Prosím o preventivní kontrolu

[petouf]

vše jsem udělal, tady je log:
dík...

ComboFix 14-04-26.01 - petra 28.04.2014 15:18:36.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4094.1952 [GMT 2:00]
Spuštěný z: c:\users\petra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\petra\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\petra\AppData\Local\BITA64C.tmp"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-28 do 2014-04-28 )))))))))))))))))))))))))))))))
.
.
2014-04-28 13:27 . 2014-04-28 13:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-04-28 13:27 . 2014-04-28 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-28 01:43 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{486DC972-40E3-405D-B7A0-3F12CE9B62C8}\mpengine.dll
2014-04-17 16:52 . 2014-04-21 12:29 -------- d-----w- C:\AdwCleaner
2014-04-17 15:19 . 2014-04-21 12:35 -------- d-----w- c:\program files\trend micro
2014-04-16 15:45 . 2014-04-16 15:45 43152 ----a-w- c:\windows\avastSS.scr
2014-04-16 15:00 . 2014-04-16 15:00 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2014-04-16 15:00 . 2014-04-16 15:52 -------- d-----w- c:\programdata\Spyware Terminator
2014-04-16 15:00 . 2014-04-16 15:00 -------- d-----w- c:\users\petra\AppData\Roaming\Spyware Terminator
2014-04-16 14:58 . 2014-04-16 15:00 -------- d-----w- c:\program files (x86)\Spyware Terminator
2014-04-15 10:15 . 2014-04-15 10:15 0 ---ha-w- c:\users\petra\AppData\Local\BITA64C.tmp
2014-04-09 02:57 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-16 15:45 . 2014-02-20 15:18 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-16 15:45 . 2013-03-18 19:06 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-16 15:45 . 2013-03-18 19:05 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-16 15:45 . 2012-10-03 19:24 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-16 15:45 . 2012-02-18 14:21 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-16 15:45 . 2012-02-18 14:21 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-16 15:45 . 2012-02-18 14:21 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-16 15:45 . 2012-02-18 14:21 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-09 03:37 . 2012-03-17 14:52 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2012-02-18 14:04 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-23 20:21 . 2014-03-23 20:21 53248 ----a-r- c:\users\petra\AppData\Roaming\Microsoft\Installer\{D954A6FA-5769-4B38-9377-2B6DF78D77E5}\ARPPRODUCTICON.exe
2014-03-23 20:08 . 2014-03-23 20:08 53248 ----a-r- c:\users\petra\AppData\Roaming\Microsoft\Installer\{6CA8F328-2590-4232-9A2D-B50F72F41863}\ARPPRODUCTICON.exe
2014-03-12 23:07 . 2014-03-12 23:07 761416 ----a-w- c:\windows\system32\AvOmfToolkit.dll
2014-03-12 23:07 . 2014-03-12 23:07 72264 ----a-w- c:\windows\system32\libjpegV4.dll
2014-03-12 23:07 . 2014-03-12 23:07 66560 ----a-w- c:\windows\system32\ntrights.exe
2014-03-12 23:07 . 2014-03-12 23:07 56904 ----a-w- c:\windows\SysWow64\libjpegV4.dll
2014-03-12 23:07 . 2014-03-12 23:07 549960 ----a-w- c:\windows\SysWow64\mmclient.dll
2014-03-12 10:22 . 2013-02-09 22:17 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 10:22 . 2012-02-18 14:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-09 02:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-21 14:00 . 2013-03-18 19:05 440672 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-02-07 01:23 . 2014-03-14 04:11 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-14 04:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-14 04:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-14 04:10 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-14 04:10 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-14 04:11 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-14 04:11 381440 ----a-w- c:\windows\SysWow64\wer.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0D778FDC-FAD7-4B1D-AB88-7A76A562D65C}]
2013-05-28 06:30 590640 ----a-w- c:\progra~1\Instair\Instair.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\petra\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\petra\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\petra\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\petra\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"Print2PDF Print Monitor"="c:\program files (x86)\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
"ACSW15EN"="c:\program files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe" [2012-11-14 1133176]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016]
"tsnp2uvc"="c:\program files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe" [2012-02-23 322560]
"NexusServer"="c:\program files (x86)\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 389120]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-16 3854640]
.
c:\users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\petra\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-4-18 33604728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;e:\everest ultimate engineer edition v5.50 build 2253\kerneld.amd64;e:\everest ultimate engineer edition v5.50 build 2253\kerneld.amd64 [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys;c:\windows\SYSNATIVE\DRIVERS\cdrblock.sys [x]
S2 602XML Updater;602Updater;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe;c:\program files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 06:36 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-09 10:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-16 15:45 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\petra\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\petra\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\petra\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\petra\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-10-22 2777736]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/?clid=13415
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\petra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 10.88.1.2 10.89.1.2
DPF: {CD82C85E-37B7-48E3-9E88-31E140C13C86} - hxxp://www.premis.cz/PremisGUI/cab/Teechart7.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\3g0eftd4.default\
FF - prefs.js: browser.startup.homepage - seznam.cz
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Super Ovladac_is1 - c:\program files (x86)\Driver-Soft\SuperOvladac\unins000.exe
AddRemove-vfd-ob - c:\program files (x86)\OApps\vfd-ob_uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\e:\everest ultimate engineer edition v5.50 build 2253\kerneld.amd64"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3338490639-4165212360-2111865542-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v15o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.v15o"
.
[HKEY_USERS\S-1-5-21-3338490639-4165212360-2111865542-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v15p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.v15p"
.
[HKEY_USERS\S-1-5-21-3338490639-4165212360-2111865542-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v15pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.v15pf"
.
[HKEY_USERS\S-1-5-21-3338490639-4165212360-2111865542-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 15.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,4e,02,e3,d2,a3,
23,9a,f3,c8,28,51,af,b0,29,a3,98,25,49,69,5a,43,8f,83,66,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,77,57,9b,45,dc,
85,de,9c,71,3b,04,66,8b,46,0d,96,6a,93,f3,b6,4a,e7,72,34,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,91,43,4b,f0,c9,
a6,6c,99,25,da,ec,7e,55,20,c9,26,92,96,d8,1f,f6,b1,f4,45,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,77,c4,fd,79,56,
43,d9,e8,3e,1e,9e,e0,57,5a,93,61,4a,12,d1,68,1e,6e,9b,7f,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,d1,80,f1,85,e3,
25,ba,37,cd,44,cd,b9,a6,33,6c,cd,81,9c,ee,e6,89,12,9d,41,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2c,34,61,4f,0a,
61,72,c4,b0,18,ed,a7,3f,8d,37,a4,ea,aa,c5,ac,64,84,87,7c,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,27,a7,72,94,64,
f8,0d,97,31,77,e1,ba,b1,f8,68,02,a4,1d,85,5b,fc,04,3d,93,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,57,dc,4f,d8,66,
47,5d,76,83,6c,56,8b,a0,85,96,ab,ee,19,f9,fd,c2,12,31,ef,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,d7,13,54,4f,dc,
b9,82,6b,51,fa,6e,91,28,9e,14,cc,a3,85,5b,10,4b,30,cc,54,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,06,6d,5b,ff,e4,
7a,02,66,b1,cd,45,5a,a8,c4,f8,b9,d1,56,20,4f,1d,f4,c8,1a,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,77,50,a9,cd,7d,
f8,83,8a,e3,0e,66,d5,eb,bc,2f,6b,09,c5,ed,c0,68,c6,e1,66,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,56,d6,54,41,0f,
d5,41,c2,fa,ea,66,7f,d4,3b,6b,70,4d,7b,12,51,88,2b,63,f0,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Celkový čas: 2014-04-28 15:30:42
ComboFix-quarantined-files.txt 2014-04-28 13:30
.
Před spuštěním: Volných bajtů: 26 971 766 784
Po spuštění: Volných bajtů: 27 132 940 288
.
- - End Of File - - F8A4032588CFD9CCF066EB247D97EE15
413FC2A0C716421B3158746D63736515

[Roli]

vše jsem udělal, tady je log

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Najdi :

c:\users\petra\AppData\Local\BITA64C.tmp

a smaž, pokud nepůjde dej vědět a také písni jaký je stav PC.

[petouf]

Ahoj,
PC budu sledovat, snad je to lepší... Po dovolené ještě dám vědět.
c:\users\petra\AppData\Local\BITA64C.tmp jsem nikde nenašel - buď se přede mnou schovává, nebo není...
Ještě se optám, byl tam nějaký neřád, nebo to bylo jen normálně zasviněné?
Dík, přeji pěkný den!

[Roli]

No ten první tak zaneřáděný nebyl, ale tenhle ano.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
c:\users\petra\AppData\Local\BITA64C.tmp

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[petouf]

vše jsem udělal, tady je log:
dík...All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
c:\users\petra\AppData\Local\BITA64C.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: petra
->Temp folder emptied: 103621048 bytes
->Temporary Internet Files folder emptied: 2181212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98383885 bytes
->Google Chrome cache emptied: 352026820 bytes
->Flash cache emptied: 3499 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2914739 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 8570136 bytes

Total Files Cleaned = 541,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 05082014_150643

Files moved on Reboot...
C:\Users\petra\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\petra\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Roli]

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


No a jaký je stav PC ?

[petouf]

Dík, budu sledovat. Někdy, chci-li hledat na Google, mi vyskočí hláška (viz příloha) Čím by to mohlo být?

[Roli]

Pusť tam ještě Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !

[petouf]

Tady je log z MBAM. Tvrdí mě, že něco objevil...
Omlouvám se za zpoždění, stále někde lítám
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19.5.2014
Scan Time: 21:08:32
Logfile: MBAM_log.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.19.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: petra

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303011
Time Elapsed: 12 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 12
Adware.ISeekDeals, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D778FDC-FAD7-4B1D-AB88-7A76A562D65C}, , [43023f14e7948fa784066cc531d154ac],
Adware.ISeekDeals, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0D778FDC-FAD7-4B1D-AB88-7A76A562D65C}, , [43023f14e7948fa784066cc531d154ac],
Adware.ISeekDeals, HKU\S-1-5-21-3338490639-4165212360-2111865542-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0D778FDC-FAD7-4B1D-AB88-7A76A562D65C}, , [43023f14e7948fa784066cc531d154ac],
Adware.ISeekDeals, HKU\S-1-5-21-3338490639-4165212360-2111865542-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0D778FDC-FAD7-4B1D-AB88-7A76A562D65C}, , [43023f14e7948fa784066cc531d154ac],
PUP.Optional.WinZipTB.A, HKU\S-1-5-21-3338490639-4165212360-2111865542-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}, , [fa4b56fd2d4ec27461f7f53403ff6e92],
PUP.Optional.WinZipTB.A, HKU\S-1-5-21-3338490639-4165212360-2111865542-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}, , [fa4b56fd2d4ec27461f7f53403ff6e92],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, , [c77eba99d1aa2b0bbae22a92a55e32ce],
PUP.Optional.Kozaka.A, HKLM\SOFTWARE\WOW6432NODE\Kozaka, , [360f02514b307eb8b72a7f3f2cd7c23e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BONANZADEALS, , [f253d77cfa818babefacb10bd42f34cc],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, , [b3925af9abd057df1e7cbdff53b06898],
PUP.Optional.Kozaka.A, HKU\S-1-5-21-3338490639-4165212360-2111865542-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Kozaka, , [ae97c1928bf0c472a83a9c22b44fc33d],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3338490639-4165212360-2111865542-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BONANZADEALS, , [123364ef6417ef4781188933c34059a7],

Registry Values: 6
PUP.Optional.WinZipTB.A, HKU\S-1-5-21-3338490639-4165212360-2111865542-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}, Ä?AoAoP©pAYAË? AoKOA1N7, , [fa4b56fd2d4ec27461f7f53403ff6e92]
PUP.Optional.WinZipTB.A, HKU\S-1-5-21-3338490639-4165212360-2111865542-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}, , [fa4b56fd2d4ec27461f7f53403ff6e92],
PUP.Optional.WinZipTB.A, HKU\S-1-5-21-3338490639-4165212360-2111865542-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}, , [6cd9b89b96e561d54d0bef3a27db9f61],
PUP.Optional.WinZipTB.A, HKU\S-1-5-21-3338490639-4165212360-2111865542-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}, , [b98c440fa1da88ae79df17124bb731cf],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BONANZADEALS|ChromeCrxPath, C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx, , [f253d77cfa818babefacb10bd42f34cc]
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3338490639-4165212360-2111865542-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BONANZADEALS|ChromeCrxPath, C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx, , [123364ef6417ef4781188933c34059a7]

Registry Data: 0
(No malicious items detected)

Folders: 3
PUP.Optional.OpenCandy, C:\Users\petra\AppData\Roaming\OpenCandy, , [331287cc89f2b77fc7b1ee84b250f907],
PUP.Optional.OpenCandy, C:\Users\petra\AppData\Roaming\OpenCandy\77935F3EC74E466DB4EF7343737E19A5, , [331287cc89f2b77fc7b1ee84b250f907],
PUP.Optional.BonanzaDeals.A, C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj, , [73d2ed66205be551adc2fd76976bde22],

Files: 5
Adware.ISeekDeals, C:\Program Files\Instair\Instair.dll, , [43023f14e7948fa784066cc531d154ac],
PUP.Optional.Softonic.A, C:\Users\petra\Desktop\aaaSoftonicDownloader_for_ac3filter.exe, , [ee574112a7d41a1ccd10fd22679a1ce4],
PUP.Optional.Softonic.A, C:\Users\petra\AppData\Local\Temp\KMP_3.9.0.124.exe, , [5fe62a294338999d9d40d64920e10cf4],
PUP.Optional.Superfish.A, C:\Users\petra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [55f0bb982556fe3886dd5035f909946c],
PUP.Optional.OpenCandy, C:\Users\petra\AppData\Roaming\OpenCandy\77935F3EC74E466DB4EF7343737E19A5\PokkiInstaller.exe, , [331287cc89f2b77fc7b1ee84b250f907],

Physical Sectors: 0
(No malicious items detected)


(end)

[Roli]

Omlouvám se za zpoždění, stále někde lítám

V pohodě, času dost

Tady je log z MBAM. Tvrdí mě, že něco objevil...

Asi bych mu věřil, tak že vše co našel nech smazat a pak dej vědět jaký je stav PC.

[petouf]

Tak jsem to smáznul a uvidíme...
Jinak jsem se chtěl optat - používám free Avast proč ten nic nezachytil? Má smysl si koupit nějaké doplňky? Nebo se vyplatí koupit ten MBAB pro online ochranu?

Dík, přeji hezký den!

[Roli]

Jinak jsem se chtěl optat - používám free Avast proč ten nic nezachytil? Má smysl si koupit nějaké doplňky? Nebo se vyplatí koupit ten MBAB pro online ochranu?

Žádný antivir na světě nikdy nezachytí vše, dost často je totiž problém spíše mezi židlí a klávesnicí a Mbam se kupovat nemusí stačí občas sem z něj hodit log.

Tak jsem to smáznul a uvidíme...

Tak to ještě nějaký den pozoruj a pak dej vědět abych to tu zamknul když bude vše v pořádku.

[petouf]

Tak zdá se, že šlape, jen tam zase vyskočila ta Google hláška (viz nedávná příloha) Proč? Dík.

[Roli]

........., jen tam zase vyskočila ta Google hláška (viz nedávná příloha) Proč? Dík.

Děje se to i v jiném prohlížeči ?

[petouf]

Tak to dělá i Mozila. Ne furt, jen občas...
Teď se na týden odmlčím, jedu pryč, takže žádný spěch:)
Dík...