Reklamy v prohlížeči !

[toox]

Ahoj včera jsem instaloval z internetu doplněk do hry který obsahoval pěknou sračku která mi teď zasírá prohlížeč reklamou a bůh ví co ještě. Prosím koukněte mi na to kamarádi prosím



Logfile of random's system information tool 1.10 (written by random/random)
Run by Honza at 2014-06-28 20:40:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 413 GB (43%) free of 954 GB
Total RAM: 4087 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:40:57, on 28.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Honza\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Honza\AppData\Roaming\SkypEmoticons\SE.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Program Files\trend micro\Honza.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fastsearchings.info/?p ... Z&unqvl=56
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fastsearchings.info/?p ... Z&unqvl=56
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adblocker - {1F900F4D-3628-365B-7986-0B1C690E8B6C} - C:\Program Files (x86)\Adblocker\hz2mDF.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: save, on - {C1D4A373-E903-6905-E77C-656D1B1667C5} - C:\Program Files (x86)\save, on\9Px.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Honza\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
O4 - HKCU\..\Run: [SE] "C:\Users\Honza\AppData\Roaming\SkypEmoticons\SE.exe" /minimized
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\sw_boo~1\assist~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7237 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\rundll32.exe" "c:\progra~2\sw_boo~1\AssistantSvc.dll",service
"C:\Windows\system32\rundll32.exe" "c:\progra~2\sw_boo~1\AssistantSvc.dll",service
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-120508649118741483461751996160198231417-1879272183722304095505898532-317039901
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
WLIDSvcM.exe 2204
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-01a55613-360d-4f5d-993d-1d1bebc7e504 -SystemEventPortName:HostProcess-9fd7bad7-4174-4126-a4e9-09cbe5059dc7 -IoCancelEventPortName:HostProcess-7439563a-82c0-4549-8bd9-150c8fcf2aeb -NonStateChangingEventPortName:HostProcess-fee23e8b-7b00-41f0-820f-634c38335c39 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b10367d0-a3ff-4fb2-bf49-0a30f05dc5dc -DeviceGroupId:WpdFsGroup
"C:\Users\Honza\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Users\Honza\AppData\Roaming\SkypEmoticons\SE.exe" /minimized
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-af1a787b-1470-4a4a-bc42-bf3038191cc1 -SystemEventPortName:HostProcess-a5eba7da-0ada-416c-a227-abd32685cc73 -IoCancelEventPortName:HostProcess-4a1f9861-71e1-45ca-942c-e807a797a954 -NonStateChangingEventPortName:HostProcess-2e2e69fa-e820-4113-b1ff-6968e737ce45 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:57815430-90af-4901-8419-3b438ffb80d9 -DeviceGroupId:
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=2344.1f6ffab0.1030206779 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 2344 "\\.\pipe\gecko-crash-server-pipe.2344" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe" --proxy-stub-channel=Flash5092.660DA378.7778 --host-broker-channel=Flash5092.660DA378.17536 --host-pid=5092 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe" --channel=1452.0018F658.1870332648 --proxy-stub-channel=Flash5092.660DA378.7778 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll" --host-npapi-version=27 --type=renderer
C:\Windows\system32\wbem\wmiprvse.exe
taskmgr.exe /3
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Honza\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "keyword.URL" - "http://websearch.fastsearchings.info/?p ... =56&l=1&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.125 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk]
"Description"=Garena Talk Plugin
"Path"=C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.125 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\extensions\
staged
youtubemp3podcaster@jeremy.d.gregorio.com
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F900F4D-3628-365B-7986-0B1C690E8B6C}]
Adblocker - C:\Program Files (x86)\Adblocker\hz2mDF.x64.dll [2014-06-27 472064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ECB967F-347E-70F5-94A7-49F2B2EA5723}]
MySearch - C:\Program Files (x86)\MySearch\kKF8nIcq.x64.dll [2013-06-27 472064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1D4A373-E903-6905-E77C-656D1B1667C5}]
save, on - C:\Program Files (x86)\save, on\9Px.x64.dll [2014-06-27 472064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F900F4D-3628-365B-7986-0B1C690E8B6C}]
Adblocker - C:\Program Files (x86)\Adblocker\hz2mDF.dll [2013-06-27 423936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-09 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1D4A373-E903-6905-E77C-656D1B1667C5}]
save, on - C:\Program Files (x86)\save, on\9Px.dll [2014-06-27 423936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-09 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-03-26 10135584]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-05 2345848]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-02-05 1179576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"BitTorrent"=C:\Users\Honza\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-06-14 1241168]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2013-12-06 20203904]
"LiveSupport"=C:\Program Files (x86)\LiveSupport\LiveSupport.exe /noshow /log []
"SE"=C:\Users\Honza\AppData\Roaming\SkypEmoticons\SE.exe [2014-06-27 5679008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
C:\Program Files (x86)\Clownfish\Clownfish.exe [2014-06-09 1315072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-02-05 2234144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost]
regsvr32 /s C:\Temp:00716088.dat []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-01-19 43632]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-03-29 3854640]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"VIDC.FPS1"=frapsv64.dll
"msacm.ac3filter"=ac3filter64.acm
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-06-28 20:33:54 ----D---- C:\rsit
2014-06-28 09:10:26 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-06-27 16:30:56 ----A---- C:\Users\Honza\AppData\Roaming\LiveSupport.exe_log.txt
2014-06-27 16:30:55 ----A---- C:\Users\Honza\AppData\Roaming\regsvr32.exe_log.txt
2014-06-27 16:30:53 ----D---- C:\Users\Honza\AppData\Roaming\SkypEmoticons
2014-06-27 16:30:51 ----D---- C:\ProgramData\MySearch
2014-06-27 16:30:51 ----D---- C:\Program Files (x86)\MySearch
2014-06-27 16:30:25 ----D---- C:\ProgramData\BlueOcean
2014-06-27 16:30:20 ----D---- C:\Program Files (x86)\SW_Booster
2014-06-27 16:30:09 ----D---- C:\ProgramData\Adblocker
2014-06-27 16:30:08 ----D---- C:\Program Files (x86)\Adblocker
2014-06-27 16:30:03 ----D---- C:\ProgramData\save, on
2014-06-27 16:30:02 ----D---- C:\Program Files (x86)\save, on
2014-06-27 16:29:57 ----D---- C:\ProgramData\8374544e840944ad
2014-06-27 16:29:34 ----D---- C:\ProgramData\InstallMate
2014-06-25 10:56:19 ----D---- C:\Users\Honza\AppData\Roaming\ZJMedia
2014-06-25 10:56:14 ----D---- C:\Program Files (x86)\Kingo Android ROOT
2014-06-25 08:54:51 ----D---- C:\Program Files\DIFX
2014-06-25 08:54:24 ----A---- C:\Windows\system32\drivers\innosusbser.sys
2014-06-25 08:54:24 ----A---- C:\Windows\system32\drivers\innosusbnet.sys
2014-06-25 08:54:23 ----D---- C:\Program Files (x86)\android_driver_install
2014-06-21 17:51:19 ----D---- C:\Users\Honza\AppData\Roaming\.minecraft
2014-06-20 15:52:38 ----D---- C:\Program Files (x86)\Clownfish
2014-06-14 11:51:42 ----A---- C:\Windows\system32\sports-bvb-bastian-schweinsteiger-bayern-munchen-champions-league-cristiano-ronaldo-fc-barcelona-lionel-messi-robert-lewandowski-uefa-wembley-munich-borussia-dortmund-soccer-best-widescreen-2002039.lnk
2014-06-12 17:17:22 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-06-10 16:10:47 ----D---- C:\Windows\SYSWOW64\xlive
2014-06-10 16:10:42 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-06-10 15:30:31 ----D---- C:\Program Files (x86)\WB Games

======List of files/folders modified in the last 1 month======

2014-06-28 20:40:56 ----D---- C:\Program Files\trend micro
2014-06-28 20:39:58 ----D---- C:\Users\Honza\AppData\Roaming\BitTorrent
2014-06-28 20:24:39 ----D---- C:\Windows\System32
2014-06-28 20:24:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-28 09:11:33 ----D---- C:\Windows\Tasks
2014-06-28 09:11:33 ----D---- C:\Windows\system32\Tasks
2014-06-28 09:10:41 ----D---- C:\Windows
2014-06-27 20:55:21 ----D---- C:\Users\Honza\AppData\Roaming\Skype
2014-06-27 20:15:25 ----D---- C:\Windows\Temp
2014-06-27 16:46:08 ----D---- C:\Users\Honza\AppData\Roaming\Winamp
2014-06-27 16:46:07 ----D---- C:\Windows\inf
2014-06-27 16:32:18 ----RD---- C:\Program Files (x86)
2014-06-27 16:30:51 ----D---- C:\ProgramData
2014-06-27 16:30:03 ----D---- C:\Windows\Prefetch
2014-06-27 16:29:57 ----HD---- C:\Windows\system32\GroupPolicy
2014-06-27 16:29:57 ----D---- C:\Windows\SYSWOW64\GroupPolicy
2014-06-27 16:29:56 ----RD---- C:\Users
2014-06-27 16:29:56 ----D---- C:\Program Files (x86)\Google
2014-06-27 16:16:08 ----D---- C:\Windows\system32\NDF
2014-06-27 09:23:51 ----D---- C:\Program Files (x86)\Fifa 14 CZ v1.4.0.0 - Reapck by Danik1B9
2014-06-25 22:16:14 ----D---- C:\Windows\system32\catroot
2014-06-25 18:53:57 ----D---- C:\Windows\system32\config
2014-06-25 11:30:14 ----SHD---- C:\System Volume Information
2014-06-25 11:30:12 ----D---- C:\Windows\system32\catroot2
2014-06-25 08:54:51 ----RD---- C:\Program Files
2014-06-25 08:54:46 ----D---- C:\Windows\system32\drivers
2014-06-25 08:54:31 ----D---- C:\Windows\system32\DriverStore
2014-06-17 21:09:33 ----D---- C:\Program Files (x86)\Ubisoft
2014-06-17 20:39:12 ----D---- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
2014-06-17 20:39:05 ----D---- C:\Windows\Logs
2014-06-17 20:38:36 ----D---- C:\ProgramData\Ubisoft
2014-06-17 20:37:51 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-06-16 21:23:54 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-06-13 19:11:16 ----RSD---- C:\Windows\Fonts
2014-06-13 18:28:46 ----D---- C:\Users\Honza\AppData\Roaming\Adobe
2014-06-13 10:09:48 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-10 16:21:00 ----D---- C:\Windows\winsxs
2014-06-10 16:11:19 ----SHD---- C:\Windows\Installer
2014-06-10 16:11:19 ----D---- C:\Config.Msi
2014-06-10 16:10:48 ----D---- C:\Windows\SysWOW64
2014-06-10 16:10:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-06-10 16:10:01 ----SD---- C:\ProgramData\Microsoft
2014-05-29 00:10:54 ----AD---- C:\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-03-29 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-03-29 208928]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2010-01-27 115312]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-03-29 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-03-29 1039096]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-03-29 423240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-27 283200]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-03-29 79184]
R3 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-03-29 84816]
R3 CompFilter64;UVCCompositeFilter; C:\Windows\system32\DRIVERS\lvbflt64.sys [2012-09-21 24608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-26 2307616]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
R3 LVUVC64;Logitech HD Webcam C510(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-27 39200]
R3 qcusbnet;Qualcomm USB-NDIS miniport; C:\Windows\system32\DRIVERS\innosusbnet.sys [2012-10-26 510976]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\innosusbser.sys [2012-10-26 369792]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2011-02-17 14464]
R3 WinUsb;YunOS USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-04 103448]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 203544]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 19968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 3e9deaca;SW_Sustainer; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-03-29 50344]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 16941856]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-04-10 76888]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-16 262320]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-12 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-27 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vyosek]

Zdravim

Heeeezka sbirecka

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[toox]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Honza on so 28.06.2014 at 20:59:00,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\livesupport_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\livesupport_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optprostart_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c670dcae-e392-aa32-6f42-143c7fc4bdfd}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\mysearch"



~~~ FireFox

Successfully deleted the following from C:\Users\Honza\AppData\Roaming\mozilla\firefox\profiles\c7qdeahl.default-1390425784843\prefs.js

user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "hxxp://websearch.fastsearchings.info/?pid=1539&r=2014/06/27&hid=12227564383152312586&lg=EN&cc=CZ&unqvl=56&l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.GIz6VvKz9H.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\"
user_pref("extensions.J4IZaR6I.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>
user_pref("extensions.J4IZaR6I.url", "hxxp://syncer-jpi.info/sync2/?q=hfZ9ofV9CShEAen0rjkHpihTB6lKDzt4okqAtNtVh7n0rjnEqTs6rjnHrdwFtMFHhd9Fqda7rTYFqHk8rTwMDMlGojUMAe4Uojk7rTnGr
user_pref("extensions.Zoa.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||u
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.testingGaq.value", "%22hxxps%3A//extclickmedia-maynemyltf.netdna-s
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.name", "Torntv V9.0");
user_pref("keyword.URL", "hxxp://websearch.fastsearchings.info/?pid=1539&r=2014/06/27&hid=12227564383152312586&lg=EN&cc=CZ&unqvl=56&l=1&q=");
Emptied folder: C:\Users\Honza\AppData\Roaming\mozilla\firefox\profiles\c7qdeahl.default-1390425784843\minidumps [109 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 28.06.2014 at 21:06:08,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.06.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Honza :: HONZA-PC [administrátor]

28.6.2014 20:50:55
mbam-log-2014-06-28 (20-50-55).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 280110
Uplynulý čas: 4 minut, 28 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 12
HKCR\CLSID\{1F900F4D-3628-365B-7986-0B1C690E8B6C} (PUP.Optional.MultiPlug.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F900F4D-3628-365B-7986-0B1C690E8B6C} (PUP.Optional.MultiPlug.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F900F4D-3628-365B-7986-0B1C690E8B6C} (PUP.Optional.MultiPlug.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\CLSID\{C1D4A373-E903-6905-E77C-656D1B1667C5} (PUP.Optional.MultiPlug.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1D4A373-E903-6905-E77C-656D1B1667C5} (PUP.Optional.MultiPlug.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C1D4A373-E903-6905-E77C-656D1B1667C5} (PUP.Optional.MultiPlug.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Optional.MySearch.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Optional.MySearch.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\CLSID\{4ECB967F-347E-70F5-94A7-49F2B2EA5723} (PUP.Optional.MySearch.A) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4ECB967F-347E-70F5-94A7-49F2B2EA5723} (PUP.Optional.MySearch.A) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.WebSearchInfo) -> Data: {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LiveSupport (PUP.Optional.LiveSupport) -> Data: "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log -> Přesun do karantény a smazání se zdařilo.

Nalezené datové položky v registru: 3
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (Trojan.SProtector) -> Špatný: (c:\progra~2\sw_boo~1\assist~1.dll) Dobrý: () -> Přesun do karantény a opravení se zdařilo.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Špatný: (http://websearch.fastsearchings.info/?p ... Z&unqvl=56) Dobrý: (http://www.google.com) -> Přesun do karantény a opravení se zdařilo.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Špatný: (http://websearch.fastsearchings.info/?p ... Z&unqvl=56) Dobrý: (http://www.google.com) -> Přesun do karantény a opravení se zdařilo.

Nalezené složky: 2
C:\Program Files (x86)\Adblocker (PUP.Optional.AdBlocker.A) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\MySearch (PUP.Optional.MySearch.A) -> Přesun do karantény a smazání se zdařilo.

Nalezené soubory: 11
C:\Program Files (x86)\SW_Booster\Assistant.dll (Trojan.SProtector) -> Bude smazán při restartu.
C:\Program Files (x86)\SW_Booster\AssistantSvc.dll (Trojan.SProtector) -> Bude smazán při restartu.
C:\Program Files (x86)\Adblocker\hz2mDF.dll (PUP.Optional.MultiPlug.A) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\save, on\9Px.dll (PUP.Optional.MultiPlug.A) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\Adblocker\hz2mDF.tlb (PUP.Optional.AdBlocker.A) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\Adblocker\hz2mDF.dat (PUP.Optional.AdBlocker.A) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\Adblocker\hz2mDF.x64.dll (PUP.Optional.AdBlocker.A) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\MySearch\kKF8nIcq.tlb (PUP.Optional.MySearch.A) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\MySearch\kKF8nIcq.dat (PUP.Optional.MySearch.A) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\MySearch\kKF8nIcq.dll (PUP.Optional.MySearch.A) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files (x86)\MySearch\kKF8nIcq.x64.dll (PUP.Optional.MySearch.A) -> Přesun do karantény a smazání se zdařilo.

(konec)

další log tu hodím až dojdu z rande

[vyosek]

Ou Kej, meze jsou jiz teple, tak uzivejte

[toox]

hotovo!

# AdwCleaner v3.213 - Report created 29/06/2014 at 13:20:30
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Honza - HONZA-PC
# Running from : C:\Users\Honza\Downloads\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Adblocker
Folder Deleted : C:\ProgramData\save, on
Folder Deleted : C:\Program Files (x86)\WebSpades
Folder Deleted : C:\Program Files (x86)\save, on
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Honza\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Honza\AppData\Local\torch
Folder Deleted : C:\Users\Honza\AppData\Roaming\SkypEmoticons
File Deleted : C:\Windows\System32\drivers\wStLibG64.sys
File Deleted : C:\Users\Honza\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\Honza\AppData\Roaming\regsvr32.exe_log.txt

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [se]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1740208086
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{3e9deaca}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16483


-\\ Mozilla Firefox v30.0 (cs)

[ File : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\prefs.js ]

Line Deleted : user_pref("extensions.GIz6VvKz9H.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumor[...]
Line Deleted : user_pref("extensions.J4IZaR6I.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.Zoa.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]

-\\ Google Chrome v

*************************

AdwCleaner[R3].txt - [3923 octets] - [29/06/2014 13:17:01]
AdwCleaner[S2].txt - [3765 octets] - [29/06/2014 13:20:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3825 octets] ##########


Chtěl bych se ještě zeptat na ten poslední spuštěný program nejsem si totiž jistý co to je tak jsem to vypl, udělal jsem správně?

[vyosek]

Je to bordel (vir), takze jej odstranime z PC uplne

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[toox]

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/29/2014 06:02:34 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 06/29/2014 06:03:42 PM
Execution time: 0 hours(s), 1 minute(s), and 7 seconds(s)


ComboFix 14-06-27.01 - Honza 29.06.2014 18:08:39.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2691 [GMT 2:00]
Spuštěný z: c:\users\Honza\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Honza\AppData\Local\Temp\_MEI19842\_ctypes.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\_elementtree.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\_hashlib.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\_multiprocessing.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\_socket.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\_ssl.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\pyexpat.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\pysqlite2._sqlite.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\python27.dll
c:\users\Honza\AppData\Local\Temp\_MEI19842\pythoncom27.dll
c:\users\Honza\AppData\Local\Temp\_MEI19842\PyWinTypes27.dll
c:\users\Honza\AppData\Local\Temp\_MEI19842\select.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\unicodedata.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32api.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32com.shell.shell.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32crypt.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32event.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32file.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32inet.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32pdh.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32pipe.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32process.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32profile.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32security.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\win32ts.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\windows._lib_cacheinvalidation.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\wx._controls_.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\wx._core_.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\wx._gdi_.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\wx._html2.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\wx._misc_.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\wx._windows_.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\wx._wizard.pyd
c:\users\Honza\AppData\Local\Temp\_MEI19842\wxbase294u_net_vc90.dll
c:\users\Honza\AppData\Local\Temp\_MEI19842\wxbase294u_vc90.dll
c:\users\Honza\AppData\Local\Temp\_MEI19842\wxmsw294u_adv_vc90.dll
c:\users\Honza\AppData\Local\Temp\_MEI19842\wxmsw294u_core_vc90.dll
c:\users\Honza\AppData\Local\Temp\_MEI19842\wxmsw294u_html_vc90.dll
c:\users\Honza\AppData\Local\Temp\_MEI19842\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-28 do 2014-06-29 )))))))))))))))))))))))))))))))
.
.
2014-06-29 16:14 . 2014-06-29 16:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-06-29 16:14 . 2014-06-29 16:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-29 16:14 . 2014-06-29 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-29 11:32 . 2014-06-29 12:02 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-29 11:32 . 2014-06-29 11:32 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-29 11:32 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-29 11:17 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-06-29 11:16 . 2014-06-29 11:20 -------- d-----w- C:\AdwCleaner
2014-06-28 18:58 . 2014-06-28 18:58 -------- d-----w- c:\windows\ERUNT
2014-06-28 18:33 . 2014-06-28 18:33 -------- d-----w- C:\rsit
2014-06-27 14:30 . 2014-06-27 14:30 -------- d-----w- c:\programdata\BlueOcean
2014-06-27 14:30 . 2014-06-28 21:02 -------- d-----w- c:\program files (x86)\SW_Booster
2014-06-27 14:30 . 2014-06-27 14:30 -------- d-----w- c:\users\Honza\AppData\Local\Packages
2014-06-27 14:29 . 2014-06-27 14:30 -------- d-----w- c:\programdata\8374544e840944ad
2014-06-27 14:29 . 2014-06-27 14:29 -------- d-----w- c:\users\Honza\AppData\Local\Comodo
2014-06-27 14:29 . 2014-06-27 14:29 -------- d-----w- c:\users\Guest
2014-06-27 14:29 . 2014-06-27 14:29 -------- d-----w- c:\users\Administrator
2014-06-27 14:29 . 2014-06-27 14:30 -------- d-----w- c:\programdata\InstallMate
2014-06-25 15:46 . 2014-06-25 15:46 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-25 08:56 . 2014-06-25 08:56 -------- d-----w- c:\users\Honza\AppData\Roaming\ZJMedia
2014-06-25 08:56 . 2014-06-25 08:56 -------- d-----w- c:\users\Honza\AppData\Local\ZJMedia
2014-06-25 08:56 . 2014-06-27 14:46 -------- d-----w- c:\program files (x86)\Kingo Android ROOT
2014-06-25 06:54 . 2014-06-25 06:54 -------- d-----w- c:\program files\DIFX
2014-06-25 06:54 . 2012-10-26 14:32 510976 ----a-w- c:\windows\system32\drivers\innosusbnet.sys
2014-06-25 06:54 . 2012-10-26 14:32 369792 ----a-w- c:\windows\system32\drivers\innosusbser.sys
2014-06-25 06:54 . 2014-06-25 06:54 -------- d-----w- c:\program files (x86)\android_driver_install
2014-06-21 15:51 . 2014-06-21 15:58 -------- d-----w- c:\users\Honza\AppData\Roaming\.minecraft
2014-06-20 13:52 . 2014-06-20 13:52 -------- d-----w- c:\program files (x86)\Clownfish
2014-06-18 08:15 . 2014-06-19 20:54 -------- d-----w- c:\users\Honza\AppData\Local\Adobe
2014-06-10 14:10 . 2014-06-10 14:10 -------- d-----w- c:\windows\SysWow64\xlive
2014-06-10 14:10 . 2014-06-10 14:10 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-06-10 13:30 . 2014-06-10 13:30 -------- d-----w- c:\program files (x86)\WB Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-16 19:23 . 2013-07-22 09:19 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-16 19:23 . 2013-07-22 09:19 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-12 05:26 . 2014-05-03 14:06 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2012-12-27 19:16 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-17 03:31 . 2014-05-03 13:20 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6968FADA-D009-4601-AA8C-0BE3095CEFA8}\mpengine.dll
2014-04-10 13:01 . 2012-12-27 22:23 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-10 13:01 . 2013-01-12 18:59 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-10 13:01 . 2012-12-27 22:23 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BitTorrent"="c:\users\Honza\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-06-14 1241168]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-12-06 20203904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-29 3854640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 3e9deaca;SW_Sustainer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 qcusbnet;Qualcomm USB-NDIS miniport;c:\windows\system32\DRIVERS\innosusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\innosusbnet.sys [x]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\innosusbser.sys;c:\windows\SYSNATIVE\DRIVERS\innosusbser.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 19:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-29 19:08 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 62.129.50.20
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 217.160.22.24
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{1F900F4D-3628-365B-7986-0B1C690E8B6C} - (no file)
BHO-{4ECB967F-347E-70F5-94A7-49F2B2EA5723} - (no file)
BHO-{C1D4A373-E903-6905-E77C-656D1B1667C5} - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Celkový čas: 2014-06-29 18:19:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-29 16:19
.
Před spuštěním: Volných bajtů: 431 266 082 816
Po spuštění: Volných bajtů: 430 957 285 376
.
- - End Of File - - 79594DD8BCD6905DD033471DC63893F1
A36C5E4F47E84449FF07ED3517B43A31

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Driver::
  3e9deaca
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  
  Firefox::
  FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\
  FF - prefs.js: browser.startup.homepage - about:home
  FF - prefs.js: network.proxy.http - 217.160.22.24
  FF - prefs.js: network.proxy.http_port - 80
  FF - prefs.js: network.proxy.type - 0
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
  
  Registry::
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[toox]

Tak jak to zatím vypadá? Už se dočišťuje?

ComboFix 14-06-27.01 - Honza 30.06.2014 8:04.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2690 [GMT 2:00]
Spuštěný z: c:\users\Honza\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Honza\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Honza\AppData\Local\Temp\_MEI20682\_ctypes.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\_elementtree.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\_hashlib.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\_multiprocessing.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\_socket.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\_ssl.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\pyexpat.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\pysqlite2._sqlite.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\python27.dll
c:\users\Honza\AppData\Local\Temp\_MEI20682\pythoncom27.dll
c:\users\Honza\AppData\Local\Temp\_MEI20682\PyWinTypes27.dll
c:\users\Honza\AppData\Local\Temp\_MEI20682\select.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\unicodedata.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32api.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32com.shell.shell.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32crypt.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32event.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32file.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32inet.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32pdh.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32pipe.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32process.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32profile.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32security.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\win32ts.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\windows._lib_cacheinvalidation.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\wx._controls_.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\wx._core_.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\wx._gdi_.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\wx._html2.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\wx._misc_.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\wx._windows_.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\wx._wizard.pyd
c:\users\Honza\AppData\Local\Temp\_MEI20682\wxbase294u_net_vc90.dll
c:\users\Honza\AppData\Local\Temp\_MEI20682\wxbase294u_vc90.dll
c:\users\Honza\AppData\Local\Temp\_MEI20682\wxmsw294u_adv_vc90.dll
c:\users\Honza\AppData\Local\Temp\_MEI20682\wxmsw294u_core_vc90.dll
c:\users\Honza\AppData\Local\Temp\_MEI20682\wxmsw294u_html_vc90.dll
c:\users\Honza\AppData\Local\Temp\_MEI20682\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_3e9deaca
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-28 do 2014-06-30 )))))))))))))))))))))))))))))))
.
.
2014-06-30 06:10 . 2014-06-30 06:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-06-30 06:10 . 2014-06-30 06:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-30 06:10 . 2014-06-30 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-29 11:32 . 2014-06-29 12:02 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-29 11:32 . 2014-06-29 11:32 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-29 11:32 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-29 11:17 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-06-29 11:16 . 2014-06-29 11:20 -------- d-----w- C:\AdwCleaner
2014-06-28 18:58 . 2014-06-28 18:58 -------- d-----w- c:\windows\ERUNT
2014-06-28 18:33 . 2014-06-28 18:33 -------- d-----w- C:\rsit
2014-06-27 14:30 . 2014-06-27 14:30 -------- d-----w- c:\programdata\BlueOcean
2014-06-27 14:30 . 2014-06-28 21:02 -------- d-----w- c:\program files (x86)\SW_Booster
2014-06-27 14:30 . 2014-06-27 14:30 -------- d-----w- c:\users\Honza\AppData\Local\Packages
2014-06-27 14:29 . 2014-06-27 14:30 -------- d-----w- c:\programdata\8374544e840944ad
2014-06-27 14:29 . 2014-06-27 14:29 -------- d-----w- c:\users\Honza\AppData\Local\Comodo
2014-06-27 14:29 . 2014-06-27 14:29 -------- d-----w- c:\users\Guest
2014-06-27 14:29 . 2014-06-27 14:29 -------- d-----w- c:\users\Administrator
2014-06-27 14:29 . 2014-06-27 14:30 -------- d-----w- c:\programdata\InstallMate
2014-06-25 15:46 . 2014-06-25 15:46 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-25 08:56 . 2014-06-25 08:56 -------- d-----w- c:\users\Honza\AppData\Roaming\ZJMedia
2014-06-25 08:56 . 2014-06-25 08:56 -------- d-----w- c:\users\Honza\AppData\Local\ZJMedia
2014-06-25 08:56 . 2014-06-27 14:46 -------- d-----w- c:\program files (x86)\Kingo Android ROOT
2014-06-25 06:54 . 2014-06-25 06:54 -------- d-----w- c:\program files\DIFX
2014-06-25 06:54 . 2012-10-26 14:32 510976 ----a-w- c:\windows\system32\drivers\innosusbnet.sys
2014-06-25 06:54 . 2012-10-26 14:32 369792 ----a-w- c:\windows\system32\drivers\innosusbser.sys
2014-06-25 06:54 . 2014-06-25 06:54 -------- d-----w- c:\program files (x86)\android_driver_install
2014-06-21 15:51 . 2014-06-21 15:58 -------- d-----w- c:\users\Honza\AppData\Roaming\.minecraft
2014-06-20 13:52 . 2014-06-20 13:52 -------- d-----w- c:\program files (x86)\Clownfish
2014-06-18 08:15 . 2014-06-19 20:54 -------- d-----w- c:\users\Honza\AppData\Local\Adobe
2014-06-10 14:10 . 2014-06-10 14:10 -------- d-----w- c:\windows\SysWow64\xlive
2014-06-10 14:10 . 2014-06-10 14:10 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-06-10 13:30 . 2014-06-10 13:30 -------- d-----w- c:\program files (x86)\WB Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-16 19:23 . 2013-07-22 09:19 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-16 19:23 . 2013-07-22 09:19 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-12 05:26 . 2014-05-03 14:06 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2012-12-27 19:16 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-17 03:31 . 2014-05-03 13:20 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6968FADA-D009-4601-AA8C-0BE3095CEFA8}\mpengine.dll
2014-04-10 13:01 . 2012-12-27 22:23 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-10 13:01 . 2013-01-12 18:59 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-10 13:01 . 2012-12-27 22:23 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BitTorrent"="c:\users\Honza\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-06-14 1241168]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-12-06 20203904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-29 3854640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 qcusbnet;Qualcomm USB-NDIS miniport;c:\windows\system32\DRIVERS\innosusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\innosusbnet.sys [x]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\innosusbser.sys;c:\windows\SYSNATIVE\DRIVERS\innosusbser.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 19:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-29 19:08 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 62.129.50.20
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{1F900F4D-3628-365B-7986-0B1C690E8B6C} - (no file)
BHO-{4ECB967F-347E-70F5-94A7-49F2B2EA5723} - (no file)
BHO-{C1D4A373-E903-6905-E77C-656D1B1667C5} - (no file)
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Celkový čas: 2014-06-30 08:15:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-30 06:15
ComboFix2.txt 2014-06-29 16:19
.
Před spuštěním: Volných bajtů: 430 721 302 528
Po spuštění: Volných bajtů: 430 372 777 984
.
- - End Of File - - 3283EC5F2322608E2C02533AA90886C6
A36C5E4F47E84449FF07ED3517B43A31

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[toox]

HOTOVO děkuji moc!

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat