Zdravím, před pár (2) měsíci se mi hodně zpomalil internet. Prosím pomoc
# AdwCleaner v3.211 - Report created 26/07/2014 at 15:08:57
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Uzivatel - UZIVATEL-PC
# Running from : C:\Users\Uzivatel\Desktop\Nová složka\adwcleaner_3.211.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\npgy7ohy.default\searchplugins\buenosearch.xml
File Found : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\npgy7ohy.default\user.js
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\weBseave
Folder Found : C:\Program Files (x86)\YoutubeAdblocker
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\dealpEak
Folder Found : C:\ProgramData\dealpeak
Folder Found : C:\ProgramData\DealsFoiinderrPPrio
Folder Found : C:\ProgramData\DSearchLink
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\weBseave
Folder Found : C:\ProgramData\YoutubeAdblocker
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobdfblkfcofkclmipcjdbkhcailgefp
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahlbdfjaoonailcbkbcmocpfgoohmb
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobdfblkfcofkclmipcjdbkhcailgefp
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahlbdfjaoonailcbkbcmocpfgoohmb
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\Uzivatel\AppData\Local\Conduit
Folder Found : C:\Users\Uzivatel\AppData\Local\globalUpdate
Folder Found : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobdfblkfcofkclmipcjdbkhcailgefp
Folder Found : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahlbdfjaoonailcbkbcmocpfgoohmb
Folder Found : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Folder Found : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Folder Found : C:\Users\Uzivatel\AppData\Local\NativeMessaging
Folder Found : C:\Users\Uzivatel\AppData\Local\torch
Folder Found : C:\Users\Uzivatel\AppData\LocalLow\Conduit
Folder Found : C:\Users\Uzivatel\AppData\LocalLow\Minibar
Folder Found : C:\Users\Uzivatel\AppData\Roaming\DriverCure
Folder Found : C:\Users\Uzivatel\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\Uzivatel\Documents\Optimizer Pro
Folder Found : C:\Windows\SysWOW64\SearchProtect
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Found : HKCU\Software\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Webplayer
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Webplayer
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : HKLM\Software\ParetoLogic
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.buenosearch.com/?babsrc=HP_s ... 3&tsp=5275
-\\ Mozilla Firefox v30.0 (cs)
[ File : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\npgy7ohy.default\prefs.js ]
Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.bbDpng", "19");
Line Found : user_pref("extensions.buenosearch.cntry", "CZ");
Line Found : user_pref("extensions.buenosearch.dfltLng", "cs");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.hdrMd5", "DC537B76DED18B6D876A17A99689B2BC");
Line Found : user_pref("extensions.buenosearch.id", "36c8a9b3000000000000b482fef8c5fa");
Line Found : user_pref("extensions.buenosearch.instlDay", "16232");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=36C8B482FEF8C5FA&affID=128403&tsp=5275");
Line Found : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.721:22:06");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.sg", "czb");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=36C8B482FEF8C5FA&affID=128403&tsp=5275");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=36C8B482FEF8C5FA&affID=128403&tsp=5275");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.721:22:06");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Line Found : user_pref("extensions.crossrider.bic", "1468c612cc5a8a462893cb87bf2d428b");
Line Found : user_pref("extensions.tTW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Found [Extension] : eobdfblkfcofkclmipcjdbkhcailgefp
Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
Found [Extension] : gbahlbdfjaoonailcbkbcmocpfgoohmb
Found [Extension] : pkmpcdbgnfjfeelcpebpkflcmbkclfho
*************************
AdwCleaner[R0].txt - [10138 octets] - [26/07/2014 15:08:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10199 octets] ##########
Kontrola Logu Vyřešeno
-
fiddel
- Level 2
- Příspěvky: 189
- Registrován: červen 10
- Bydliště: Česká Republika
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola Logu
Zde je vyčištěný log.
# AdwCleaner v3.211 - Report created 26/07/2014 at 15:12:08
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Uzivatel - UZIVATEL-PC
# Running from : C:\Users\Uzivatel\Desktop\Nová složka\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\dealpeak
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\DealsFoiinderrPPrio
Folder Deleted : C:\ProgramData\weBseave
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\weBseave
Folder Deleted : C:\Program Files (x86)\YoutubeAdblocker
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Uzivatel\AppData\Local\Conduit
Folder Deleted : C:\Users\Uzivatel\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Uzivatel\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Uzivatel\AppData\Local\torch
Folder Deleted : C:\Users\Uzivatel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Uzivatel\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Uzivatel\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Uzivatel\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Uzivatel\Documents\Optimizer Pro
Folder Deleted : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobdfblkfcofkclmipcjdbkhcailgefp
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobdfblkfcofkclmipcjdbkhcailgefp
Folder Deleted : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobdfblkfcofkclmipcjdbkhcailgefp
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahlbdfjaoonailcbkbcmocpfgoohmb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahlbdfjaoonailcbkbcmocpfgoohmb
Folder Deleted : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahlbdfjaoonailcbkbcmocpfgoohmb
[!] Folder Deleted : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
File Deleted : C:\END
File Deleted : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\npgy7ohy.default\searchplugins\buenosearch.xml
File Deleted : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\npgy7ohy.default\user.js
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v30.0 (cs)
[ File : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\npgy7ohy.default\prefs.js ]
Line Deleted : user_pref("extensions.buenosearch.admin", false);
Line Deleted : user_pref("extensions.buenosearch.aflt", "babsst");
Line Deleted : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Deleted : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.bbDpng", "19");
Line Deleted : user_pref("extensions.buenosearch.cntry", "CZ");
Line Deleted : user_pref("extensions.buenosearch.dfltLng", "cs");
Line Deleted : user_pref("extensions.buenosearch.excTlbr", false);
Line Deleted : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.buenosearch.hdrMd5", "DC537B76DED18B6D876A17A99689B2BC");
Line Deleted : user_pref("extensions.buenosearch.id", "36c8a9b3000000000000b482fef8c5fa");
Line Deleted : user_pref("extensions.buenosearch.instlDay", "16232");
Line Deleted : user_pref("extensions.buenosearch.instlRef", "sst");
Line Deleted : user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=36C8B482FEF8C5FA&affID=128403&tsp=5275");
Line Deleted : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.721:22:06");
Line Deleted : user_pref("extensions.buenosearch.newTab", false);
Line Deleted : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.rvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.sg", "czb");
Line Deleted : user_pref("extensions.buenosearch.smplGrp", "none");
Line Deleted : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=36C8B482FEF8C5FA&affID=128403&tsp=5275");
Line Deleted : user_pref("extensions.buenosearch.tlbrId", "base");
Line Deleted : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=36C8B482FEF8C5FA&affID=128403&tsp=5275");
Line Deleted : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Deleted : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.721:22:06");
Line Deleted : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Line Deleted : user_pref("extensions.crossrider.bic", "1468c612cc5a8a462893cb87bf2d428b");
Line Deleted : user_pref("extensions.tTW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : eobdfblkfcofkclmipcjdbkhcailgefp
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : gbahlbdfjaoonailcbkbcmocpfgoohmb
Deleted [Extension] : pkmpcdbgnfjfeelcpebpkflcmbkclfho
*************************
AdwCleaner[R0].txt - [10376 octets] - [26/07/2014 15:08:57]
AdwCleaner[S0].txt - [9497 octets] - [26/07/2014 15:12:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9557 octets] ##########
# AdwCleaner v3.211 - Report created 26/07/2014 at 15:12:08
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Uzivatel - UZIVATEL-PC
# Running from : C:\Users\Uzivatel\Desktop\Nová složka\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\dealpeak
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\DealsFoiinderrPPrio
Folder Deleted : C:\ProgramData\weBseave
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\weBseave
Folder Deleted : C:\Program Files (x86)\YoutubeAdblocker
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Uzivatel\AppData\Local\Conduit
Folder Deleted : C:\Users\Uzivatel\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Uzivatel\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Uzivatel\AppData\Local\torch
Folder Deleted : C:\Users\Uzivatel\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Uzivatel\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\Uzivatel\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Uzivatel\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Uzivatel\Documents\Optimizer Pro
Folder Deleted : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobdfblkfcofkclmipcjdbkhcailgefp
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobdfblkfcofkclmipcjdbkhcailgefp
Folder Deleted : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobdfblkfcofkclmipcjdbkhcailgefp
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahlbdfjaoonailcbkbcmocpfgoohmb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahlbdfjaoonailcbkbcmocpfgoohmb
Folder Deleted : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbahlbdfjaoonailcbkbcmocpfgoohmb
[!] Folder Deleted : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
File Deleted : C:\END
File Deleted : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\npgy7ohy.default\searchplugins\buenosearch.xml
File Deleted : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\npgy7ohy.default\user.js
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pkmpcdbgnfjfeelcpebpkflcmbkclfho
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Webplayer
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v30.0 (cs)
[ File : C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\npgy7ohy.default\prefs.js ]
Line Deleted : user_pref("extensions.buenosearch.admin", false);
Line Deleted : user_pref("extensions.buenosearch.aflt", "babsst");
Line Deleted : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Deleted : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.bbDpng", "19");
Line Deleted : user_pref("extensions.buenosearch.cntry", "CZ");
Line Deleted : user_pref("extensions.buenosearch.dfltLng", "cs");
Line Deleted : user_pref("extensions.buenosearch.excTlbr", false);
Line Deleted : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.buenosearch.hdrMd5", "DC537B76DED18B6D876A17A99689B2BC");
Line Deleted : user_pref("extensions.buenosearch.id", "36c8a9b3000000000000b482fef8c5fa");
Line Deleted : user_pref("extensions.buenosearch.instlDay", "16232");
Line Deleted : user_pref("extensions.buenosearch.instlRef", "sst");
Line Deleted : user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=36C8B482FEF8C5FA&affID=128403&tsp=5275");
Line Deleted : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.721:22:06");
Line Deleted : user_pref("extensions.buenosearch.newTab", false);
Line Deleted : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.rvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.sg", "czb");
Line Deleted : user_pref("extensions.buenosearch.smplGrp", "none");
Line Deleted : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=36C8B482FEF8C5FA&affID=128403&tsp=5275");
Line Deleted : user_pref("extensions.buenosearch.tlbrId", "base");
Line Deleted : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=36C8B482FEF8C5FA&affID=128403&tsp=5275");
Line Deleted : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Deleted : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.721:22:06");
Line Deleted : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
Line Deleted : user_pref("extensions.crossrider.bic", "1468c612cc5a8a462893cb87bf2d428b");
Line Deleted : user_pref("extensions.tTW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Uzivatel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : eobdfblkfcofkclmipcjdbkhcailgefp
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : gbahlbdfjaoonailcbkbcmocpfgoohmb
Deleted [Extension] : pkmpcdbgnfjfeelcpebpkflcmbkclfho
*************************
AdwCleaner[R0].txt - [10376 octets] - [26/07/2014 15:08:57]
AdwCleaner[S0].txt - [9497 octets] - [26/07/2014 15:12:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9557 octets] ##########
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola Logu
Vlož log z HJT:
viewtopic.php?f=70&t=5119
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
viewtopic.php?f=70&t=5119
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
fiddel
- Level 2
- Příspěvky: 189
- Registrován: červen 10
- Bydliště: Česká Republika
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Kontrola Logu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:45:42, on 27.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
FIREFOX: 30.0 (cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Users\Uzivatel\Desktop\Nová složka\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSStp] C:\Windows\system32\msstp.vbe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Uzivatel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KakaoTalk] "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10619 bytes
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 27.7.2014
Scan Time: 8:50:28
Logfile: b.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.27.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Uzivatel
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328680
Time Elapsed: 8 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64, , [e898584c7efd122428bed5558f759769],
PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\Torntv V9.0, , [2759881c3447a98d457ce90db25024dc],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, , [92ee9113d1aa83b35a10cd228d7535cb],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 4
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\bitstreams, , [136d01a3d8a3b68029f4feadfd05b14f],
PUP.Optional.GlobalUpdate.A, C:\Users\Uzivatel\AppData\Local\Temp\comh.172416, , [fa869c084a31fb3b7e9203c08d7535cb],
PUP.Optional.GlobalUpdate.A, C:\Users\Uzivatel\AppData\Local\Temp\comh.241789, , [7b05851fff7cfb3b818f93302cd634cc],
Files: 19
PUP.HackTool.HotKeysHook, C:\Users\Uzivatel\Downloads\starmaker_se_trainer.rar, , [c7b9dcc856250b2b909d83d849bb5ea2],
PUP.HackTool.HotKeysHook, C:\Users\Uzivatel\Downloads\THE.MOVIES..STUNTS.AND.EFFECTS.V1.0.PLUS.1.TRAINER.BY.SlyFox.rar, , [1f61129222593204d05d76e5857f2ad6],
PUP.Optional.OneClickDownloader.A, C:\Users\Uzivatel\Downloads\The_Fault_in_Our_Stars_(2014)_720p_BluRay_x264_YIFY.exe, , [f68aebb99fdc1422d1134fcb70912ad6],
PUP.Optional.OneClickDownloader.A, C:\Users\Uzivatel\Downloads\The_Fault_in_Our_Stars_2014_720p_BDRip_XviD_AYMO.exe, , [f18f7a2afc7f48eeb52fd248d32e639d],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys, , [e898584c7efd122428bed5558f759769],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\diablo130302.cl, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\diakgcn121016.cl, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\libcurl-4.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\libeay32.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\libidn-11.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\librtmp.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\libssh2.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\mnclqekc.exe, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\phatk121016.cl, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\poclbm130302.cl, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\scrypt130511.cl, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\ssleay32.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\zlib1.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [136d01a3d8a3b68029f4feadfd05b14f],
Physical Sectors: 0
(No malicious items detected)
(end)
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Uzivatel on ne 27.07.2014 at 9:09:07,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6391A2B9-E7AA-499A-AEE5-B8A91FAEC7C3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A6C8436D-F9F1-403F-8CDB-4BEB818EF1BE}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Uzivatel\appdata\locallow\boost_interprocess"
~~~ FireFox
Successfully deleted the following from C:\Users\Uzivatel\AppData\Roaming\mozilla\firefox\profiles\npgy7ohy.default\prefs.js
user_pref("extensions.tTW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||u
Emptied folder: C:\Users\Uzivatel\AppData\Roaming\mozilla\firefox\profiles\npgy7ohy.default\minidumps [15 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 27.07.2014 at 9:16:09,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan saved at 8:45:42, on 27.7.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
FIREFOX: 30.0 (cs)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Users\Uzivatel\Desktop\Nová složka\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSStp] C:\Windows\system32\msstp.vbe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Uzivatel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KakaoTalk] "C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe" -bystartup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Ochrana HDD TOSHIBA (Thpsrv) - Unknown owner - C:\Windows\system32\ThpSrv.exe (file missing)
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10619 bytes
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 27.7.2014
Scan Time: 8:50:28
Logfile: b.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.27.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Uzivatel
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328680
Time Elapsed: 8 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 3
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64, , [e898584c7efd122428bed5558f759769],
PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\Torntv V9.0, , [2759881c3447a98d457ce90db25024dc],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, , [92ee9113d1aa83b35a10cd228d7535cb],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 4
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\bitstreams, , [136d01a3d8a3b68029f4feadfd05b14f],
PUP.Optional.GlobalUpdate.A, C:\Users\Uzivatel\AppData\Local\Temp\comh.172416, , [fa869c084a31fb3b7e9203c08d7535cb],
PUP.Optional.GlobalUpdate.A, C:\Users\Uzivatel\AppData\Local\Temp\comh.241789, , [7b05851fff7cfb3b818f93302cd634cc],
Files: 19
PUP.HackTool.HotKeysHook, C:\Users\Uzivatel\Downloads\starmaker_se_trainer.rar, , [c7b9dcc856250b2b909d83d849bb5ea2],
PUP.HackTool.HotKeysHook, C:\Users\Uzivatel\Downloads\THE.MOVIES..STUNTS.AND.EFFECTS.V1.0.PLUS.1.TRAINER.BY.SlyFox.rar, , [1f61129222593204d05d76e5857f2ad6],
PUP.Optional.OneClickDownloader.A, C:\Users\Uzivatel\Downloads\The_Fault_in_Our_Stars_(2014)_720p_BluRay_x264_YIFY.exe, , [f68aebb99fdc1422d1134fcb70912ad6],
PUP.Optional.OneClickDownloader.A, C:\Users\Uzivatel\Downloads\The_Fault_in_Our_Stars_2014_720p_BDRip_XviD_AYMO.exe, , [f18f7a2afc7f48eeb52fd248d32e639d],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{2635ac50-5488-40bf-9bfd-accb158f8f3f}w64.sys, , [e898584c7efd122428bed5558f759769],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\diablo130302.cl, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\diakgcn121016.cl, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\libcurl-4.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\libeay32.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\libidn-11.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\librtmp.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\libssh2.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\mnclqekc.exe, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\phatk121016.cl, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\poclbm130302.cl, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\scrypt130511.cl, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\ssleay32.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\zlib1.dll, , [136d01a3d8a3b68029f4feadfd05b14f],
Trojan.Agent.BCM, C:\Windows\inf\mnclqekc\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [136d01a3d8a3b68029f4feadfd05b14f],
Physical Sectors: 0
(No malicious items detected)
(end)
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Uzivatel on ne 27.07.2014 at 9:09:07,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6391A2B9-E7AA-499A-AEE5-B8A91FAEC7C3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A6C8436D-F9F1-403F-8CDB-4BEB818EF1BE}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Uzivatel\appdata\locallow\boost_interprocess"
~~~ FireFox
Successfully deleted the following from C:\Users\Uzivatel\AppData\Roaming\mozilla\firefox\profiles\npgy7ohy.default\prefs.js
user_pref("extensions.tTW.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||u
Emptied folder: C:\Users\Uzivatel\AppData\Roaming\mozilla\firefox\profiles\npgy7ohy.default\minidumps [15 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 27.07.2014 at 9:16:09,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola Logu
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 112 hostů