Preventivka mojeho PC

[toox]

Dobry den chtěl bych zkontrolovat LOG meho pc.. nemám žádné problémy


Logfile of random's system information tool 1.09 (written by random/random)
Run by Honza at 2014-05-02 13:47:42
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 479 GB (50%) free of 954 GB
Total RAM: 4087 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:47:44, on 2.5.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Honza.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_s ... 3&tsp=5218
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 109.234.194.242:3128
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: CrossriderApp0051390 - {11111111-1111-1111-1111-110511131190} - C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [mncgllsxSrv] C:\Windows\system32\mncgllsx.vbe
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mnccrssrSrv] C:\Windows\system32\mnccrssr.vbe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent.exe" /MINIMIZED
O4 - Startup: BitTorrent.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6717 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "1112450990-121665769-1266973906-641779364-992472049-4881929601959540333855824979
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
taskeng.exe {19CE0598-CA63-4AD2-A372-9F0522147C23}
"C:\Program Files (x86)\Garena Plus\ggdllhost.exe" "C:\Program Files (x86)\Garena Plus\ggspawn.dll",rundll_entry
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent.exe" /MINIMIZED
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-60f141cb-d3ff-4aea-931f-c30c002cb5b8 -SystemEventPortName:HostProcess-27175521-ce52-411a-baba-0e36b1d15e21 -IoCancelEventPortName:HostProcess-c3ceee82-b4fb-41c9-b418-e62cfe9a84f2 -NonStateChangingEventPortName:HostProcess-39a33a3c-6174-4f00-8637-15653577d385 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:f51bbe11-5886-46b9-b332-d4ac2f58690f -DeviceGroupId:WpdFsGroup
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Honza\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.job
C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk]
"Description"=Garena Talk Plugin
"Path"=C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled


C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\extensions\
5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com
youtubemp3podcaster@jeremy.d.gregorio.com
{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\searchplugins\
buenosearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}]
Torntv V9.0 - C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll [2014-04-15 702464]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190}]
Torntv V9.0 - C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll [2014-04-15 524288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-09 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-09 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-03-26 10135584]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-11-05 2345848]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-02-05 1179576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"BitTorrent"=C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent.exe [2014-02-08 900696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Honza\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-24 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq]
C:\Users\Honza\AppData\Roaming\ICQM\icq.exe -CU []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-02-05 2234144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10 20924064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2010-01-19 43632]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-03-29 3854640]
"mncgllsxSrv"=C:\Windows\system32\mncgllsx.vbe []
"MSStp"=C:\Windows\inf\msstp.vbe [2014-03-05 1584]
"mnccrssrSrv"=C:\Windows\system32\mnccrssr.vbe []

C:\Users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
BitTorrent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"VIDC.FPS1"=frapsv64.dll
"msacm.ac3filter"=ac3filter64.acm
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-05-02 13:42:49 ----D---- C:\rsit
2014-04-25 09:36:58 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-04-24 11:23:17 ----D---- C:\Users\Honza\AppData\Roaming\.minecraft
2014-04-23 16:16:41 ----AS---- C:\Windows\SYSWOW64\lcpmnccrssr.exe
2014-04-23 16:16:41 ----AS---- C:\Windows\SYSWOW64\dcgmnccrssr.exe
2014-04-23 16:16:40 ----D---- C:\Program Files (x86)\Minecraft free launcher
2014-04-23 16:16:40 ----AS---- C:\Windows\SYSWOW64\acumnccrssr.exe
2014-04-23 16:15:10 ----AS---- C:\Windows\SYSWOW64\lcpmncgllsx.exe
2014-04-23 16:15:10 ----AS---- C:\Windows\SYSWOW64\dcgmncgllsx.exe
2014-04-23 16:15:09 ----D---- C:\Windows\SYSWOW64\bitstreams
2014-04-23 16:15:09 ----AS---- C:\Windows\SYSWOW64\zlib1.dll
2014-04-23 16:15:09 ----AS---- C:\Windows\SYSWOW64\ssleay32.dll
2014-04-23 16:15:09 ----AS---- C:\Windows\SYSWOW64\pthreadVC2.dll
2014-04-23 16:15:09 ----AS---- C:\Windows\SYSWOW64\pthreadGC2.dll
2014-04-23 16:15:09 ----AS---- C:\Windows\SYSWOW64\libssh2.dll
2014-04-23 16:15:09 ----AS---- C:\Windows\SYSWOW64\librtmp.dll
2014-04-23 16:15:09 ----AS---- C:\Windows\SYSWOW64\libidn-11.dll
2014-04-23 16:15:09 ----AS---- C:\Windows\SYSWOW64\libeay32.dll
2014-04-23 16:15:09 ----AS---- C:\Windows\SYSWOW64\acumncgllsx.exe
2014-04-23 16:15:08 ----AS---- C:\Windows\SYSWOW64\libcurl-4.dll
2014-04-23 16:15:08 ----AS---- C:\Windows\SYSWOW64\cudart32_50_35.dll
2014-04-15 20:12:31 ----A---- C:\Windows\system32\drivers\wStLibG64.sys
2014-04-15 18:55:51 ----D---- C:\Program Files (x86)\WebSpades
2014-04-15 18:55:08 ----D---- C:\Program Files (x86)\Torntv V9.0
2014-04-15 18:43:06 ----D---- C:\Users\Honza\AppData\Roaming\Copernic
2014-04-15 18:43:06 ----D---- C:\ProgramData\Copernic
2014-04-11 21:19:59 ----D---- C:\Program Files (x86)\ASIO4ALL v2
2014-04-11 21:19:50 ----D---- C:\Program Files (x86)\VstPlugins
2014-04-11 21:19:50 ----A---- C:\Windows\SYSWOW64\rewire.dll
2014-04-11 21:19:32 ----D---- C:\Users\Honza\AppData\Roaming\Image-Line
2014-04-11 21:19:30 ----D---- C:\Program Files\Image-Line
2014-04-11 21:19:15 ----D---- C:\Users\Honza\AppData\Roaming\FlowStone
2014-04-11 21:19:14 ----D---- C:\Program Files (x86)\DSPRobotics
2014-04-11 21:16:02 ----D---- C:\Program Files (x86)\Image-Line
2014-04-03 13:22:09 ----D---- C:\Casino

======List of files/folders modified in the last 1 month======

2014-05-02 13:47:43 ----D---- C:\Windows\Temp
2014-05-02 13:47:43 ----D---- C:\Program Files\trend micro
2014-05-02 13:47:39 ----D---- C:\Windows\Prefetch
2014-05-02 13:45:06 ----D---- C:\Users\Honza\AppData\Roaming\BitTorrent
2014-05-02 13:40:08 ----D---- C:\Users\Honza\AppData\Roaming\Skype
2014-05-02 10:10:04 ----D---- C:\Windows\System32
2014-05-02 10:10:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-05-02 10:06:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-05-02 10:05:44 ----D---- C:\Windows\system32\Tasks
2014-04-29 12:55:08 ----D---- C:\Windows\Tasks
2014-04-28 20:28:19 ----D---- C:\Users\Honza\AppData\Roaming\Winamp
2014-04-26 16:29:32 ----D---- C:\Windows\inf
2014-04-26 10:23:47 ----D---- C:\Windows\system32\config
2014-04-25 09:37:17 ----D---- C:\Windows
2014-04-24 19:21:01 ----SHD---- C:\Windows\Installer
2014-04-24 19:21:01 ----SHD---- C:\Config.Msi
2014-04-24 19:20:43 ----SHD---- C:\System Volume Information
2014-04-24 19:19:17 ----RD---- C:\Program Files (x86)
2014-04-24 08:43:23 ----D---- C:\Windows\SysWOW64
2014-04-23 19:41:40 ----D---- C:\TEMP
2014-04-17 11:59:54 ----D---- C:\Windows\winsxs
2014-04-16 10:20:05 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-04-15 20:12:31 ----D---- C:\Windows\system32\drivers
2014-04-15 18:43:06 ----HD---- C:\ProgramData
2014-04-15 18:37:44 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-04-14 23:25:30 ----D---- C:\Users\Honza\AppData\Roaming\DAEMON Tools Lite
2014-04-14 23:25:29 ----D---- C:\Windows\Logs
2014-04-11 21:19:30 ----RD---- C:\Program Files
2014-04-11 14:01:59 ----D---- C:\Program Files (x86)\Activision
2014-04-11 11:31:42 ----D---- C:\Windows\system32\catroot2
2014-04-10 15:01:50 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2014-04-10 15:01:42 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2014-04-10 14:41:48 ----D---- C:\Users\Honza\AppData\Roaming\GarenaPlus
2014-04-10 14:41:48 ----D---- C:\ProgramData\GarenaMessenger
2014-04-10 14:41:34 ----D---- C:\Program Files (x86)\Garena Plus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-03-29 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-03-29 208928]
R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2010-01-27 115312]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-03-29 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-03-29 1039096]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-03-29 423240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-12-27 283200]
R1 wStLibG64;wStLibG64; C:\Windows\system32\drivers\wStLibG64.sys [2014-04-15 61112]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-03-29 79184]
R3 CompFilter64;UVCCompositeFilter; C:\Windows\system32\DRIVERS\lvbflt64.sys [2012-09-21 24608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-03-26 2307616]
R3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-09-21 351520]
R3 LVUVC64;Logitech HD Webcam C510(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-09-21 4763680]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2013-12-27 39200]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]
S2 NEWDRIVER;NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys []
S3 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-03-29 84816]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-06-04 103448]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 203544]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Users\Honza\Downloads\TuneUpPortable1\APP\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2013-02-12 19968]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2011-02-17 14464]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-03-29 50344]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 16941856]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-04-10 76888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-02 257712]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-20 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-27 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[Márty84]

Zdravim

Mate zavirovano


Udelejte !!!kompletni!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[toox]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.05.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Honza :: HONZA-PC [administrátor]

2.5.2014 13:59:32
MBAM-log-2014-05-02 (15-11-20).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 451489
Uplynulý čas: 1 hodin, 10 minut, 40 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 18
HKCR\CLSID\{11111111-1111-1111-1111-110511131190} (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{44444444-4444-4444-4444-440544134490} (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{55555555-5555-5555-5555-550555135590} (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0051390.BHO.1 (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131190} (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511131190} (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511131190} (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0051390.BHO (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0051390.Sandbox (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0051390.Sandbox.1 (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\InstalledBrowserExtensions\3874 (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\AppDataLow\Software\Torntv V9.0 (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\InstalledBrowserExtensions\installdaddy (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\InstalledBrowserExtensions\3874 (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKLM\Software\Torntv V9.0 (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torntv V9.0 (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSStp (Trojan.Agent.SCR) -> Data: C:\Windows\inf\msstp.vbe -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Špatný: (http://www.buenosearch.com/?babsrc=HP_s ... 3&tsp=5218) Dobrý: (http://www.google.com) -> Nebyla provedena žádná instrukce.

Nalezené složky: 1
C:\Program Files (x86)\Torntv V9.0 (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 22
C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho.dll (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Mortal Kombat Komplete Edition\DiscContentPC\steam_api.dll (Trojan.VirTool) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.exe (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-bho64.dll (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-buttonutil.exe (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-buttonutil64.exe (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\utils.exe (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\acumnccrssr.exe (PUP.Optional.Bitcoin) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\acumncgllsx.exe (PUP.Optional.Bitcoin) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\dcgmnccrssr.exe (Trojan.BitMiner) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\dcgmncgllsx.exe (Trojan.BitMiner) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\lcpmnccrssr.exe (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\lcpmncgllsx.exe (PUP.BitCoinMiner) -> Nebyla provedena žádná instrukce.
C:\Windows\inf\msstp.vbe (Trojan.Agent.SCR) -> Nebyla provedena žádná instrukce.
C:\Windows\Tasks\00e1002c-7029-4aa8-96af-5a4f99b861b7-4.job (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\51390.crx (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\51390.xpi (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\background.html (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-buttonutil.dll (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\Torntv V9.0-buttonutil64.dll (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\Torntv V9.0.ico (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\Torntv V9.0\Uninstall.exe (PUP.Optional.TornTV.A) -> Nebyla provedena žádná instrukce.

(konec)

[Márty84]

Vsechno nechte odstranit. Po odstraneni a restartu pc test zopakujte, at vime, ze se to nevraci. Napiste vysledek, podle nej zvolim dalsi postup.

[toox]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.05.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Honza :: HONZA-PC [administrátor]

2.5.2014 16:52:13
mbam-log-2014-05-02 (16-52-13).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 451116
Uplynulý čas: 59 minut, 17 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Maybe CLEAR!

[Márty84]

MBAM muzete odinstalovat.


Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

[toox]

# AdwCleaner v3.205 - Report created 02/05/2014 at 17:58:00
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Honza - HONZA-PC
# Running from : C:\Users\Honza\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : wStLibG64

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Honza\AppData\LocalLow\buenosearch LTD
Folder Deleted : C:\Users\Honza\AppData\LocalLow\Torntv V9.0
Folder Deleted : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\Extensions\5a6bf058-b978-4b84-a2ec-6f5462cfccb2@10120365-d3c0-4ec9-8624-5fac2592d0df.com
File Deleted : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\invalidprefs.js
File Deleted : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\searchplugins\buenosearch.xml
File Deleted : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKLM\Software\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16483


-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\prefs.js ]

Line Deleted : user_pref("extensions.buenosearch.admin", false);
Line Deleted : user_pref("extensions.buenosearch.aflt", "babsst");
Line Deleted : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Deleted : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.dfltLng", "en");
Line Deleted : user_pref("extensions.buenosearch.excTlbr", false);
Line Deleted : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.buenosearch.id", "6293791a0000000000001c6f65469f9a");
Line Deleted : user_pref("extensions.buenosearch.instlDay", "16175");
Line Deleted : user_pref("extensions.buenosearch.instlRef", "sst");
Line Deleted : user_pref("extensions.buenosearch.newTab", false);
Line Deleted : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.rvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.smplGrp", "none");
Line Deleted : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 3&tsp=5218");
Line Deleted : user_pref("extensions.buenosearch.tlbrId", "base");
Line Deleted : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&ba ... 3&tsp=5218");
Line Deleted : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Deleted : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.718:56:11");
Line Deleted : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Line Deleted : user_pref("extensions.crossrider.bic", "145665386b768a953472a20207d209bb");
Line Deleted : user_pref("extensions.ffxtlbr@buenosearch.com.install-event-fired", true);

*************************

AdwCleaner[R1].txt - [5559 octets] - [02/05/2014 17:56:33]
AdwCleaner[S1].txt - [5318 octets] - [02/05/2014 17:58:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5378 octets] ##########

[Márty84]

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[toox]

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Honza [Práva správce]
Mód : Kontrola -- Datum : 05/02/2014 20:10:50
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 9 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (109.234.194.242:3128 [Country: (Unknown Country?) (XX), City: (Unknown City?)]) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> NALEZENO
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 7ca38b78c81cfda4752e993c91cc4ae0
[BSP] 583e22b9c7b22542c7b70a28898bd78d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic USB SD Reader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic USB CF Reader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic USB MS Reader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Dokončeno : << RKreport[0]_S_05022014_201050.txt >>

[Márty84]

[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (109.234.194.242:3128 [Country: (Unknown Country?) (XX), City: (Unknown City?)]) -> NALEZENO

Proxy tam mate schvalne?


Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

[toox]

Proxy nemám schválně.

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Honza [Práva správce]
Mód : Odebrat -- Datum : 05/03/2014 12:32:22
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> NAHRAZENO (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRAZENO (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤
[Address] EAT @firefox.exe (BeginBufferedAnimation) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8DF38)
[Address] EAT @firefox.exe (BeginBufferedPaint) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8B741)
[Address] EAT @firefox.exe (BeginPanningFeedback) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBA76AF)
[Address] EAT @firefox.exe (BufferedPaintClear) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8BBDB)
[Address] EAT @firefox.exe (BufferedPaintInit) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8B8D4)
[Address] EAT @firefox.exe (BufferedPaintRenderAnimation) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8DE83)
[Address] EAT @firefox.exe (BufferedPaintSetAlpha) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBACE19)
[Address] EAT @firefox.exe (BufferedPaintStopAllAnimations) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8E428)
[Address] EAT @firefox.exe (BufferedPaintUnInit) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB97525)
[Address] EAT @firefox.exe (CloseThemeData) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB81FA1)
[Address] EAT @firefox.exe (DrawThemeBackground) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8D464)
[Address] EAT @firefox.exe (DrawThemeBackgroundEx) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB9436D)
[Address] EAT @firefox.exe (DrawThemeEdge) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAC01C)
[Address] EAT @firefox.exe (DrawThemeIcon) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAD123)
[Address] EAT @firefox.exe (DrawThemeParentBackground) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8E776)
[Address] EAT @firefox.exe (DrawThemeParentBackgroundEx) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8E5C5)
[Address] EAT @firefox.exe (DrawThemeText) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8DB21)
[Address] EAT @firefox.exe (DrawThemeTextEx) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8A70C)
[Address] EAT @firefox.exe (EnableThemeDialogTexture) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB9786D)
[Address] EAT @firefox.exe (EnableTheming) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAC9FF)
[Address] EAT @firefox.exe (EndBufferedAnimation) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8ACE8)
[Address] EAT @firefox.exe (EndBufferedPaint) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8ACE8)
[Address] EAT @firefox.exe (EndPanningFeedback) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBA762C)
[Address] EAT @firefox.exe (GetBufferedPaintBits) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8CF26)
[Address] EAT @firefox.exe (GetBufferedPaintDC) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBACDCF)
[Address] EAT @firefox.exe (GetBufferedPaintTargetDC) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBACD86)
[Address] EAT @firefox.exe (GetBufferedPaintTargetRect) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAC893)
[Address] EAT @firefox.exe (GetCurrentThemeName) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB963AE)
[Address] EAT @firefox.exe (GetThemeAppProperties) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8EBD6)
[Address] EAT @firefox.exe (GetThemeBackgroundContentRect) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8DA9E)
[Address] EAT @firefox.exe (GetThemeBackgroundExtent) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB97155)
[Address] EAT @firefox.exe (GetThemeBackgroundRegion) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB90190)
[Address] EAT @firefox.exe (GetThemeBitmap) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB84B9C)
[Address] EAT @firefox.exe (GetThemeBool) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB86651)
[Address] EAT @firefox.exe (GetThemeColor) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB827C0)
[Address] EAT @firefox.exe (GetThemeDocumentationProperty) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAC346)
[Address] EAT @firefox.exe (GetThemeEnumValue) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB827C0)
[Address] EAT @firefox.exe (GetThemeFilename) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAB997)
[Address] EAT @firefox.exe (GetThemeFont) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB976A2)
[Address] EAT @firefox.exe (GetThemeInt) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB827C0)
[Address] EAT @firefox.exe (GetThemeIntList) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAB86E)
[Address] EAT @firefox.exe (GetThemeMargins) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB82F97)
[Address] EAT @firefox.exe (GetThemeMetric) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB955B4)
[Address] EAT @firefox.exe (GetThemePartSize) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8289F)
[Address] EAT @firefox.exe (GetThemePosition) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAB80D)
[Address] EAT @firefox.exe (GetThemePropertyOrigin) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB90923)
[Address] EAT @firefox.exe (GetThemeRect) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAB936)
[Address] EAT @firefox.exe (GetThemeStream) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAB8CF)
[Address] EAT @firefox.exe (GetThemeString) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAB7A1)
[Address] EAT @firefox.exe (GetThemeSysBool) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBACB86)
[Address] EAT @firefox.exe (GetThemeSysColor) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB95530)
[Address] EAT @firefox.exe (GetThemeSysColorBrush) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBACA32)
[Address] EAT @firefox.exe (GetThemeSysFont) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAC3D8)
[Address] EAT @firefox.exe (GetThemeSysInt) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAC5E7)
[Address] EAT @firefox.exe (GetThemeSysSize) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBACC61)
[Address] EAT @firefox.exe (GetThemeSysString) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBAC553)
[Address] EAT @firefox.exe (GetThemeTextExtent) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB889FE)
[Address] EAT @firefox.exe (GetThemeTextMetrics) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB9778C)
[Address] EAT @firefox.exe (GetThemeTransitionDuration) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8E1A1)
[Address] EAT @firefox.exe (GetWindowTheme) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB9535B)
[Address] EAT @firefox.exe (HitTestThemeBackground) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB92DC1)
[Address] EAT @firefox.exe (IsAppThemed) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB97009)
[Address] EAT @firefox.exe (IsCompositionActive) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB865DF)
[Address] EAT @firefox.exe (IsThemeActive) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB96F36)
[Address] EAT @firefox.exe (IsThemeBackgroundPartiallyTransparent) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB8281C)
[Address] EAT @firefox.exe (IsThemeDialogTextureEnabled) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBACB3F)
[Address] EAT @firefox.exe (IsThemePartDefined) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB830CF)
[Address] EAT @firefox.exe (OpenThemeData) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB85F29)
[Address] EAT @firefox.exe (OpenThemeDataEx) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB906FE)
[Address] EAT @firefox.exe (SetThemeAppProperties) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBACCEC)
[Address] EAT @firefox.exe (SetWindowTheme) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB97AFC)
[Address] EAT @firefox.exe (SetWindowThemeAttribute) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB89E39)
[Address] EAT @firefox.exe (ThemeInitApiHook) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FB84571)
[Address] EAT @firefox.exe (UpdatePanningFeedback) : NTDSAPI.dll -> HOOKED (C:\Windows\system32\UxTheme.dll @ 0x6FBA75ED)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD103SJ ATA Device +++++
--- User ---
[MBR] 7ca38b78c81cfda4752e993c91cc4ae0
[BSP] 583e22b9c7b22542c7b70a28898bd78d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic USB SD Reader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) Generic USB CF Reader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ USB) Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

+++++ PhysicalDrive4: (\\.\PHYSICALDRIVE4 @ USB) Generic USB MS Reader USB Device +++++
Error reading User MBR! ([0x15] Za?ízení není p?ipraveno. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] Po?adavek není podporován. )

Dokončeno : << RKreport[0]_D_05032014_123222.txt >>
RKreport[0]_S_05032014_122605.txt;RKreport[0]_S_05032014_123141.txt


RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Honza [Práva správce]
Mód : Oprava HOSTS -- Datum : 05/03/2014 12:32:58
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Resetovaný HOSTS: ¤¤¤


Dokončeno : << RKreport[0]_H_05032014_123258.txt >>
RKreport[0]_D_05032014_123222.txt;RKreport[0]_S_05032014_122605.txt;RKreport[0]_S_05032014_123141.txt

[Márty84]

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Oprava Proxy)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete Oprava Proxy a Zprava
Objevi se log. Ten mi sem vlozte.

[toox]

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Honza [Práva správce]
Mód : Oprava Proxy -- Datum : 05/03/2014 13:21:06
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (109.234.194.242:3128 [Country: (Unknown Country?) (XX), City: (Unknown City?)]) -> VYMAZÁNO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

Dokončeno : << RKreport[0]_PR_05032014_132106.txt >>
RKreport[0]_S_05032014_132101.txt

Jen tak pro zajímavost, co jsem měl v PC za vir?

[Márty84]

Kouknete do logu z MBAM a uvidite

Ale jeste se mi to nelibi


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[toox]

ComboFix 14-04-30.01 - Honza 03.05.2014 13:33:27.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4087.2436 [GMT 2:00]
Spuštěný z: c:\users\Honza\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1391204559.bdinstall.bin
c:\programdata\1391204785.bdinstall.bin
c:\programdata\1391204789.bdinstall.bin
c:\programdata\1391251101.bdinstall.bin
c:\users\Honza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\tmpD196.tmp
c:\windows\SysWow64\tmpD1C6.tmp
C:\Windows6.1-KB2581464-x64.msu
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Service_NEWDRIVER
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-03 do 2014-05-03 )))))))))))))))))))))))))))))))
.
.
2014-05-02 22:25 . 2014-05-02 22:25 -------- d-----w- c:\users\Honza\AppData\Local\CrashDumps
2014-05-02 15:56 . 2014-05-03 11:25 -------- d-----w- C:\AdwCleaner
2014-05-02 11:42 . 2014-05-02 11:42 -------- d-----w- C:\rsit
2014-04-24 09:23 . 2014-04-24 09:25 -------- d-----w- c:\users\Honza\AppData\Roaming\.minecraft
2014-04-24 06:43 . 2014-04-24 06:43 943044 ----a-w- c:\windows\SysWow64\scrypt130511GeForce GTX 460glg2tc1984w256l4.bin
2014-04-23 14:16 . 2014-03-05 20:19 7670 --s-a-w- c:\windows\SysWow64\mnccrssr.vbe
2014-04-23 14:16 . 2014-04-23 14:16 -------- d-----w- c:\program files (x86)\Minecraft free launcher
2014-04-23 14:15 . 2014-03-05 21:19 7670 --s-a-w- c:\windows\SysWow64\mncgllsx.vbe
2014-04-23 14:15 . 2014-04-23 14:16 -------- d-----w- c:\windows\SysWow64\bitstreams
2014-04-23 14:15 . 2013-10-26 18:30 364544 --s-a-w- c:\windows\SysWow64\ssleay32.dll
2014-04-23 14:15 . 2013-10-26 18:30 192512 --s-a-w- c:\windows\SysWow64\libidn-11.dll
2014-04-23 14:15 . 2013-10-26 18:30 171008 --s-a-w- c:\windows\SysWow64\libssh2.dll
2014-04-23 14:15 . 2013-10-26 18:30 1704448 --s-a-w- c:\windows\SysWow64\libeay32.dll
2014-04-23 14:15 . 2013-10-26 18:30 133632 --s-a-w- c:\windows\SysWow64\librtmp.dll
2014-04-23 14:15 . 2013-06-12 13:15 119888 --s-a-w- c:\windows\SysWow64\pthreadGC2.dll
2014-04-23 14:15 . 2013-06-12 13:15 100864 --s-a-w- c:\windows\SysWow64\zlib1.dll
2014-04-23 14:15 . 2012-05-26 23:36 55808 --s-a-w- c:\windows\SysWow64\pthreadVC2.dll
2014-04-23 14:15 . 2013-10-26 18:30 538126 --s-a-w- c:\windows\SysWow64\libcurl-4.dll
2014-04-23 14:15 . 2012-09-25 21:46 472424 --s-a-w- c:\windows\SysWow64\cudart32_50_35.dll
2014-04-15 18:12 . 2014-04-15 18:12 61112 ----a-w- c:\windows\system32\drivers\wStLibG64.sys
2014-04-15 16:55 . 2014-04-15 16:55 -------- d-----w- c:\program files (x86)\WebSpades
2014-04-15 16:43 . 2014-04-15 16:43 -------- d-----w- c:\programdata\Copernic
2014-04-15 16:43 . 2014-04-15 16:43 -------- d-----w- c:\users\Honza\AppData\Roaming\Copernic
2014-04-15 16:38 . 2014-04-15 16:43 -------- d-----w- c:\users\Honza\AppData\Local\Copernic
2014-04-11 19:19 . 2014-04-11 19:19 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2014-04-11 19:19 . 2014-04-11 19:19 -------- d-----w- c:\program files (x86)\VstPlugins
2014-04-11 19:19 . 2013-03-12 10:47 1431552 ----a-w- c:\windows\SysWow64\rewire.dll
2014-04-11 19:19 . 2014-04-11 19:19 -------- d-----w- c:\users\Honza\AppData\Roaming\Image-Line
2014-04-11 19:19 . 2014-04-11 19:19 -------- d-----w- c:\program files\Image-Line
2014-04-11 19:19 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2014-04-11 19:19 . 2014-04-11 19:19 -------- d-----w- c:\users\Honza\AppData\Roaming\FlowStone
2014-04-11 19:19 . 2014-04-11 19:19 -------- d-----w- c:\program files (x86)\DSPRobotics
2014-04-11 19:16 . 2014-04-11 19:19 -------- d-----w- c:\program files (x86)\Image-Line
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-02 08:06 . 2013-07-22 09:19 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-02 08:06 . 2013-07-22 09:19 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-10 13:01 . 2012-12-27 22:23 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-10 13:01 . 2013-01-12 18:59 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-10 13:01 . 2012-12-27 22:23 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-29 19:08 . 2014-03-29 19:08 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-03-29 19:08 . 2014-03-29 19:08 43152 ----a-w- c:\windows\avastSS.scr
2014-03-29 19:08 . 2013-03-22 19:50 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-29 19:08 . 2013-03-22 19:50 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-29 19:08 . 2012-12-27 18:32 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-29 19:08 . 2012-12-27 18:32 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-03-29 19:08 . 2012-12-27 18:32 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-29 19:08 . 2012-12-27 18:32 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-29 19:08 . 2012-12-27 18:32 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-05 20:36 . 2014-03-03 16:49 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-03-05 20:36 . 2014-03-03 16:49 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-03-05 20:36 . 2014-03-03 16:49 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-03-05 20:36 . 2014-03-03 16:49 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-03-04 14:35 . 2014-03-12 11:34 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2014-03-12 11:34 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-03-12 11:34 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2014-03-12 11:34 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-03-12 11:34 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-12 11:34 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-03-12 11:34 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-03-12 11:34 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-03-12 11:34 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-12 11:34 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-12 11:34 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 14:35 . 2014-03-12 11:34 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-12 11:34 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-12 11:34 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-12 11:34 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-12 11:34 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-12 11:34 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-03-12 11:34 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-12 11:34 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-03-12 11:34 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-12 11:34 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-12 11:34 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2014-03-12 11:34 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-12 11:34 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-12 11:34 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-03-12 11:34 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-12 11:34 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-12 11:34 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-12 11:34 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-03-12 11:34 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2014-03-12 11:34 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 13:06 . 2014-03-12 11:38 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2014-03-12 11:38 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-03-12 11:38 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2014-03-12 11:38 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2014-03-12 11:38 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2014-03-12 11:38 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2014-03-12 11:38 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-02-09 14:24 . 2014-02-09 14:24 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-05 09:31 . 2014-02-20 10:07 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2014-02-20 10:07 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-29 3854640]
"mncgllsxSrv"="c:\windows\system32\mncgllsx.vbe" [2014-03-05 7670]
"mnccrssrSrv"="c:\windows\system32\mnccrssr.vbe" [2014-03-05 7670]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\users\Honza\Downloads\TuneUpPortable1\APP\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\users\Honza\Downloads\TuneUpPortable1\APP\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
R3 usbrndis6;Adaptér USB RNDIS6;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-22 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-29 19:08 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 62.129.50.20
FF - ProfilePath - c:\users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\c7qdeahl.default-1390425784843\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Celkový čas: 2014-05-03 13:45:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-03 11:45
.
Před spuštěním: Volných bajtů: 503 777 263 616
Po spuštění: Volných bajtů: 503 542 706 176
.
- - End Of File - - B48124A865F09BA4CC95682BFC415B36
A36C5E4F47E84449FF07ED3517B43A31