/*
Oddělěno z vlákna viewtopic.php?f=46&t=136428
Myloš
*/
tu je log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:36, on 17. 7. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\SaneXo\Downloads\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type ... 1D739XA&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type ... 1D739XA&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=ds&ts=13 ... 1D739XA&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=ds&ts=13 ... 1D739XA&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSStp] C:\Windows\system32\msstp.vbe
O4 - HKLM\..\Run: [mncewegfSrv] C:\Windows\inf\mncewegf.vbe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: iSCTsysTray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs:
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASRock IO Monitor Service (ASRockIOMon) - Unknown owner - C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginService\PluginService.exe
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
Po spuštění: „Program mncewegf.exe přestal pracovat“ *
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Po spuštění: „Program mncewegf.exe přestal pracovat“ *
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Po spuštění: „Program mncewegf.exe přestal pracovat“ *
ATF som nestahoval - používam chrome ..
Tu je log z malwarebytes ale neviem či som ho dal dobre, ja takéto programy ovládať neviem.. našlo mi to tu asi 140 chýb ..
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 17. 7. 2014
Scan Time: 12:04:42
Logfile: jjj.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.17.04
Rootkit Database: v2014.07.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SaneXo
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 228661
Time Elapsed: 1 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 3
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1320, , [1682f6aa4a31b4828770c39ad72a54ac]
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1484, , [9ff9772908730531778017463ec32dd3]
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, 1540, , [2771f3addaa1d16596e05117c73a1be5]
Modules: 0
(No malicious items detected)
Registry Keys: 14
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, , [1682f6aa4a31b4828770c39ad72a54ac],
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, , [9ff9772908730531778017463ec32dd3],
PUP.Optional.WpManager, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm, , [2771f3addaa1d16596e05117c73a1be5],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKU\S-1-5-21-1154653714-3081114308-4112707931-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKU\S-1-5-21-1154653714-3081114308-4112707931-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SupTab, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\qone8Software, , [e8b09d03ef8c5cda85e522e44cb86799],
PUP.Optional.Qone8, HKU\S-1-5-21-1154653714-3081114308-4112707931-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [3f59c3dd5a2190a61d9fda2dba4a7987],
Registry Values: 1
PUP.Optional.WpManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM|ImagePath, C:\ProgramData\WPM\wprotectmanager.exe -service, , [2c6ca1ffa7d49f970f822ae2976d12ee]
Registry Data: 8
PUP.Optional.Qone8, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1398 ... XXZ1D739XA, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1398 ... XXZ1D739XA),,[980027794c2fea4c3f25851fc83cd927]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[70280a960f6ca78f76f38025d92bb34d]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[20781c84611a2c0a313cefb6857f45bb]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1398 ... XXZ1D739XA, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1398 ... XXZ1D739XA),,[99ff831df883dc5a382ceeb6c3418080]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[ebadffa10378c472e386adf809fb1ae6]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[9efa910f5e1d280eda93ddc839cb649c]
PUP.Optional.Delta.A, HKU\S-1-5-21-1154653714-3081114308-4112707931-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[ecace7b905767fb72c4240651ce8dd23]
PUP.Optional.Delta.A, HKU\S-1-5-21-1154653714-3081114308-4112707931-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[8810b1efc5b6d2645b0f45607c88639d]
Folders: 32
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, , [0b8d425ef982a0961eabce14f50d41bf],
Rogue.Multiple, C:\ProgramData\374311380, , [d1c7019ff7841620392bcac7dc26cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\bitstreams, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, , [5048fba54a3178be239df3b0a85a40c0],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, , [5048fba54a3178be239df3b0a85a40c0],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, , [51476a36fa8196a0a3415363e71b847c],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, , [51476a36fa8196a0a3415363e71b847c],
Files: 70
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, , [1682f6aa4a31b4828770c39ad72a54ac],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, , [9ff9772908730531778017463ec32dd3],
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, , [2771f3addaa1d16596e05117c73a1be5],
Trojan.Agent.VBS, C:\Windows\SysWOW64\msstp.vbe, , [5e3ac1dfe695a6904c1275697c86649c],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
Rogue.Multiple, C:\ProgramData\374311380\BIT5549.tmp, , [d1c7019ff7841620392bcac7dc26cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\diablo130302.cl, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\diakgcn121016.cl, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\libcurl-4.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\libeay32.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\libidn-11.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\librtmp.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\libssh2.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\mncewegf.exe, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\phatk121016.cl, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\poclbm130302.cl, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\scrypt130511.cl, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\ssleay32.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\zlib1.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, , [5048fba54a3178be239df3b0a85a40c0],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, , [51476a36fa8196a0a3415363e71b847c],
Physical Sectors: 0
(No malicious items detected)
(end)
ešte dodám z adwcleaner
Tu je log z malwarebytes ale neviem či som ho dal dobre, ja takéto programy ovládať neviem.. našlo mi to tu asi 140 chýb ..
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 17. 7. 2014
Scan Time: 12:04:42
Logfile: jjj.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.17.04
Rootkit Database: v2014.07.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SaneXo
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 228661
Time Elapsed: 1 min, 30 sec
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 3
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, 1320, , [1682f6aa4a31b4828770c39ad72a54ac]
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1484, , [9ff9772908730531778017463ec32dd3]
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, 1540, , [2771f3addaa1d16596e05117c73a1be5]
Modules: 0
(No malicious items detected)
Registry Keys: 14
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, , [1682f6aa4a31b4828770c39ad72a54ac],
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, , [9ff9772908730531778017463ec32dd3],
PUP.Optional.WpManager, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm, , [2771f3addaa1d16596e05117c73a1be5],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKU\S-1-5-21-1154653714-3081114308-4112707931-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKU\S-1-5-21-1154653714-3081114308-4112707931-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SupTab, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\qone8Software, , [e8b09d03ef8c5cda85e522e44cb86799],
PUP.Optional.Qone8, HKU\S-1-5-21-1154653714-3081114308-4112707931-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [3f59c3dd5a2190a61d9fda2dba4a7987],
Registry Values: 1
PUP.Optional.WpManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM|ImagePath, C:\ProgramData\WPM\wprotectmanager.exe -service, , [2c6ca1ffa7d49f970f822ae2976d12ee]
Registry Data: 8
PUP.Optional.Qone8, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1398 ... XXZ1D739XA, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1398 ... XXZ1D739XA),,[980027794c2fea4c3f25851fc83cd927]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[70280a960f6ca78f76f38025d92bb34d]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[20781c84611a2c0a313cefb6857f45bb]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1398 ... XXZ1D739XA, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1398 ... XXZ1D739XA),,[99ff831df883dc5a382ceeb6c3418080]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[ebadffa10378c472e386adf809fb1ae6]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[9efa910f5e1d280eda93ddc839cb649c]
PUP.Optional.Delta.A, HKU\S-1-5-21-1154653714-3081114308-4112707931-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[ecace7b905767fb72c4240651ce8dd23]
PUP.Optional.Delta.A, HKU\S-1-5-21-1154653714-3081114308-4112707931-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA, Good: (www.google.com), Bad: (http://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA),,[8810b1efc5b6d2645b0f45607c88639d]
Folders: 32
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, , [0b8d425ef982a0961eabce14f50d41bf],
Rogue.Multiple, C:\ProgramData\374311380, , [d1c7019ff7841620392bcac7dc26cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\bitstreams, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, , [5048fba54a3178be239df3b0a85a40c0],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, , [5048fba54a3178be239df3b0a85a40c0],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, , [51476a36fa8196a0a3415363e71b847c],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, , [51476a36fa8196a0a3415363e71b847c],
Files: 70
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, , [1682f6aa4a31b4828770c39ad72a54ac],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, , [9ff9772908730531778017463ec32dd3],
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, , [2771f3addaa1d16596e05117c73a1be5],
Trojan.Agent.VBS, C:\Windows\SysWOW64\msstp.vbe, , [5e3ac1dfe695a6904c1275697c86649c],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, , [0b8d425ef982a0961eabce14f50d41bf],
Rogue.Multiple, C:\ProgramData\374311380\BIT5549.tmp, , [d1c7019ff7841620392bcac7dc26cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\diablo130302.cl, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\diakgcn121016.cl, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\libcurl-4.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\libeay32.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\libidn-11.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\librtmp.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\libssh2.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\mncewegf.exe, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\phatk121016.cl, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\poclbm130302.cl, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\scrypt130511.cl, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\ssleay32.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\zlib1.dll, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
Trojan.Agent.BCM, C:\Windows\inf\mncewegf\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [9cfcd7c9f4879f97adabeeb5a75b6e92],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, , [5048fba54a3178be239df3b0a85a40c0],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, , [51476a36fa8196a0a3415363e71b847c],
Physical Sectors: 0
(No malicious items detected)
(end)
ešte dodám z adwcleaner
Re: Po spuštění: „Program mncewegf.exe přestal pracovat“ *
Tu je AdwCleaner
# AdwCleaner v3.215 - Report created 17/07/2014 at 12:10:54
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SaneXo - SANEXO-PC
# Running from : C:\Users\SaneXo\Downloads\adwcleaner_3.215.exe
# Option : Scan
***** [ Services ] *****
Service Found : IePluginService
Service Found : IePluginServices
Service Found : Wpm
***** [ Files / Folders ] *****
File Found : C:\Users\SaneXo\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\SaneXo\AppData\Roaming\regsvr32.exe_log.txt
Folder Found : C:\Program Files (x86)\SupTab
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\IePluginService
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\WPM
Folder Found : C:\Users\SaneXo\AppData\Roaming\qone8
Folder Found : C:\Users\SaneXo\AppData\Roaming\SupTab
***** [ Shortcuts ] *****
Shortcut Found : C:\Users\SaneXo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.delta-homes.com/?type=sc&ts= ... XXZ1D739XA )
Shortcut Found : C:\Users\SaneXo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.delta-homes.com/?type=sc&ts= ... XXZ1D739XA )
Shortcut Found : C:\Users\SaneXo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.delta-homes.com/?type=sc&ts= ... XXZ1D739XA )
Shortcut Found : C:\Users\SaneXo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk ( hxxp://www.delta-homes.com/?type=sc&ts= ... XXZ1D739XA )
***** [ Registry ] *****
Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1398 ... XXZ1D739XA
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\Software\delta-homesSoftware
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab
Key Found : HKLM\Software\qone8Software
Key Found : HKLM\Software\SafetyNut
Key Found : HKLM\Software\SupDp
Key Found : HKLM\Software\SupTab
Key Found : HKLM\Software\supWPM
Key Found : HKLM\Software\Wpm
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.delta-homes.com/web/?type ... 1D739XA&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.delta-homes.com/web/?type ... 1D739XA&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.qone8.com/web/?type=ds&ts=13 ... 1D739XA&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.qone8.com/web/?type=ds&ts=13 ... 1D739XA&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.qone8.com/web/?type=ds&ts=13 ... 1D739XA&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.qone8.com/web/?type=ds&ts=13 ... 1D739XA&q={searchTerms}
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\SaneXo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gc ... nrs=AG1&q={searchTerms}
Found [Search Provider] : hxxp://search.delta-homes.com/web/?type ... 1D739XA&q={searchTerms}
*************************
AdwCleaner[R0].txt - [9482 octets] - [17/07/2014 12:10:54]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9542 octets] ##########
# AdwCleaner v3.215 - Report created 17/07/2014 at 12:10:54
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : SaneXo - SANEXO-PC
# Running from : C:\Users\SaneXo\Downloads\adwcleaner_3.215.exe
# Option : Scan
***** [ Services ] *****
Service Found : IePluginService
Service Found : IePluginServices
Service Found : Wpm
***** [ Files / Folders ] *****
File Found : C:\Users\SaneXo\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\SaneXo\AppData\Roaming\regsvr32.exe_log.txt
Folder Found : C:\Program Files (x86)\SupTab
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\IePluginService
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\WPM
Folder Found : C:\Users\SaneXo\AppData\Roaming\qone8
Folder Found : C:\Users\SaneXo\AppData\Roaming\SupTab
***** [ Shortcuts ] *****
Shortcut Found : C:\Users\SaneXo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.delta-homes.com/?type=sc&ts= ... XXZ1D739XA )
Shortcut Found : C:\Users\SaneXo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.delta-homes.com/?type=sc&ts= ... XXZ1D739XA )
Shortcut Found : C:\Users\SaneXo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.delta-homes.com/?type=sc&ts= ... XXZ1D739XA )
Shortcut Found : C:\Users\SaneXo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk ( hxxp://www.delta-homes.com/?type=sc&ts= ... XXZ1D739XA )
***** [ Registry ] *****
Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1398 ... XXZ1D739XA
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\Software\delta-homesSoftware
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SupTab
Key Found : HKLM\Software\qone8Software
Key Found : HKLM\Software\SafetyNut
Key Found : HKLM\Software\SupDp
Key Found : HKLM\Software\SupTab
Key Found : HKLM\Software\supWPM
Key Found : HKLM\Software\Wpm
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.delta-homes.com/web/?type ... 1D739XA&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.delta-homes.com/web/?type ... 1D739XA&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.qone8.com/web/?type=ds&ts=13 ... 1D739XA&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.qone8.com/web/?type=ds&ts=13 ... 1D739XA&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.qone8.com/web/?type=ds&ts=13 ... 1D739XA&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?type=hp&ts= ... XXZ1D739XA
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.qone8.com/web/?type=ds&ts=13 ... 1D739XA&q={searchTerms}
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\SaneXo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gc ... nrs=AG1&q={searchTerms}
Found [Search Provider] : hxxp://search.delta-homes.com/web/?type ... 1D739XA&q={searchTerms}
*************************
AdwCleaner[R0].txt - [9482 octets] - [17/07/2014 12:10:54]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9542 octets] ##########
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43287
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Po spuštění: „Program mncewegf.exe přestal pracovat“ *
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 28 hostů