prosím o kontrolu logu podezření na vir Vyřešeno

[milan111]

Roguekiller

RogueKiller V8.8.12 [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : honza [Práva správce]
Mód : Odebrat -- Datum : 04/22/2014 19:09:24
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00RKKA0 ATA Device +++++
--- User ---
[MBR] f8e66b74a5e424b9b6b79da02daef1ad
[BSP] 30123719fb799141c5ce03cb0b007e89 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] 15edbef1e7daa217fef1204c6a1b1e39
[BSP] afba18ace768e6a74f0dd7618b3d6661 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_04222014_190924.txt >>
RKreport[0]_S_04222014_190819.txt

[Reklama]

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[milan111]

ComboFix 14-04-20.01 - honza 23.04.2014 14:05:48.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.8191.6533 [GMT 2:00]
Spuštěný z: c:\users\honza\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-23 do 2014-04-23 )))))))))))))))))))))))))))))))
.
.
2014-04-23 12:13 . 2014-04-23 12:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-19 16:41 . 2014-04-23 04:22 -------- d-----w- c:\programdata\BitRaider
2014-04-19 16:41 . 2014-04-19 16:41 -------- d-----w- c:\users\honza\AppData\Local\SWTORPerf
2014-04-19 08:57 . 2014-04-19 08:57 -------- d-----w- c:\users\honza\AppData\Roaming\NCSOFT
2014-04-19 08:57 . 2014-04-19 08:57 -------- d-----w- c:\users\honza\AppData\Local\NCSOFT
2014-04-19 06:15 . 2014-04-19 06:15 -------- d-----w- c:\users\honza\AppData\Local\Ubisoft
2014-04-17 14:07 . 2014-04-17 14:07 -------- d-----w- c:\windows\ERUNT
2014-04-16 17:06 . 2014-04-23 11:59 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 17:05 . 2014-04-16 17:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-16 17:05 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-16 17:05 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 17:05 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 19:09 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2014-04-15 19:02 . 2014-04-15 19:02 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2014-04-15 19:02 . 2014-04-15 19:02 -------- d-----w- c:\users\honza\AppData\Roaming\Check Point Software Technologies LTD
2014-04-15 19:02 . 2014-04-15 19:10 -------- d-----w- c:\program files (x86)\CheckPoint
2014-04-15 19:01 . 2014-04-15 19:01 -------- d-----w- c:\programdata\CheckPoint
2014-04-15 13:27 . 2014-04-15 13:27 -------- d-----w- c:\program files\trend micro
2014-04-14 19:36 . 2014-04-14 19:36 -------- d-----w- c:\users\honza\AppData\Roaming\AVAST Software
2014-04-14 19:27 . 2014-04-14 19:27 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-14 19:27 . 2014-04-14 19:27 43152 ----a-w- c:\windows\avastSS.scr
2014-04-14 19:24 . 2014-03-17 08:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{747BA36B-C49F-4AA9-8330-21219341702E}\mpengine.dll
2014-04-11 15:13 . 2014-04-11 16:11 -------- d-----w- c:\program files (x86)\Origin Games
2014-04-11 15:12 . 2014-04-11 15:47 -------- d-----w- c:\users\honza\AppData\Local\Origin
2014-04-11 15:10 . 2014-04-11 15:10 -------- d-----w- c:\programdata\Electronic Arts
2014-04-11 15:10 . 2014-04-15 04:23 -------- d-----w- c:\program files (x86)\Origin
2014-04-06 17:25 . 2014-04-18 13:50 -------- d-----w- c:\users\honza\AppData\Roaming\RIFT
2014-04-05 15:01 . 2014-04-05 16:47 -------- d-----w- c:\users\honza\AppData\Roaming\Origin
2014-04-05 14:58 . 2014-04-12 09:02 -------- d-----w- c:\programdata\Origin
2014-03-30 14:36 . 2014-03-30 14:48 -------- d-----w- c:\users\Public\Polar ProTrainer
2014-03-30 14:17 . 2014-03-30 14:17 -------- d-----w- c:\windows\Downloaded Installations
2014-03-28 13:39 . 2014-03-28 13:39 -------- d-----w- c:\programdata\ATI
2014-03-28 13:38 . 2014-03-28 13:38 -------- d-----w- c:\program files (x86)\AMD AVT
2014-03-28 13:35 . 2014-03-28 13:35 -------- d-----w- c:\program files\AMD
2014-03-28 13:25 . 2014-03-28 13:25 -------- d-----w- C:\AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-23 11:58 . 2012-06-21 16:02 23080 ----a-w- c:\windows\gdrv.sys
2014-04-14 19:27 . 2013-06-16 15:18 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-14 19:27 . 2013-06-16 15:18 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-14 19:27 . 2012-06-20 17:44 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-14 19:27 . 2012-06-20 17:44 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-14 19:27 . 2012-06-20 17:44 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-14 19:27 . 2012-06-20 17:44 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-14 19:27 . 2012-06-20 17:44 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-31 07:35 . 2012-06-20 16:59 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-18 00:24 . 2014-03-18 00:24 451480 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2014-03-12 10:34 . 2012-06-20 16:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 10:34 . 2012-06-20 16:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-05 21:19 . 2014-03-22 12:01 7670 --s-a-w- c:\windows\SysWow64\mncxgtla.vbe
2014-02-09 15:25 . 2013-03-04 16:50 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-02-09 15:25 . 2012-12-03 13:11 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-02-08 18:34 . 2014-02-27 15:58 15740232 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-02-08 18:34 . 2014-02-27 15:58 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-02-08 18:34 . 2014-02-27 15:58 31432480 ----a-w- c:\windows\system32\nvoglv64.dll
2014-02-08 18:34 . 2014-02-27 15:58 23683360 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-02-08 18:34 . 2014-02-27 15:58 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-02-08 18:34 . 2014-02-27 15:58 892192 ----a-w- c:\windows\system32\NvIFR64.dll
2014-02-08 18:34 . 2014-02-27 15:58 863520 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-02-08 18:34 . 2014-02-27 15:58 12324640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-02-08 18:34 . 2014-02-27 15:58 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-02-08 18:34 . 2014-02-27 15:58 875296 ----a-w- c:\windows\system32\NvFBC64.dll
2014-02-08 18:34 . 2014-02-27 15:58 844576 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-02-08 18:34 . 2014-02-27 15:58 3142432 ----a-w- c:\windows\system32\nvcuvid.dll
2014-02-08 18:34 . 2014-02-27 15:58 2956576 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-02-08 18:34 . 2014-02-27 15:58 2782496 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-02-08 18:34 . 2014-02-27 15:58 2410784 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-02-08 18:34 . 2014-02-27 15:58 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-27 15:58 17715784 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-02-08 18:34 . 2014-02-27 15:58 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll
2014-02-08 18:34 . 2014-02-27 15:58 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-02-08 18:34 . 2014-02-27 15:58 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-02-08 18:34 . 2014-02-27 15:58 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-02-08 18:34 . 2013-12-13 12:29 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-02-08 18:34 . 2012-06-20 17:22 3090184 ----a-w- c:\windows\system32\nvapi64.dll
2014-02-08 18:34 . 2009-07-13 21:59 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2009-06-10 20:37 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-02-08 17:42 . 2012-06-20 17:23 6712608 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2012-06-20 17:23 3498272 ----a-w- c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2012-06-20 17:23 923936 ----a-w- c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2012-06-20 17:23 63776 ----a-w- c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2012-06-20 17:23 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-08 16:18 . 2014-02-27 16:01 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-05 09:31 . 2014-02-27 16:02 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2014-02-27 16:02 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2014-02-01 08:30 . 2012-12-03 13:11 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-14 3854640]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-03-18 137352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1039unic.sys [x]
R3 stus2x64;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys;c:\windows\SYSNATIVE\DRIVERS\stusb2ir.sys [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R4 IMPI Updater;IMPI Updater;c:\program files\IMPI\ExtensionUpdaterService.exe;c:\program files\IMPI\ExtensionUpdaterService.exe [x]
R4 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
R4 TunngleService;TunngleService;f:\program files (x86)\Tunngle\TnglCtrl.exe;f:\program files (x86)\Tunngle\TnglCtrl.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;f:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-15 15:07 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 10:34]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-15 15:06]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-15 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-14 19:27 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-{589B4136-7CAA-2E66-668D-080DB2C7B080} - c:\progra~3\INSTAL~1\{D0F6C~1\Setup.exe
AddRemove-{5C24E92F-D0BB-A758-162E-99EEEAC89C3B} - c:\progra~3\INSTAL~1\{78DD9~1\Setup.exe
AddRemove-{ADCE7672-F67F-8D19-D2BE-DDFD7A739D61} - c:\progra~3\INSTAL~1\{FE8F1~1\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1936620949-411582716-1596827494-1001\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{17E113E6-CD0E-4045-B154-65F0E57959EF}"=hex:51,66,7a,6c,4c,1d,3b,1b,f6,0c,fa,
0d,3f,98,28,0d,a4,5b,2e,b0,e1,3b,1d,f6
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,24,36,
57,8f,3c,17,0a,85,fa,b6,9b,01,77,3d,6c
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,87,93,
82,1c,11,b0,04,8c,d8,97,c6,6f,aa,39,a5
.
[HKEY_USERS\S-1-5-21-1936620949-411582716-1596827494-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bb,3b,34,da,d1,3e,c2,ab,e5,6b,c6,26,d9,ef,ea,76,ea,0c,43,7c,a4,d5,bd,
4a,b1,a7,f2,1d,60,c5,88,a6,e6,28,8c,9f,7e,3f,a4,72,40,c2,88,2c,ed,26,d7,14,\
"??"=hex:34,bc,6e,28,7d,21,bd,ff,ea,46,46,bd,e1,0e,2f,80
.
[HKEY_USERS\S-1-5-21-1936620949-411582716-1596827494-1001\Software\SecuROM\License information*]
"datasecu"=hex:35,9e,8b,76,c1,83,fc,77,f6,d1,6d,87,86,3d,7e,94,bf,07,b2,a3,dc,
15,94,69,89,1a,6c,87,26,f7,2d,8a,02,44,2b,56,ed,83,3d,a6,e7,77,a6,5a,eb,ae,\
"rkeysecu"=hex:f5,48,86,1b,a2,aa,68,a0,d3,1a,54,67,18,b3,89,04
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-04-23 14:15:16
ComboFix-quarantined-files.txt 2014-04-23 12:15
ComboFix2.txt 2014-04-15 17:56
ComboFix3.txt 2014-04-15 17:45
.
Před spuštěním: Volných bajtů: 42 498 306 048
Po spuštění: Volných bajtů: 42 350 510 080
.
- - End Of File - - E28C95BE5FD1061E19748C72E309C22A
A36C5E4F47E84449FF07ED3517B43A31

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_USERS\S-1-5-21-1936620949-411582716-1596827494-1001\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{17E113E6-CD0E-4045-B154-65F0E57959EF}"=hex:51,66,7a,6c,4c,1d,3b,1b,f6,0c,fa,
 0d,3f,98,28,0d,a4,5b,2e,b0,e1,3b,1d,f6
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,24,36,
 57,8f,3c,17,0a,85,fa,b6,9b,01,77,3d,6c
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,87,93,
 82,1c,11,b0,04,8c,d8,97,c6,6f,aa,39,a5
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[milan111]

ComboFix 14-04-20.01 - honza 23.04.2014 19:32:42.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1033.18.8191.6565 [GMT 2:00]
Spuštěný z: c:\users\honza\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\honza\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleUpdateComRegisterShell64.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.23.9\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.23.9\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.23.9\goopdate.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.23.9\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.23.9\psmachine.dll
c:\program files (x86)\Google\Update\1.3.23.9\psmachine_64.dll
c:\program files (x86)\Google\Update\1.3.23.9\psuser.dll
c:\program files (x86)\Google\Update\1.3.23.9\psuser_64.dll
c:\program files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\34.0.1847.116\34.0.1847.116_chrome_installer.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-23 do 2014-04-23 )))))))))))))))))))))))))))))))
.
.
2014-04-23 17:39 . 2014-04-23 17:39 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-04-23 17:39 . 2014-04-23 17:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-19 16:41 . 2014-04-23 04:22 -------- d-----w- c:\programdata\BitRaider
2014-04-19 16:41 . 2014-04-19 16:41 -------- d-----w- c:\users\honza\AppData\Local\SWTORPerf
2014-04-19 08:57 . 2014-04-19 08:57 -------- d-----w- c:\users\honza\AppData\Roaming\NCSOFT
2014-04-19 08:57 . 2014-04-19 08:57 -------- d-----w- c:\users\honza\AppData\Local\NCSOFT
2014-04-19 06:15 . 2014-04-19 06:15 -------- d-----w- c:\users\honza\AppData\Local\Ubisoft
2014-04-17 14:07 . 2014-04-17 14:07 -------- d-----w- c:\windows\ERUNT
2014-04-16 17:06 . 2014-04-23 17:42 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-16 17:05 . 2014-04-16 17:06 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-16 17:05 . 2014-04-03 07:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-16 17:05 . 2014-04-03 07:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-16 17:05 . 2014-04-03 07:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-15 19:09 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2014-04-15 19:02 . 2014-04-15 19:02 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2014-04-15 19:02 . 2014-04-15 19:02 -------- d-----w- c:\users\honza\AppData\Roaming\Check Point Software Technologies LTD
2014-04-15 19:02 . 2014-04-15 19:10 -------- d-----w- c:\program files (x86)\CheckPoint
2014-04-15 19:01 . 2014-04-15 19:01 -------- d-----w- c:\programdata\CheckPoint
2014-04-15 13:27 . 2014-04-15 13:27 -------- d-----w- c:\program files\trend micro
2014-04-14 19:36 . 2014-04-14 19:36 -------- d-----w- c:\users\honza\AppData\Roaming\AVAST Software
2014-04-14 19:27 . 2014-04-14 19:27 84816 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-04-14 19:27 . 2014-04-14 19:27 43152 ----a-w- c:\windows\avastSS.scr
2014-04-14 19:24 . 2014-03-17 08:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{747BA36B-C49F-4AA9-8330-21219341702E}\mpengine.dll
2014-04-11 15:13 . 2014-04-11 16:11 -------- d-----w- c:\program files (x86)\Origin Games
2014-04-11 15:12 . 2014-04-11 15:47 -------- d-----w- c:\users\honza\AppData\Local\Origin
2014-04-11 15:10 . 2014-04-11 15:10 -------- d-----w- c:\programdata\Electronic Arts
2014-04-11 15:10 . 2014-04-15 04:23 -------- d-----w- c:\program files (x86)\Origin
2014-04-06 17:25 . 2014-04-18 13:50 -------- d-----w- c:\users\honza\AppData\Roaming\RIFT
2014-04-05 15:01 . 2014-04-05 16:47 -------- d-----w- c:\users\honza\AppData\Roaming\Origin
2014-04-05 14:58 . 2014-04-12 09:02 -------- d-----w- c:\programdata\Origin
2014-03-30 14:36 . 2014-03-30 14:48 -------- d-----w- c:\users\Public\Polar ProTrainer
2014-03-30 14:17 . 2014-03-30 14:17 -------- d-----w- c:\windows\Downloaded Installations
2014-03-28 13:39 . 2014-03-28 13:39 -------- d-----w- c:\programdata\ATI
2014-03-28 13:38 . 2014-03-28 13:38 -------- d-----w- c:\program files (x86)\AMD AVT
2014-03-28 13:35 . 2014-03-28 13:35 -------- d-----w- c:\program files\AMD
2014-03-28 13:25 . 2014-03-28 13:25 -------- d-----w- C:\AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-23 17:41 . 2012-06-21 16:02 23080 ----a-w- c:\windows\gdrv.sys
2014-04-14 19:27 . 2013-06-16 15:18 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-14 19:27 . 2013-06-16 15:18 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-14 19:27 . 2012-06-20 17:44 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-04-14 19:27 . 2012-06-20 17:44 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-14 19:27 . 2012-06-20 17:44 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-04-14 19:27 . 2012-06-20 17:44 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-14 19:27 . 2012-06-20 17:44 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-31 07:35 . 2012-06-20 16:59 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-18 00:24 . 2014-03-18 00:24 451480 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2014-03-12 10:34 . 2012-06-20 16:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 10:34 . 2012-06-20 16:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-05 21:19 . 2014-03-22 12:01 7670 --s-a-w- c:\windows\SysWow64\mncxgtla.vbe
2014-02-09 15:25 . 2013-03-04 16:50 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-02-09 15:25 . 2012-12-03 13:11 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-02-08 18:34 . 2014-02-27 15:58 15740232 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-02-08 18:34 . 2014-02-27 15:58 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-02-08 18:34 . 2014-02-27 15:58 31432480 ----a-w- c:\windows\system32\nvoglv64.dll
2014-02-08 18:34 . 2014-02-27 15:58 23683360 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-02-08 18:34 . 2014-02-27 15:58 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-02-08 18:34 . 2014-02-27 15:58 892192 ----a-w- c:\windows\system32\NvIFR64.dll
2014-02-08 18:34 . 2014-02-27 15:58 863520 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-02-08 18:34 . 2014-02-27 15:58 12324640 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-02-08 18:34 . 2014-02-27 15:58 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-02-08 18:34 . 2014-02-27 15:58 875296 ----a-w- c:\windows\system32\NvFBC64.dll
2014-02-08 18:34 . 2014-02-27 15:58 844576 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-02-08 18:34 . 2014-02-27 15:58 3142432 ----a-w- c:\windows\system32\nvcuvid.dll
2014-02-08 18:34 . 2014-02-27 15:58 2956576 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-02-08 18:34 . 2014-02-27 15:58 2782496 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-02-08 18:34 . 2014-02-27 15:58 2410784 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-02-08 18:34 . 2014-02-27 15:58 1885472 ----a-w- c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-27 15:58 17715784 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-02-08 18:34 . 2014-02-27 15:58 1515296 ----a-w- c:\windows\system32\nvdispgenco6433489.dll
2014-02-08 18:34 . 2014-02-27 15:58 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-02-08 18:34 . 2014-02-27 15:58 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-02-08 18:34 . 2014-02-27 15:58 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-02-08 18:34 . 2013-12-13 12:29 2713728 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-02-08 18:34 . 2012-06-20 17:22 3090184 ----a-w- c:\windows\system32\nvapi64.dll
2014-02-08 18:34 . 2009-07-13 21:59 18257576 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-02-08 18:34 . 2009-06-10 20:37 14669032 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-02-08 17:42 . 2012-06-20 17:23 6712608 ----a-w- c:\windows\system32\nvcpl.dll
2014-02-08 17:42 . 2012-06-20 17:23 3498272 ----a-w- c:\windows\system32\nvsvc64.dll
2014-02-08 17:42 . 2012-06-20 17:23 923936 ----a-w- c:\windows\system32\nvvsvc.exe
2014-02-08 17:42 . 2012-06-20 17:23 63776 ----a-w- c:\windows\system32\nvshext.dll
2014-02-08 17:42 . 2012-06-20 17:23 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-02-08 16:18 . 2014-02-27 16:01 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-02-05 09:31 . 2014-02-27 16:02 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-02-05 09:30 . 2014-02-27 16:02 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2014-02-01 08:30 . 2012-12-03 13:11 291944 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-14 3854640]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-03-18 137352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1039unic.sys [x]
R3 stus2x64;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys;c:\windows\SYSNATIVE\DRIVERS\stusb2ir.sys [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R4 IMPI Updater;IMPI Updater;c:\program files\IMPI\ExtensionUpdaterService.exe;c:\program files\IMPI\ExtensionUpdaterService.exe [x]
R4 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
R4 TunngleService;TunngleService;f:\program files (x86)\Tunngle\TnglCtrl.exe;f:\program files (x86)\Tunngle\TnglCtrl.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;f:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-15 15:07 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 10:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-14 19:27 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SYSTEM32\blank.htm
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-{589B4136-7CAA-2E66-668D-080DB2C7B080} - c:\progra~3\INSTAL~1\{D0F6C~1\Setup.exe
AddRemove-{5C24E92F-D0BB-A758-162E-99EEEAC89C3B} - c:\progra~3\INSTAL~1\{78DD9~1\Setup.exe
AddRemove-{ADCE7672-F67F-8D19-D2BE-DDFD7A739D61} - c:\progra~3\INSTAL~1\{FE8F1~1\Setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1936620949-411582716-1596827494-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bb,3b,34,da,d1,3e,c2,ab,e5,6b,c6,26,d9,ef,ea,76,ea,0c,43,7c,a4,d5,bd,
4a,b1,a7,f2,1d,60,c5,88,a6,e6,28,8c,9f,7e,3f,a4,72,40,c2,88,2c,ed,26,d7,14,\
"??"=hex:34,bc,6e,28,7d,21,bd,ff,ea,46,46,bd,e1,0e,2f,80
.
[HKEY_USERS\S-1-5-21-1936620949-411582716-1596827494-1001\Software\SecuROM\License information*]
"datasecu"=hex:35,9e,8b,76,c1,83,fc,77,f6,d1,6d,87,86,3d,7e,94,bf,07,b2,a3,dc,
15,94,69,89,1a,6c,87,26,f7,2d,8a,02,44,2b,56,ed,83,3d,a6,e7,77,a6,5a,eb,ae,\
"rkeysecu"=hex:f5,48,86,1b,a2,aa,68,a0,d3,1a,54,67,18,b3,89,04
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
f:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
.
**************************************************************************
.
Celkový čas: 2014-04-23 19:49:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-23 17:49
ComboFix2.txt 2014-04-23 12:15
ComboFix3.txt 2014-04-15 17:56
ComboFix4.txt 2014-04-15 17:45
.
Před spuštěním: Volných bajtů: 40 890 048 512
Po spuštění: Volných bajtů: 40 648 794 112
.
- - End Of File - - 2C3F516FF2AEB0B1802C1AFE53327DC5
A36C5E4F47E84449FF07ED3517B43A31

[milan111]

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-04-23 19:53:21
-----------------------------
19:53:21.404 OS Version: Windows x64 6.1.7600
19:53:21.404 Number of processors: 2 586 0x602
19:53:21.404 ComputerName: HONZA-PC UserName: honza
19:53:22.184 Initialize success
19:53:25.694 AVAST engine defs: 14042300
19:53:29.250 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:53:29.266 Disk 0 Vendor: WDC_WD10EZEX-00RKKA0 80.00A80 Size: 953869MB BusType: 3
19:53:29.266 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
19:53:29.282 Disk 1 Vendor: SAMSUNG_HD322HJ 1AC01118 Size: 305245MB BusType: 3
19:53:29.344 Disk 1 MBR read successfully
19:53:29.360 Disk 1 MBR scan
19:53:29.360 Disk 1 Windows 7 default MBR code
19:53:29.375 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305143 MB offset 206848
19:53:29.391 Disk 1 scanning C:\Windows\system32\drivers
19:53:37.191 Service scanning
19:53:44.663 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
19:53:45.724 Service NTIOLib_1_0_C D:\NTIOLib_X64.sys **LOCKED** 21
19:53:52.838 Modules scanning
19:53:52.853 Disk 1 trace - called modules:
19:53:53.181 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:53:53.196 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80079a1060]
19:53:53.212 3 CLASSPNP.SYS[fffff8800101743f] -> nt!IofCallDriver -> [0xfffffa80078cc520]
19:53:53.212 5 ACPI.sys[fffff88000ed5781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0xfffffa80078c5680]
19:53:53.976 AVAST engine scan C:\Windows
19:53:56.753 AVAST engine scan C:\Windows\system32
19:56:20.539 AVAST engine scan C:\Windows\system32\drivers
19:56:30.476 AVAST engine scan C:\Users\honza
20:07:52.072 File: C:\Users\honza\Downloads\trz5F68.tmp **INFECTED** Win32:Adware-gen [Adw]
20:08:45.362 AVAST engine scan C:\ProgramData
20:10:04.875 Scan finished successfully
20:10:53.314 Disk 1 MBR has been saved successfully to "C:\Users\honza\Desktop\MBR.dat"
20:10:53.321 The log file has been saved successfully to "C:\Users\honza\Desktop\aswMBR.txt"

[jaro3]

C:\Users\honza\Downloads\trz5F68.tmp -- tento soubor smaž.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.


Vlož nový log z HJT + info o problémech.

[milan111]

#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x609daad4, pid=5032, tid=4768
#
# JRE version: 7.0_17-b02
# Java VM: Java HotSpot(TM) Client VM (23.7-b01 mixed mode windows-x86 )
# Problematic frame:
# C [atioglxx.dll+0xb7aad4]
#
# Failed to write core dump. Minidumps are not enabled by default on client versions of Windows
#
# If you would like to submit a bug report, please visit:
# http://bugreport.sun.com/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x4ce78800): JavaThread "Minecraft main thread" daemon [_thread_in_native, id=4768, stack(0x4dde0000,0x4de30000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000010

Registers:
EAX=0x00000000, EBX=0x4dfbcee0, ECX=0x00000004, EDX=0x4dfadf88
ESP=0x4de2f580, EBP=0x4de2f5b8, ESI=0x4caada98, EDI=0x745a33f0
EIP=0x609daad4, EFLAGS=0x00010212

Top of Stack: (sp=0x4de2f580)
0x4de2f580: 745a33f0 745a33f0 4df43990 73dbc468
0x4de2f590: 00000000 00000000 745a33f0 4de2f5c8
0x4de2f5a0: 60a28744 4df42650 4de2f5c0 60936158
0x4de2f5b0: 60936161 59009f60 4de2f5e4 60a43080
0x4de2f5c0: 4dfbcee0 00000000 00000001 4caf4e50
0x4de2f5d0: 4df42650 745a33f0 4df43990 745a33f0
0x4de2f5e0: 56bc1984 4de2f600 60a434e9 4df42650
0x4de2f5f0: 4df815c8 00000000 721510e0 745a33f0

Instructions: (pc=0x609daad4)
0x609daab4: 04 00 00 89 86 00 01 00 00 8b 43 08 89 86 04 01
0x609daac4: 00 00 8b 43 30 57 8b 8c 83 e8 04 00 00 8b 45 0c
0x609daad4: f3 0f 7e 40 10 66 0f d6 44 24 10 f3 0f 7e 40 18
0x609daae4: 66 0f d6 44 24 18 f3 0f 7e 40 20 66 0f d6 44 24


Register to memory mapping:

EAX=0x00000000 is an unknown value
EBX=0x4dfbcee0 is an unknown value
ECX=0x00000004 is an unknown value
EDX=0x4dfadf88 is an unknown value
ESP=0x4de2f580 is pointing into the stack for thread: 0x4ce78800
EBP=0x4de2f5b8 is pointing into the stack for thread: 0x4ce78800
ESI=0x4caada98 is an unknown value
EDI=0x745a33f0 is an unknown value


Stack: [0x4dde0000,0x4de30000], sp=0x4de2f580, free space=317k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [atioglxx.dll+0xb7aad4]
C [atioglxx.dll+0xbe3080]
C [atioglxx.dll+0xbe34e9]
C [atioglxx.dll+0x8975e]
C [atioglxx.dll+0x4f02b5]
C [lwjgl.dll+0x6869]
J bfy.a(Lng;ID)I
j bfq.b(F)V+510
j net.minecraft.client.Minecraft.K()V+328
j net.minecraft.client.Minecraft.run()V+90
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub
V [jvm.dll+0x12a34a]
V [jvm.dll+0x1d968e]
V [jvm.dll+0x12a533]
V [jvm.dll+0x12a597]
V [jvm.dll+0xd306f]
V [jvm.dll+0x14a647]
V [jvm.dll+0x14a7b0]
V [jvm.dll+0x17ee89]
C [msvcr100.dll+0x5c6de]
C [msvcr100.dll+0x5c788]
C [kernel32.dll+0x13677]
C [ntdll.dll+0x39f42]
C [ntdll.dll+0x39f15]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
J org.lwjgl.opengl.ARBOcclusionQuery.nglEndQueryARB(IJ)V
J bfy.a(Lng;ID)I
j bfq.a(FJ)V+614
j bfq.b(F)V+510
j net.minecraft.client.Minecraft.K()V+328
j net.minecraft.client.Minecraft.run()V+90
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x556a3000 JavaThread "Server thread" daemon [_thread_in_Java, id=5276, stack(0x56c90000,0x56ce0000)]
0x556a3400 JavaThread "Snooper Timer" daemon [_thread_blocked, id=5600, stack(0x56990000,0x569e0000)]
0x556a2400 JavaThread "Thread-14" daemon [_thread_in_native, id=1196, stack(0x56ad0000,0x56b20000)]
0x4f6e8c00 JavaThread "Thread-10" daemon [_thread_blocked, id=4752, stack(0x4dc40000,0x4dc90000)]
0x4f6e8400 JavaThread "Thread-9" daemon [_thread_blocked, id=5848, stack(0x53670000,0x536c0000)]
=>0x4ce78800 JavaThread "Minecraft main thread" daemon [_thread_in_native, id=4768, stack(0x4dde0000,0x4de30000)]
0x4ce76000 JavaThread "Timer hack thread" daemon [_thread_blocked, id=4404, stack(0x4dbe0000,0x4dc30000)]
0x4ce08000 JavaThread "Snooper Timer" daemon [_thread_blocked, id=3308, stack(0x4dd10000,0x4dd60000)]
0x4cd96800 JavaThread "Keep-Alive-Timer" daemon [_thread_blocked, id=3672, stack(0x4d910000,0x4d960000)]
0x0018b000 JavaThread "DestroyJavaVM" [_thread_blocked, id=4316, stack(0x01f30000,0x01f80000)]
0x4cd3b000 JavaThread "D3D Screen Updater" daemon [_thread_blocked, id=4000, stack(0x4d640000,0x4d690000)]
0x4cd16000 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=5072, stack(0x4d340000,0x4d390000)]
0x4a9f3400 JavaThread "AWT-Windows" daemon [_thread_in_native, id=3948, stack(0x4b2d0000,0x4b320000)]
0x4a9f2c00 JavaThread "AWT-Shutdown" [_thread_blocked, id=2780, stack(0x4b000000,0x4b050000)]
0x4a9f0400 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=4636, stack(0x4ad80000,0x4add0000)]
0x4a89a800 JavaThread "Service Thread" daemon [_thread_blocked, id=5520, stack(0x4ae60000,0x4aeb0000)]
0x4a890c00 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=5832, stack(0x4aa50000,0x4aaa0000)]
0x4a88ec00 JavaThread "Attach Listener" daemon [_thread_blocked, id=4540, stack(0x4ad30000,0x4ad80000)]
0x4a88bc00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=4296, stack(0x4ab40000,0x4ab90000)]
0x005fe800 JavaThread "Finalizer" daemon [_thread_blocked, id=4648, stack(0x4aab0000,0x4ab00000)]
0x005fc000 JavaThread "Reference Handler" daemon [_thread_blocked, id=3900, stack(0x4a790000,0x4a7e0000)]

Other Threads:
0x005f8800 VMThread [stack: 0x4a7e0000,0x4a830000] [id=4340]
0x4a8b8000 WatcherThread [stack: 0x4ade0000,0x4ae30000] [id=5076]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 157376K, used 43576K [0x045a0000, 0x0f060000, 0x19af0000)
eden space 139904K, 18% used [0x045a0000, 0x05f1e068, 0x0ce40000)
from space 17472K, 100% used [0x0df50000, 0x0f060000, 0x0f060000)
to space 17472K, 0% used [0x0ce40000, 0x0ce40000, 0x0df50000)
tenured generation total 349568K, used 131623K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 37% used [0x19af0000, 0x21b79cb0, 0x21b79e00, 0x2f050000)
compacting perm gen total 15104K, used 15066K [0x445a0000, 0x45460000, 0x485a0000)
the space 15104K, 99% used [0x445a0000, 0x45456808, 0x45456a00, 0x45460000)
No shared spaces configured.

Card table byte_map: [0x4a3a0000,0x4a5d0000] byte_map_base: 0x4a37d300

Polling page: 0x00130000

Code Cache [0x025a0000, 0x029d0000, 0x045a0000)
total_blobs=2422 nmethods=2041 adapters=312 free_code_cache=28506Kb largest_free_block=29190016

Compilation events (10 events):
Event: 21.292 Thread 0x4a890c00 2031 net.minecraft.client.Minecraft::x (4 bytes)
Event: 21.293 Thread 0x4a890c00 nmethod 2031 0x029c8708 code [0x029c8800, 0x029c8870]
Event: 21.342 Thread 0x4a890c00 2032 bgb::a (39 bytes)
Event: 21.342 Thread 0x4a890c00 nmethod 2032 0x029c88c8 code [0x029c89c0, 0x029c8aa0]
Event: 21.383 Thread 0x4a890c00 2033 kv::a (59 bytes)
Event: 21.383 Thread 0x4a890c00 nmethod 2033 0x029c8b08 code [0x029c8c20, 0x029c8e0c]
Event: 21.403 Thread 0x4a890c00 2034 ajg::a (36 bytes)
Event: 21.403 Thread 0x4a890c00 nmethod 2034 0x029c8fc8 code [0x029c90d0, 0x029c9198]
Event: 21.465 Thread 0x4a890c00 2035 iz::e (59 bytes)
Event: 21.465 Thread 0x4a890c00 nmethod 2035 0x029c9248 code [0x029c9380, 0x029c9514]

GC Heap History (10 events):
Event: 15.143 GC heap before
{Heap before GC invocations=1 (full 0):
def new generation total 157248K, used 42904K [0x045a0000, 0x0f040000, 0x19af0000)
eden space 139776K, 18% used [0x045a0000, 0x05e76258, 0x0ce20000)
from space 17472K, 100% used [0x0df30000, 0x0f040000, 0x0f040000)
to space 17472K, 0% used [0x0ce20000, 0x0ce20000, 0x0df30000)
tenured generation total 349568K, used 16214K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 4% used [0x19af0000, 0x1aac5838, 0x1aac5a00, 0x2f050000)
compacting perm gen total 13824K, used 13730K [0x445a0000, 0x45320000, 0x485a0000)
the space 13824K, 99% used [0x445a0000, 0x45308b00, 0x45308c00, 0x45320000)
No shared spaces configured.
Event: 15.225 GC heap after
Heap after GC invocations=2 (full 1):
def new generation total 157376K, used 0K [0x045a0000, 0x0f060000, 0x19af0000)
eden space 139904K, 0% used [0x045a0000, 0x045a0000, 0x0ce40000)
from space 17472K, 0% used [0x0ce40000, 0x0ce40000, 0x0df50000)
to space 17472K, 0% used [0x0df50000, 0x0df50000, 0x0f060000)
tenured generation total 349568K, used 34113K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 9% used [0x19af0000, 0x1bc40468, 0x1bc40600, 0x2f050000)
compacting perm gen total 13824K, used 13730K [0x445a0000, 0x45320000, 0x485a0000)
the space 13824K, 99% used [0x445a0000, 0x45308b00, 0x45308c00, 0x45320000)
No shared spaces configured.
}
Event: 15.225 GC heap before
{Heap before GC invocations=2 (full 1):
def new generation total 157376K, used 1427K [0x045a0000, 0x0f060000, 0x19af0000)
eden space 139904K, 1% used [0x045a0000, 0x04704c28, 0x0ce40000)
from space 17472K, 0% used [0x0ce40000, 0x0ce40000, 0x0df50000)
to space 17472K, 0% used [0x0df50000, 0x0df50000, 0x0f060000)
tenured generation total 349568K, used 34113K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 9% used [0x19af0000, 0x1bc40468, 0x1bc40600, 0x2f050000)
compacting perm gen total 13824K, used 13730K [0x445a0000, 0x45320000, 0x485a0000)
the space 13824K, 99% used [0x445a0000, 0x45308b00, 0x45308c00, 0x45320000)
No shared spaces configured.
Event: 15.287 GC heap after
Heap after GC invocations=3 (full 2):
def new generation total 157376K, used 0K [0x045a0000, 0x0f060000, 0x19af0000)
eden space 139904K, 0% used [0x045a0000, 0x045a0000, 0x0ce40000)
from space 17472K, 0% used [0x0ce40000, 0x0ce40000, 0x0df50000)
to space 17472K, 0% used [0x0df50000, 0x0df50000, 0x0f060000)
tenured generation total 349568K, used 34113K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 9% used [0x19af0000, 0x1bc40478, 0x1bc40600, 0x2f050000)
compacting perm gen total 13824K, used 13730K [0x445a0000, 0x45320000, 0x485a0000)
the space 13824K, 99% used [0x445a0000, 0x45308b00, 0x45308c00, 0x45320000)
No shared spaces configured.
}
Event: 16.528 GC heap before
{Heap before GC invocations=3 (full 2):
def new generation total 157376K, used 139904K [0x045a0000, 0x0f060000, 0x19af0000)
eden space 139904K, 100% used [0x045a0000, 0x0ce40000, 0x0ce40000)
from space 17472K, 0% used [0x0ce40000, 0x0ce40000, 0x0df50000)
to space 17472K, 0% used [0x0df50000, 0x0df50000, 0x0f060000)
tenured generation total 349568K, used 34113K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 9% used [0x19af0000, 0x1bc40478, 0x1bc40600, 0x2f050000)
compacting perm gen total 14848K, used 14676K [0x445a0000, 0x45420000, 0x485a0000)
the space 14848K, 98% used [0x445a0000, 0x453f5368, 0x453f5400, 0x45420000)
No shared spaces configured.
Event: 16.582 GC heap after
Heap after GC invocations=4 (full 2):
def new generation total 157376K, used 17472K [0x045a0000, 0x0f060000, 0x19af0000)
eden space 139904K, 0% used [0x045a0000, 0x045a0000, 0x0ce40000)
from space 17472K, 100% used [0x0df50000, 0x0f060000, 0x0f060000)
to space 17472K, 0% used [0x0ce40000, 0x0ce40000, 0x0df50000)
tenured generation total 349568K, used 69153K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 19% used [0x19af0000, 0x1de787f8, 0x1de78800, 0x2f050000)
compacting perm gen total 14848K, used 14676K [0x445a0000, 0x45420000, 0x485a0000)
the space 14848K, 98% used [0x445a0000, 0x453f5368, 0x453f5400, 0x45420000)
No shared spaces configured.
}
Event: 17.530 GC heap before
{Heap before GC invocations=4 (full 2):
def new generation total 157376K, used 94570K [0x045a0000, 0x0f060000, 0x19af0000)
eden space 139904K, 55% used [0x045a0000, 0x090eaa78, 0x0ce40000)
from space 17472K, 100% used [0x0df50000, 0x0f060000, 0x0f060000)
to space 17472K, 0% used [0x0ce40000, 0x0ce40000, 0x0df50000)
tenured generation total 349568K, used 69153K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 19% used [0x19af0000, 0x1de787f8, 0x1de78800, 0x2f050000)
compacting perm gen total 15104K, used 15002K [0x445a0000, 0x45460000, 0x485a0000)
the space 15104K, 99% used [0x445a0000, 0x45446b70, 0x45446c00, 0x45460000)
No shared spaces configured.
Event: 17.594 GC heap after
Heap after GC invocations=5 (full 2):
def new generation total 157376K, used 17472K [0x045a0000, 0x0f060000, 0x19af0000)
eden space 139904K, 0% used [0x045a0000, 0x045a0000, 0x0ce40000)
from space 17472K, 100% used [0x0ce40000, 0x0df50000, 0x0df50000)
to space 17472K, 0% used [0x0df50000, 0x0df50000, 0x0f060000)
tenured generation total 349568K, used 101757K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 29% used [0x19af0000, 0x1fe4f7b0, 0x1fe4f800, 0x2f050000)
compacting perm gen total 15104K, used 15002K [0x445a0000, 0x45460000, 0x485a0000)
the space 15104K, 99% used [0x445a0000, 0x45446b70, 0x45446c00, 0x45460000)
No shared spaces configured.
}
Event: 20.852 GC heap before
{Heap before GC invocations=5 (full 2):
def new generation total 157376K, used 157376K [0x045a0000, 0x0f060000, 0x19af0000)
eden space 139904K, 100% used [0x045a0000, 0x0ce40000, 0x0ce40000)
from space 17472K, 100% used [0x0ce40000, 0x0df50000, 0x0df50000)
to space 17472K, 0% used [0x0df50000, 0x0df50000, 0x0f060000)
tenured generation total 349568K, used 101757K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 29% used [0x19af0000, 0x1fe4f7b0, 0x1fe4f800, 0x2f050000)
compacting perm gen total 15104K, used 15065K [0x445a0000, 0x45460000, 0x485a0000)
the space 15104K, 99% used [0x445a0000, 0x45456518, 0x45456600, 0x45460000)
No shared spaces configured.
Event: 20.908 GC heap after
Heap after GC invocations=6 (full 2):
def new generation total 157376K, used 17472K [0x045a0000, 0x0f060000, 0x19af0000)
eden space 139904K, 0% used [0x045a0000, 0x045a0000, 0x0ce40000)
from space 17472K, 100% used [0x0df50000, 0x0f060000, 0x0f060000)
to space 17472K, 0% used [0x0ce40000, 0x0ce40000, 0x0df50000)
tenured generation total 349568K, used 131623K [0x19af0000, 0x2f050000, 0x445a0000)
the space 349568K, 37% used [0x19af0000, 0x21b79cb0, 0x21b79e00, 0x2f050000)
compacting perm gen total 15104K, used 15065K [0x445a0000, 0x45460000, 0x485a0000)
the space 15104K, 99% used [0x445a0000, 0x45456518, 0x45456600, 0x45460000)
No shared spaces configured.
}

Deoptimization events (0 events):
No events

Internal exceptions (10 events):
Event: 21.220 Thread 0x4f6e8400 Threw 0x04970ed8 at C:\jdk7u2_32P\jdk7u17\hotspot\src\share\vm\prims\jvm.cpp:2888
Event: 21.244 Thread 0x4f6e8400 Threw 0x04971078 at C:\jdk7u2_32P\jdk7u17\hotspot\src\share\vm\prims\jvm.cpp:2888
Event: 21.274 Thread 0x4f6e8400 Threw 0x04971218 at C:\jdk7u2_32P\jdk7u17\hotspot\src\share\vm\prims\jvm.cpp:2888
Event: 21.295 Thread 0x4f6e8400 Threw 0x049713b8 at C:\jdk7u2_32P\jdk7u17\hotspot\src\share\vm\prims\jvm.cpp:2888
Event: 21.295 Thread 0x4f6e8400 Threw 0x04971538 at C:\jdk7u2_32P\jdk7u17\hotspot\src\share\vm\prims\jvm.cpp:2888
Event: 21.334 Thread 0x4f6e8400 Threw 0x049716b8 at C:\jdk7u2_32P\jdk7u17\hotspot\src\share\vm\prims\jvm.cpp:2888
Event: 21.385 Thread 0x4f6e8400 Threw 0x04971858 at C:\jdk7u2_32P\jdk7u17\hotspot\src\share\vm\prims\jvm.cpp:2888
Event: 21.448 Thread 0x4f6e8400 Threw 0x049719f8 at C:\jdk7u2_32P\jdk7u17\hotspot\src\share\vm\prims\jvm.cpp:2888
Event: 21.448 Thread 0x4f6e8400 Threw 0x04971b78 at C:\jdk7u2_32P\jdk7u17\hotspot\src\share\vm\prims\jvm.cpp:2888
Event: 21.502 Thread 0x4f6e8400 Threw 0x04971cf8 at C:\jdk7u2_32P\jdk7u17\hotspot\src\share\vm\prims\jvm.cpp:2888

Events (10 events):
Event: 20.910 Executing VM operation: RevokeBias
Event: 20.911 Executing VM operation: RevokeBias done
Event: 20.911 Executing VM operation: RevokeBias
Event: 20.911 Executing VM operation: RevokeBias done
Event: 20.911 Executing VM operation: BulkRevokeBias
Event: 20.911 Executing VM operation: BulkRevokeBias done
Event: 20.911 Executing VM operation: RevokeBias
Event: 20.911 Executing VM operation: RevokeBias done
Event: 20.911 Executing VM operation: BulkRevokeBias
Event: 20.911 Executing VM operation: BulkRevokeBias done


Dynamic libraries:
0x00310000 - 0x0033f000 C:\Program Files (x86)\Java\jre7\bin\javaw.exe
0x77b10000 - 0x77c90000 C:\Windows\SysWOW64\ntdll.dll
0x75f40000 - 0x76050000 C:\Windows\syswow64\kernel32.dll
0x76050000 - 0x76097000 C:\Windows\syswow64\KERNELBASE.dll
0x760a0000 - 0x76140000 C:\Windows\syswow64\ADVAPI32.dll
0x76930000 - 0x769dc000 C:\Windows\syswow64\msvcrt.dll
0x75a10000 - 0x75a29000 C:\Windows\SysWOW64\sechost.dll
0x764e0000 - 0x765d0000 C:\Windows\syswow64\RPCRT4.dll
0x75670000 - 0x756d0000 C:\Windows\syswow64\SspiCli.dll
0x75660000 - 0x7566c000 C:\Windows\syswow64\CRYPTBASE.dll
0x75710000 - 0x75810000 C:\Windows\syswow64\USER32.dll
0x75a30000 - 0x75ac0000 C:\Windows\syswow64\GDI32.dll
0x75d60000 - 0x75d6a000 C:\Windows\syswow64\LPK.dll
0x75910000 - 0x759ad000 C:\Windows\syswow64\USP10.dll
0x74d10000 - 0x74eae000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll
0x759b0000 - 0x75a07000 C:\Windows\syswow64\SHLWAPI.dll
0x75810000 - 0x75870000 C:\Windows\system32\IMM32.DLL
0x76400000 - 0x764cc000 C:\Windows\syswow64\MSCTF.dll
0x66040000 - 0x660fe000 C:\Program Files (x86)\Java\jre7\bin\msvcr100.dll
0x641f0000 - 0x6453c000 C:\Program Files (x86)\Java\jre7\bin\client\jvm.dll
0x75470000 - 0x75477000 C:\Windows\system32\WSOCK32.dll
0x756d0000 - 0x75705000 C:\Windows\syswow64\WS2_32.dll
0x764d0000 - 0x764d6000 C:\Windows\syswow64\NSI.dll
0x6e810000 - 0x6e842000 C:\Windows\system32\WINMM.dll
0x77ae0000 - 0x77ae5000 C:\Windows\syswow64\PSAPI.DLL
0x74320000 - 0x7432c000 C:\Program Files (x86)\Java\jre7\bin\verify.dll
0x6a5f0000 - 0x6a610000 C:\Program Files (x86)\Java\jre7\bin\java.dll
0x68130000 - 0x68143000 C:\Program Files (x86)\Java\jre7\bin\zip.dll
0x67f70000 - 0x680b2000 C:\Program Files (x86)\Java\jre7\bin\awt.dll
0x75cc0000 - 0x75d4f000 C:\Windows\syswow64\OLEAUT32.dll
0x75de0000 - 0x75f3c000 C:\Windows\syswow64\ole32.dll
0x6e680000 - 0x6e693000 C:\Windows\system32\DWMAPI.DLL
0x6f150000 - 0x6f1d0000 C:\Windows\system32\uxtheme.dll
0x6a610000 - 0x6a7d3000 C:\Windows\system32\d3d9.dll
0x75590000 - 0x75599000 C:\Windows\system32\VERSION.dll
0x73ff0000 - 0x73ff6000 C:\Windows\system32\d3d8thk.dll
0x6ae00000 - 0x6af10000 C:\Windows\system32\aticfx32.dll
0x6adc0000 - 0x6addb000 C:\Windows\system32\atiu9pag.dll
0x68e90000 - 0x694df000 C:\Windows\system32\atiumdag.dll
0x686a0000 - 0x68e8e000 C:\Windows\system32\atiumdva.dll
0x74840000 - 0x74856000 C:\Windows\system32\CRYPTSP.dll
0x74800000 - 0x7483b000 C:\Windows\system32\rsaenh.dll
0x730a0000 - 0x730b7000 C:\Windows\system32\USERENV.dll
0x72a80000 - 0x72a8b000 C:\Windows\system32\profapi.dll
0x66380000 - 0x66394000 C:\Program Files (x86)\Java\jre7\bin\net.dll
0x72a40000 - 0x72a7c000 C:\Windows\system32\mswsock.dll
0x71bd0000 - 0x71bd6000 C:\Windows\System32\wship6.dll
0x71d80000 - 0x71d90000 C:\Windows\system32\NLAapi.dll
0x72320000 - 0x72364000 C:\Windows\system32\DNSAPI.dll
0x71d70000 - 0x71d78000 C:\Windows\System32\winrnr.dll
0x71d60000 - 0x71d70000 C:\Windows\system32\napinsp.dll
0x71d40000 - 0x71d52000 C:\Windows\system32\pnrpnsp.dll
0x72a30000 - 0x72a35000 C:\Windows\System32\wshtcpip.dll
0x75140000 - 0x7515c000 C:\Windows\system32\IPHLPAPI.DLL
0x75130000 - 0x75137000 C:\Windows\system32\WINNSI.DLL
0x71be0000 - 0x71be6000 C:\Windows\system32\rasadhlp.dll
0x71bf0000 - 0x71c28000 C:\Windows\System32\fwpuclnt.dll
0x73fe0000 - 0x73fee000 C:\Program Files (x86)\Java\jre7\bin\nio.dll
0x66360000 - 0x66380000 C:\Program Files (x86)\Java\jre7\bin\sunec.dll
0x66330000 - 0x6635a000 C:\Program Files (x86)\Java\jre7\bin\fontmanager.dll
0x6c7e0000 - 0x6c856000 C:\Windows\system32\RICHED20.DLL
0x66260000 - 0x66291000 C:\Program Files (x86)\Java\jre7\bin\t2k.dll
0x4b120000 - 0x4b18b000 C:\Users\honza\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll
0x65d10000 - 0x65dd8000 C:\Windows\system32\OPENGL32.dll
0x661d0000 - 0x661f2000 C:\Windows\system32\GLU32.dll
0x65c20000 - 0x65d07000 C:\Windows\system32\DDRAW.dll
0x6c880000 - 0x6c886000 C:\Windows\system32\DCIMAN32.dll
0x76260000 - 0x763fd000 C:\Windows\syswow64\SETUPAPI.dll
0x76a10000 - 0x76a37000 C:\Windows\syswow64\CFGMGR32.dll
0x75dc0000 - 0x75dd2000 C:\Windows\syswow64\DEVOBJ.dll
0x6ac80000 - 0x6ac86000 C:\Program Files (x86)\Java\jre7\bin\jawt.dll
0x662c0000 - 0x662d5000 C:\Windows\system32\atiglpxx.dll
0x5fe60000 - 0x613ef000 C:\Windows\system32\atioglxx.dll
0x65b40000 - 0x65c19000 C:\Windows\system32\atiadlxy.dll
0x76ac0000 - 0x77709000 C:\Windows\syswow64\SHELL32.dll
0x6bc00000 - 0x6bcf5000 C:\Windows\system32\PROPSYS.dll
0x72c30000 - 0x72c3d000 C:\Windows\system32\WTSAPI32.dll
0x769e0000 - 0x76a0d000 C:\Windows\syswow64\WINTRUST.dll
0x76140000 - 0x7625e000 C:\Windows\syswow64\CRYPT32.dll
0x75d50000 - 0x75d5c000 C:\Windows\syswow64\MSASN1.dll
0x661b0000 - 0x661cc000 C:\Windows\system32\atigktxx.dll
0x65690000 - 0x657b9000 C:\Users\honza\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll
0x6afc0000 - 0x6b032000 C:\Windows\system32\dsound.dll
0x71210000 - 0x71235000 C:\Windows\system32\POWRPROF.dll
0x75c00000 - 0x75c83000 C:\Windows\syswow64\CLBCatQ.DLL
0x6c620000 - 0x6c659000 C:\Windows\System32\MMDevApi.dll
0x66180000 - 0x661b0000 C:\Windows\system32\wdmaud.drv
0x69800000 - 0x69804000 C:\Windows\system32\ksuser.dll
0x6adb0000 - 0x6adb7000 C:\Windows\system32\AVRT.dll
0x6c700000 - 0x6c736000 C:\Windows\system32\AUDIOSES.DLL
0x6c860000 - 0x6c868000 C:\Windows\system32\msacm32.drv
0x662a0000 - 0x662b4000 C:\Windows\system32\MSACM32.dll
0x6ac60000 - 0x6ac67000 C:\Windows\system32\midimap.dll
0x6a940000 - 0x6a949000 C:\Program Files (x86)\Java\jre7\bin\sunmscapi.dll
0x67f60000 - 0x67f6a000 C:\Program Files (x86)\Java\jre7\bin\management.dll
0x72a10000 - 0x72a22000 C:\Windows\system32\dhcpcsvc.DLL

VM Arguments:
jvm_args: -Xms512m -Xmx1024m
java_command: C:\Users\honza\Desktop\Minecraft.exe
Launcher Type: SUN_STANDARD

Environment Variables:
CLASSPATH=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
PATH=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files\Internet Explorer;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Java\jre7\bin
USERNAME=honza
OS=Windows_NT
PROCESSOR_IDENTIFIER=AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD



--------------- S Y S T E M ---------------

OS: Windows 7 , 64 bit Build 7600

CPU:total 2 (2 cores per cpu, 1 threads per core) family 16 model 6 stepping 2, cmov, cx8, fxsr, mmx, sse, sse2, sse3, popcnt, mmxext, 3dnowpref, lzcnt, sse4a, tsc, tscinvbit, tscinv

Memory: 4k page, physical 8387768k(5183964k free), swap 16773628k(12994268k free)

vm_info: Java HotSpot(TM) Client VM (23.7-b01) for windows-x86 JRE (1.7.0_17-b02), built on Mar 1 2013 05:04:36 by "java_re" with unknown MS VC++:1600

time: Sun Apr 20 13:27:12 2014
elapsed time: 21 seconds

[jaro3]

Vlož nový log z HJT + info o problémech.

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

[milan111]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:37:22, on 24.4.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\LibreOffice 3.5\program\sweb.exe
C:\Program Files (x86)\LibreOffice 3.5\program\soffice.exe
C:\Program Files (x86)\LibreOffice 3.5\program\soffice.bin
C:\Program Files (x86)\LibreOffice 3.5\program\sweb.exe
C:\Program Files (x86)\LibreOffice 3.5\program\soffice.exe
C:\Program Files (x86)\LibreOffice 3.5\program\soffice.bin
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

--
End of file - 7364 bytes

[jaro3]

Platform: Windows 7 doinstaluj si SP1

Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Program Files\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Program Files (x86)\*.tmp
C:\Users\honza\Downloads\*.tmp

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
C:\_OTMoveIt\MovedFiles\********_******.log

[milan111]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\system32\DUMP*.tmp not found.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File/Folder C:\Program Files\*.tmp not found.
File/Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File/Folder C:\Windows\SysNative\drivers\*.tmp not found.
File/Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File/Folder C:\Program Files (x86)\*.tmp not found.
File/Folder C:\Windows\SysWow64\*.tmp not found.
File/Folder C:\Windows\SysNative\*.tmp not found.
File/Folder C:\Program Files (x86)\*.tmp not found.
File/Folder C:\Users\honza\Downloads\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: honza
->Temp folder emptied: 57695840 bytes
->Temporary Internet Files folder emptied: 65938 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 353141458 bytes
->Opera cache emptied: 55513153 bytes
->Flash cache emptied: 1097 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66074036 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 508,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 04252014_141415

Files moved on Reboot...
C:\Users\honza\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...