Kód: Vybrat vše
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:02:22, on 1. 7. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Windows\syswow64\wwahost.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\WindowsApps\Disney.WheresMyWater_1.13.0.23_x86__6rarf9sa4v8jt\WheresMyWater.WindowsStore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\lin\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: saVe ono - {3A153C60-7EBA-1216-05D4-BF0051DF44FE} - (no file)
O2 - BHO: MySearch - {5F456C70-A7C7-1A43-3A42-0F1C34A18A62} - C:\Program Files (x86)\MySearch\n5s.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [TeamSpeak 3 Client] "C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\lin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - Global Startup: Monitor Apache Servers.lnk = S:\Apache\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apache - Apache Software Foundation - S:\Apache\bin\httpd.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - S:\MySQL\MySQL.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 7549 bytes
Předem děkuji za pomoc
==================================================================================================================================
EDIT
==================================================================================================================================
Koukám, že se jako první krok téměř vždy radí toto. Tak jsem pro urychlení provedl zmiňovaný postup.
AdwCleaner (by Xplode)
Kód: Vybrat vše
# AdwCleaner v3.214 - Report created 01/07/2014 at 22:16:10
# Updated 29/06/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : lin - PROBOOK
# Running from : C:\Users\lin\Downloads\adwcleaner_3.214.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\ProgramData\Adblocker
Folder Found : C:\ProgramData\save oN
Folder Found : C:\ProgramData\saVe ono
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehggnkmmkpihopkjhnhglnabicciikld
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\moihmnkmeeocglajcejhdkdfjdldgmfm
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehggnkmmkpihopkjhnhglnabicciikld
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\moihmnkmeeocglajcejhdkdfjdldgmfm
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehggnkmmkpihopkjhnhglnabicciikld
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\moihmnkmeeocglajcejhdkdfjdldgmfm
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehggnkmmkpihopkjhnhglnabicciikld
Folder Found : C:\Users\lin\AppData\Local\Google\Chrome\User Data\Default\Extensions\moihmnkmeeocglajcejhdkdfjdldgmfm
Folder Found : C:\Users\lin\AppData\Local\Chromatic Browser
Folder Found : C:\Users\lin\AppData\Local\torch
Folder Found : C:\Users\lin\Desktop\sygic
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-4675958519
***** [ Browsers ] *****
-\\ Internet Explorer v0.0.0.0
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56
-\\ Google Chrome v35.0.1916.153
[ File : C:\Users\lin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Extension] : ehggnkmmkpihopkjhnhglnabicciikld
Found [Extension] : moihmnkmeeocglajcejhdkdfjdldgmfm
*************************
AdwCleaner[R0].txt - [4008 octets] - [01/07/2014 22:16:10]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4068 octets] ##########
Malwarebytes' Anti-Malware
Kód: Vybrat vše
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1. 7. 2014
Scan Time: 22:24:19
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.01.07
Rootkit Database: v2014.07.01.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: lin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291407
Time Elapsed: 8 min, 22 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 12
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{5F456C70-A7C7-1A43-3A42-0F1C34A18A62}, , [77e41189334847efab6bb0a02ed30bf5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5F456C70-A7C7-1A43-3A42-0F1C34A18A62}, , [77e41189334847efab6bb0a02ed30bf5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{5F456C70-A7C7-1A43-3A42-0F1C34A18A62}, , [77e41189334847efab6bb0a02ed30bf5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5F456C70-A7C7-1A43-3A42-0F1C34A18A62}, , [77e41189334847efab6bb0a02ed30bf5],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-3221567124-3434714104-2726676116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5F456C70-A7C7-1A43-3A42-0F1C34A18A62}, , [77e41189334847efab6bb0a02ed30bf5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5F456C70-A7C7-1A43-3A42-0F1C34A18A62}, , [77e41189334847efab6bb0a02ed30bf5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5F456C70-A7C7-1A43-3A42-0F1C34A18A62}, , [77e41189334847efab6bb0a02ed30bf5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{5F456C70-A7C7-1A43-3A42-0F1C34A18A62}\INPROCSERVER32, , [77e41189334847efab6bb0a02ed30bf5],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\S-4675958519, , [144755458bf0bd790e48baf57b87e020],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3221567124-3434714104-2726676116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [12498c0ecbb0f244f75b03d1887ada26],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3221567124-3434714104-2726676116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [a4b74d4de09b7db9590c15d5b94a42be],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-3221567124-3434714104-2726676116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [510ad9c1146741f5535e6593ae5545bb],
Registry Values: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3221567124-3434714104-2726676116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M2P0U0F0B1O1O1G, , [a4b74d4de09b7db9590c15d5b94a42be]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-3221567124-3434714104-2726676116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [d5869bffadce11254f635f992cd7f40c]
Registry Data: 4
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56, Good: (http://www.google.com), Bad: (http://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56),,[98c30d8dfd7edb5b6ae88302b74de11f]
PUP.Optional.FastSearchings.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56, Good: (www.google.com), Bad: (http://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56),,[84d774262556e650fd1f127e9470ad53]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-3221567124-3434714104-2726676116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56, Good: (http://www.google.com), Bad: (http://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56),,[045747530a7139fdc38e6421986c5fa1]
PUP.Optional.FastSearchings.A, HKU\S-1-5-21-3221567124-3434714104-2726676116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56, Good: (www.google.com), Bad: (http://websearch.fastsearchings.info/?pid=2356&r=2014/06/27&hid=7269220094913839908&lg=EN&cc=HR&unqvl=56),,[4d0ed6c40576f73f9f7e8d031ee6e818]
Folders: 1
PUP.Optional.SaveOn.A, C:\ProgramData\save oN, , [0c4fe9b1a3d81f174e3d5850d72b4fb1],
Files: 3
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\MySearch\n5s.x64.dll, , [77e41189334847efab6bb0a02ed30bf5],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\MySearch\n5s.dll, , [77e41189334847efab6bb0a02ed30bf5],
PUP.Optional.Multiplug, C:\ProgramData\saVe ono\_aUUlQCVLAf.exe, , [c4975d3d215a4fe72dbbbad9c33e06fa],
Physical Sectors: 0
(No malicious items detected)
(end)