2015-03-13 14:59 . 2015-03-13 15:18 -------- d-----w- C:\zoek_backup
2015-03-12 19:59 . 2015-03-13 14:42 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-12 19:59 . 2015-03-12 20:20 -------- d-----w- c:\programdata\RogueKiller
2015-03-12 15:23 . 2015-03-13 14:27 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-12 15:23 . 2015-03-12 15:23 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-12 15:23 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-12 15:23 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-12 15:08 . 2015-03-12 18:01 -------- d-----w- C:\AdwCleaner
2015-03-11 11:21 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-03-11 11:21 . 2015-01-31 03:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 11:21 . 2015-01-30 23:56 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-03-11 11:19 . 2015-02-24 02:32 235176 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2015-02-27 10:26 . 2015-02-27 10:26 -------- d-----w- c:\users\Radys\AppData\Local\Steam
2015-02-19 15:45 . 2015-02-19 15:45 -------- d-----w- c:\program files (x86)\iTunes
2015-02-19 15:45 . 2015-02-19 15:45 -------- d-----w- c:\program files\iPod
2015-02-19 15:45 . 2015-02-19 15:47 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-19 15:45 . 2015-02-19 15:47 -------- d-----w- c:\program files\iTunes
2015-02-18 08:47 . 2015-02-18 08:47 17323192 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-02-17 06:54 . 2015-02-17 06:54 -------- d-sh--w- c:\users\Radys\AppData\Local\EmieUserList
2015-02-17 06:54 . 2015-02-17 06:54 -------- d-sh--w- c:\users\Radys\AppData\Local\EmieSiteList
2015-02-17 06:54 . 2015-02-17 06:54 -------- d-sh--w- c:\users\Radys\AppData\Local\EmieBrowserModeList
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-12 11:47 . 2011-09-07 17:44 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-06 05:42 . 2015-03-11 11:20 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-11 11:20 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-06 17:21 . 2012-04-14 08:34 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-06 17:21 . 2011-09-02 19:03 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 17:21 . 2015-02-06 17:21 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-04 03:16 . 2015-02-11 14:22 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 14:22 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 14:22 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 14:22 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 14:22 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 14:22 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 14:22 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 14:22 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-09 03:14 . 2015-02-11 14:22 91136 ----a-w- c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-11 14:22 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-11 14:22 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-11 14:22 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2014-12-19 03:06 . 2015-01-14 17:23 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 17:22 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung Drive Manager"="c:\program files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-08-17 5796440]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-02-18 2874048]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-07-02 248208]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-28 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2012-10-05 259072]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-09-05 184736]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2013-07-11 169528]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
.
c:\users\Radys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Radys\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-4 42560368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Drive Manager Real-Time.lnk - c:\program files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe [2013-4-3 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 mvd23;mvd23;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 17:21]
.
2015-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 11:17]
.
2015-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 11:17]
.
2015-03-12 c:\windows\Tasks\HPCeeScheduleForRadys.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
2015-03-12 c:\windows\Tasks\HPCeeScheduleForRADYSPC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-22 08:57 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2013-02-01 200704]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-10 1664000]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-09-14 764544]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-09-14 127616]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 212.96.160.50 212.96.164.158
FF - ProfilePath - c:\users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SopCast - c:\program files (x86)\SopCast\uninst.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2015-03-13 17:00:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-13 16:00
.
Před spuštěním: Volných bajtů: 11 759 656 960
Po spuštění: Volných bajtů: 10 888 732 672
.
- - End Of File - - 2593023A0F9CFC4952B7BE4664591909

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Radys26]

logy z comba, hjt a aswmbr:

ComboFix 15-03-09.01 - Radys 13.03.2015 20:40:13.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4030.2389 [GMT 1:00]
Spuštěný z: c:\users\Radys\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Radys\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
c:\program files (x86)\Google\Update\1.3.26.9\goopdate.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.26.9\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.26.9\psmachine.dll
c:\program files (x86)\Google\Update\1.3.26.9\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.26.9\psuser.dll
c:\program files (x86)\Google\Update\1.3.26.9\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\Install\{6D1C8A39-032E-46FD-B474-21A36A8CA26B}\GoogleUpdateSetup.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-02-13 do 2015-03-13 )))))))))))))))))))))))))))))))
.
.
2015-03-13 15:27 . 2015-03-13 15:27 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2015-03-13 15:27 . 2015-03-13 15:27 -------- d--h--w- c:\programdata\CanonEPP
2015-03-13 15:24 . 2015-03-13 15:24 -------- d-----w- c:\programdata\Validity
2015-03-13 15:22 . 2015-03-13 19:54 -------- d-----w- c:\users\Radys\AppData\Local\Temp
2015-03-13 15:22 . 2015-03-13 14:59 24064 ----a-w- c:\windows\zoek-delete.exe
2015-03-13 14:59 . 2015-03-13 15:18 -------- d-----w- C:\zoek_backup
2015-03-12 19:59 . 2015-03-13 14:42 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-12 19:59 . 2015-03-12 20:20 -------- d-----w- c:\programdata\RogueKiller
2015-03-12 15:23 . 2015-03-13 14:27 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-12 15:23 . 2015-03-12 15:23 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-12 15:23 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-12 15:23 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-12 15:08 . 2015-03-12 18:01 -------- d-----w- C:\AdwCleaner
2015-03-11 11:21 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-03-11 11:21 . 2015-01-31 03:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 11:21 . 2015-01-30 23:56 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-03-11 11:19 . 2015-02-24 02:32 235176 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2015-02-27 10:26 . 2015-02-27 10:26 -------- d-----w- c:\users\Radys\AppData\Local\Steam
2015-02-19 15:45 . 2015-02-19 15:45 -------- d-----w- c:\program files (x86)\iTunes
2015-02-19 15:45 . 2015-02-19 15:45 -------- d-----w- c:\program files\iPod
2015-02-19 15:45 . 2015-02-19 15:47 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-19 15:45 . 2015-02-19 15:47 -------- d-----w- c:\program files\iTunes
2015-02-18 08:47 . 2015-02-18 08:47 17323192 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-02-17 06:54 . 2015-02-17 06:54 -------- d-sh--w- c:\users\Radys\AppData\Local\EmieUserList
2015-02-17 06:54 . 2015-02-17 06:54 -------- d-sh--w- c:\users\Radys\AppData\Local\EmieSiteList
2015-02-17 06:54 . 2015-02-17 06:54 -------- d-sh--w- c:\users\Radys\AppData\Local\EmieBrowserModeList
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-12 11:47 . 2011-09-07 17:44 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-06 05:42 . 2015-03-11 11:20 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-11 11:20 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-02-06 17:21 . 2012-04-14 08:34 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-06 17:21 . 2011-09-02 19:03 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 17:21 . 2015-02-06 17:21 5070512 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-04 03:16 . 2015-02-11 14:22 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 14:22 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 14:22 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 14:22 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 14:22 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 14:22 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 14:22 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 14:22 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-09 03:14 . 2015-02-11 14:22 91136 ----a-w- c:\windows\system32\wdi.dll
2015-01-09 03:14 . 2015-02-11 14:22 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-01-09 03:14 . 2015-02-11 14:22 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-11 14:22 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2014-12-19 03:06 . 2015-01-14 17:23 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 17:22 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung Drive Manager"="c:\program files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-08-17 5796440]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-02-18 2874048]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-07-02 248208]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2011-02-07 12274688]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-28 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe" [2012-10-05 259072]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-09-05 184736]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2013-07-11 169528]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
.
c:\users\Radys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Radys\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-3-4 42560368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Drive Manager Real-Time.lnk - c:\program files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe [2013-4-3 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 22:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe;c:\program files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mdf16;mdf16;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 mvd23;mvd23;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys;c:\program files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2015-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 17:21]
.
2015-03-12 c:\windows\Tasks\HPCeeScheduleForRadys.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
2015-03-12 c:\windows\Tasks\HPCeeScheduleForRADYSPC$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-22 08:57 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Radys\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-01-27 13880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"MfeEpePcMonitor"="c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" [2013-02-01 200704]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-10 1664000]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-09-14 764544]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-09-14 127616]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 212.96.160.50 212.96.164.158
FF - ProfilePath - c:\users\Radys\AppData\Roaming\Mozilla\Firefox\Profiles\ac1bsmet.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-SopCast - c:\program files (x86)\SopCast\uninst.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2015-03-13 21:00:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-03-13 20:00
ComboFix2.txt 2015-03-13 16:00
.
Před spuštěním: Volných bajtů: 11 356 852 224
Po spuštění: Volných bajtů: 11 178 082 304
.
- - End Of File - - E1D25E8D748D2B0FB3A05DF952A1E097


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:35:16, on 13.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)

FIREFOX: 36.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Radys\Downloads\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Samsung Drive Manager] C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Dropbox.lnk = Radys\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 14461 bytes


aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-03-13 21:35:45
-----------------------------
21:35:45.413 OS Version: Windows x64 6.1.7601 Service Pack 1
21:35:45.413 Number of processors: 4 586 0x2A07
21:35:45.413 ComputerName: RADYSPC UserName: Radys
21:35:46.536 Initialize success
21:35:46.536 VM: initialized successfully
21:35:46.536 VM: Intel CPU BiosDisabled
21:35:50.109 AVAST engine defs: 15031302
21:36:02.542 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:36:02.557 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
21:36:02.729 Disk 0 MBR read successfully
21:36:02.729 Disk 0 MBR scan
21:36:02.745 Disk 0 Windows 7 default MBR code
21:36:02.745 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
21:36:02.760 Disk 0 Boot: NTFS code=1
21:36:02.791 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 587698 MB offset 616448
21:36:02.838 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17357 MB offset 1204224000
21:36:02.854 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 5122 MB offset 1239771136
21:36:02.916 Disk 0 scanning C:\windows\system32\drivers
21:36:17.970 Service scanning
21:36:44.428 Modules scanning
21:36:44.428 Disk 0 trace - called modules:
21:36:44.459 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
21:36:44.475 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a1a060]
21:36:44.490 3 CLASSPNP.SYS[fffff88000dc243f] -> nt!IofCallDriver -> [0xfffffa8004c28850]
21:36:44.490 5 hpdskflt.sys[fffff880014b6379] -> nt!IofCallDriver -> [0xfffffa8004b08b20]
21:36:44.506 7 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b0e050]
21:36:45.551 AVAST engine scan C:\windows
21:36:48.546 AVAST engine scan C:\windows\system32
21:40:27.914 AVAST engine scan C:\windows\system32\drivers
21:40:45.183 AVAST engine scan C:\Users\Radys
22:06:42.320 File: C:\Users\Radys\Downloads\AtdheNetAppsSetup(18_3f)1_ff.exe **INFECTED** Win32:Adware-gen [Adw]
22:10:00.191 File: C:\Users\Radys\Downloads\vshare-plugin.exe **INFECTED** Win32:Adware-gen [Adw]
22:18:31.546 AVAST engine scan C:\ProgramData
22:20:43.850 Disk 0 statistics 5666407/0/0 @ 1,16 MB/s
22:20:43.866 Scan finished successfully
22:21:27.469 Disk 0 MBR has been saved successfully to "C:\Users\Radys\Desktop\MBR.dat"
22:21:27.469 The log file has been saved successfully to "C:\Users\Radys\Desktop\aswMBR.txt"

[Orcus]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

====================================================

Vyčisti systém CCleanerem

====================================================

Stáhni si zde DelFix
http://general-changelog-team.fr/fr/dow ... e/9-delfix

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?

[Radys26]

tady je log z delfixu:

# DelFix v10.9 - Logfile created 14/03/2015 at 11:44:24
# Updated 27/02/2015 by Xplode
# Username : Radys - RADYSPC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\zoek-results.log
Deleted : C:\Users\Radys\Desktop\AdwCleaner[R0].txt
Deleted : C:\Users\Radys\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Radys\Desktop\aswMBR.txt
Deleted : C:\Users\Radys\Desktop\JRT.txt
Deleted : C:\Users\Radys\Desktop\hijackthis.log
Deleted : C:\Users\Radys\Desktop\MBR.dat
Deleted : C:\Users\Radys\Desktop\RKreport_DEL_03132015_155842.log
Deleted : C:\Users\Radys\Desktop\RKreport_SCN_03122015_211027.log
Deleted : C:\Users\Radys\Desktop\zoek-results.txt
Deleted : C:\Users\Radys\Downloads\AdwCleaner.exe
Deleted : C:\Users\Radys\Downloads\aswmbr.exe
Deleted : C:\Users\Radys\Downloads\ComboFix.exe
Deleted : C:\Users\Radys\Downloads\JRT.exe
Deleted : C:\Users\Radys\Downloads\HiJackThis.exe
Deleted : C:\Users\Radys\Downloads\hijackthis.log
Deleted : C:\Users\Radys\Downloads\OTL.exe
Deleted : C:\Users\Radys\Downloads\RogueKillerX64.exe
Deleted : C:\Users\Radys\Downloads\TDSSKiller.exe
Deleted : C:\Users\Radys\Downloads\TFC.exe
Deleted : C:\Users\Radys\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\aswMBR

~ Cleaning system restore ...

Deleted : RP #476 [ComboFix created restore point | 03/14/2015 10:23:31]

New restore point created !

########## - EOF - ##########


problemy uz ocividne nejsou, kdyz zapnu mozillu, startovaci stranka zdarne neni omigasearch
s rychlosti ntb jeste nevim, az po delsim pouzivani budu moci vysledovat, kdyby byly problemy, ozval bych se
jen kdyz mam v mozille otevrenou stranku a dele se nacita, objevi se okno s hlasenim, ze Shockwave neco prestal pracovat, co je ten Shockwave?

[Radys26]

nevim, jestli mam potom kliknout na "Pokracovat" nebo na "Ukoncit modul"
je to Shockwave Flash, hlaseni se ukaze ted pokazde, kdyz zapnu mozillu..