Stránka 1 z 3

Prosim o kontrolu logu

Napsal: 22 srp 2014 01:23
od lubo007
Zdravim, chcel by som vas poprosit o kontrolu logu, kedze mam v mojim ntb viacero mensich problemov:
- obcas z nicoho nic mi vypadne wifi pripojenie k routeru(na druhom pocitaci je to ok, takze to nieje chyba routru), proste mi ani nenajde router, musim restartovat ntb
- obcas sa mi znicoho nic stane, ze mi nenabehne windows (modra obrazovka- par kontrol+restartu a naskoci to, ale pricinu to neodstrani)
- neviem ci je to len chyba internetu explorer, ale proces mi casto ostava pusteny a zere ramku aj po vypnuti prehliadaca (je to vidiet aj v logu, pritom IE nebol spusteny minimalne hodinu a pol) alebo je to nejaky virus
- tzv. lag spikes pri hrani online hry

-pocitac obcas prebehnem ccleanerom, takisto som sa snazil povypinat co najviac nepotrebnych procesov a sluzieb ktore sa spustali pri starte...inak mam len microsoft security essetials, windows defender (tieto sa mi nedari odinstalovat a ich procesy zeru dost ram/cpu :( ) a este MBAM, ktory ale obcas vypinam

dakujem vopred za kazdu radu a pomoc :)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:07:49, on 22. 8. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Ľuboš\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [reset] regedit /s reset.reg
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - Startup: HControl - odkaz.lnk = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F112442-DC3E-49A8-9C37-0CC8057BE4C3}: NameServer = 208.67.222.222,86.110.224.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - (no file)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: NBService - Unknown owner - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14739 bytes

Re: Prosim o kontrolu logu

Napsal: 22 srp 2014 09:32
od jaro3
logy vkládej normálně.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Re: Prosim o kontrolu logu

Napsal: 22 srp 2014 15:45
od lubo007
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22. 8. 2014
Scan Time: 14:49:59
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.22.04
Rootkit Database: v2014.08.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ä1uboA!

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 484933
Time Elapsed: 28 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, , [d1cb4287a3d87bbbb55a8e6145bd6997],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data, , [bae2dbee176420163531a11fdd25946c],

Files: 49
PUP.Optional.BrowserProtect.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\searchplugins\BrowserProtect.xml, , [c8d44b7e047793a3c3c630c1ca38e51b],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\1.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\a.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\b.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\c.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\d.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\e.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\f.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\g.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\h.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\i.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\J.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\k.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\l.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\m.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\mru.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\n.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\o.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\p.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\q.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\r.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\s.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\t.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\u.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\v.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\w.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\x.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\y.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.PriceGong.A, C:\Users\Ä1uboA!\AppData\LocalLow\PriceGong\Data\z.xml, , [bae2dbee176420163531a11fdd25946c],
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), ,[d3c9facf403b59dda3cbdf2ed43154ac]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), ,[1a8210b97605280ea0ce34d9aa5bd22e]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), ,[2478e5e4bdbed2649dd12be2897cff01]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), ,[a9f35a6fa6d5f3437fefe627e025b34d]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "en");), ,[f2aa5376582351e55a1467a63acbe41c]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), ,[5c402a9ffb804fe7026c030aab5afc04]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), ,[712b1caddc9f8fa796d84fbeb1547e82]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "a8ee6e770000000000000026c7d94b83");), ,[f2aa8f3ab0cbed4991ddf11c74918878]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15828");), ,[adef23a618634aecc0ae49c4887dce32]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), ,[cece09c098e3a88ecaa47c914bbab24e]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), ,[debe5475e4975bdbe38b55b89e6731cf]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), ,[bddf7c4d8cefc3732945808d8d78bc44]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), ,[603c309978035cda422c40cd58ada35d]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), ,[47559138e992ac8aabc3cf3e63a23cc4]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), ,[afed507918638ea87fef9974c34215eb]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), ,[68345c6d6f0c81b528463fcea461e61a]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), ,[8913b01913681521d39bd13cc63f758b]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.16.16");), ,[a8f4ae1b2b5081b55c1255b8e42129d7]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.16.1615:53:39");), ,[9dff22a7fc7f91a536383dd073922dd3]
PUP.Optional.Delta.A, C:\Users\Ä1uboA!\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.16.16");), ,[27753891c8b39c9af67859b4a164d927]

Physical Sectors: 0
(No malicious items detected)


(end)

Re: Prosim o kontrolu logu

Napsal: 22 srp 2014 15:45
od lubo007
# AdwCleaner v3.308 - Report created 22/08/2014 at 15:41:50
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ľuboš - LUBOS-PC
# Running from : C:\Users\Ľuboš\Desktop\adwcleaner_3.308.exe
# Option : Scan

***** [ Services ] *****

Service Found : BrowserProtect

***** [ Files / Folders ] *****

File Found : C:\Users\Ľuboš\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\Delta
Folder Found : C:\Program Files (x86)\driver-soft
Folder Found : C:\Program Files (x86)\RegClean Pro
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Ľuboš\AppData\LocalLow\Conduit
Folder Found : C:\Users\Ľuboš\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Ľuboš\AppData\LocalLow\uTorrentBar
Folder Found : C:\Users\Ľuboš\AppData\Roaming\BabSolution
Folder Found : C:\Users\Ľuboš\AppData\Roaming\Babylon
Folder Found : C:\Users\Ľuboš\AppData\Roaming\driver-soft
Folder Found : C:\Users\Ľuboš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Found : C:\Users\Ľuboš\AppData\Roaming\Systweak

***** [ Scheduled Tasks ] *****

Task Found : BrowserProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Found : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0E81104-9F64-43D1-95CD-14FEADBE9DCA}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_minecraft-crafting-guide_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_minecraft-crafting-guide_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_videocacheview_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_videocacheview_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-041B-0000-0000000FF1CE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\uTorrentBar
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 sk)

[ File : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\4c2ccgw0.default\prefs.js ]


[ File : C:\Users\Ľuboš\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Delta Search");
Line Found : user_pref("browser.search.order.1", "Delta Search");
Line Found : user_pref("browser.search.selectedEngine", "Delta Search");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "a8ee6e770000000000000026c7d94b83");
Line Found : user_pref("extensions.delta.instlDay", "15828");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.16.1615:53:39");
Line Found : user_pref("extensions.delta.vrsni", "1.8.16.16");

*************************

AdwCleaner[R0].txt - [6616 octets] - [22/08/2014 15:41:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6676 octets] ##########

Re: Prosim o kontrolu logu

Napsal: 22 srp 2014 18:39
od jaro3
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit

-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Re: Prosim o kontrolu logu

Napsal: 22 srp 2014 22:03
od lubo007
# AdwCleaner v3.308 - Report created 22/08/2014 at 21:56:33
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ľuboš - LUBOS-PC
# Running from : C:\Users\Ľuboš\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BrowserProtect

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Users\Ľuboš\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ľuboš\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Ľuboš\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Ľuboš\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Ľuboš\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ľuboš\AppData\Roaming\driver-soft
Folder Deleted : C:\Users\Ľuboš\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Ľuboš\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
File Deleted : C:\Users\Ľuboš\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : BrowserProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_minecraft-crafting-guide_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_minecraft-crafting-guide_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_videocacheview_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_videocacheview_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0E81104-9F64-43D1-95CD-14FEADBE9DCA}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-041B-0000-0000000FF1CE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 sk)

[ File : C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\4c2ccgw0.default\prefs.js ]


[ File : C:\Users\Ľuboš\AppData\Roaming\Mozilla\Firefox\Profiles\opvgxs1n.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Delta Search");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "a8ee6e770000000000000026c7d94b83");
Line Deleted : user_pref("extensions.delta.instlDay", "15828");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1615:53:39");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Ľuboš\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6760 octets] - [22/08/2014 15:41:50]
AdwCleaner[R1].txt - [6932 octets] - [22/08/2014 21:50:14]
AdwCleaner[S0].txt - [7036 octets] - [22/08/2014 21:56:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7096 octets] ##########

Re: Prosim o kontrolu logu

Napsal: 22 srp 2014 22:34
od lubo007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by •uboç on pi 22. 08. 2014 at 22:06:19,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\driver robot.job"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"



~~~ FireFox

Emptied folder: C:\Users\•uboç\AppData\Roaming\mozilla\firefox\profiles\opvgxs1n.default\minidumps [36 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pi 22. 08. 2014 at 22:33:13,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: Prosim o kontrolu logu

Napsal: 23 srp 2014 00:19
od lubo007
neviem kde som urobil chybu, ale po skonceni skenovania MBAM mi nevyhodilo nic ako exportovat zaznam, iba ze sa nenaslo hrozba(asi to bude tym ze som si predtym zle precital a dal tie najdene subory do karanteny uz pri prvom skenovani)
ak to je problem, opakovat celu "proceduru" odznova?

tu je log z rogue killera

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : Ľuboš [Práva Správcu]
Režim : Kontrola -- Dátum : 08/23/2014 00:14:58

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 31 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FairplayKD -> NÁJDENÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FairplayKD -> NÁJDENÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FairplayKD -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1F112442-DC3E-49A8-9C37-0CC8057BE4C3} | NameServer : 208.67.222.222,86.110.224.3 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DDF5AD71-555A-464D-9DE8-C4810AACF33F} | DhcpNameServer : 7.254.254.254 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1F112442-DC3E-49A8-9C37-0CC8057BE4C3} | NameServer : 208.67.222.222,86.110.224.3 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DDF5AD71-555A-464D-9DE8-C4810AACF33F} | DhcpNameServer : 7.254.254.254 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1F112442-DC3E-49A8-9C37-0CC8057BE4C3} | NameServer : 208.67.222.222,86.110.224.3 -> NÁJDENÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DDF5AD71-555A-464D-9DE8-C4810AACF33F} | DhcpNameServer : 7.254.254.254 -> NÁJDENÉ
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NÁJDENÉ
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NÁJDENÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NÁJDENÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NÁJDENÉ
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NÁJDENÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NÁJDENÉ
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NÁJDENÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NÁJDENÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NÁJDENÉ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NÁJDENÉ
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NÁJDENÉ
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NÁJDENÉ
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.sk/ -> NÁJDENÉ
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.sk/ -> NÁJDENÉ
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NÁJDENÉ
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NÁJDENÉ
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NÁJDENÉ
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NÁJDENÉ
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NÁJDENÉ
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NÁJDENÉ

¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> NÁJDENÉ

¤¤¤ Súbory : 0 ¤¤¤

¤¤¤ Súbor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 8 (Driver: NAHRATÉ) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CREATE[0] : Unknown @ 0x3e2f2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x3e2f2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x3e2f2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x3e2f2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_POWER[22] : Unknown @ 0x3e2f2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x3e2f2c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_PNP[27] : Unknown @ 0x3e2f2c0
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\ETD @ \Device\000000b0 (\SystemRoot\system32\DRIVERS\nvlddmkm.sys)

¤¤¤ webové prehliadače : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] opvgxs1n.default : user_pref("browser.startup.homepage", "google.sk"); -> NÁJDENÉ

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-80A0R SCSI Disk Device +++++
--- User ---
[MBR] 697fe5d5f8f6c594432ea117b4bfe546
[BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 45062325 | Size: 119231 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 289249280 | Size: 335704 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_08222014_225451.log

Re: Prosim o kontrolu logu

Napsal: 23 srp 2014 00:22
od lubo007
*teraz asi nemam nic mazat,vsak...a teraz ked to vypnem a nabuduce zapnem, musi mi to zas preskenovat?

Re: Prosim o kontrolu logu

Napsal: 23 srp 2014 10:24
od jaro3
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.


Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků

Re: Prosim o kontrolu logu

Napsal: 23 srp 2014 14:26
od lubo007
neviem co robim zle,ale po skonceni scanu mi vyhodi len toto a ziadny report, mozte mi prosim poradit co robim zle?
Obrázek

Re: Prosim o kontrolu logu

Napsal: 23 srp 2014 16:27
od lubo007
roguekiller:

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : Ľuboš [Práva Správcu]
Režim : Odebrať -- Dátum : 08/23/2014 16:26:01

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 31 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FairplayKD -> VYMAZANÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FairplayKD -> VYMAZANÉ
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FairplayKD -> VYMAZANÉ
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1F112442-DC3E-49A8-9C37-0CC8057BE4C3} | NameServer : 208.67.222.222,86.110.224.3 -> NAHRADENÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DDF5AD71-555A-464D-9DE8-C4810AACF33F} | DhcpNameServer : 7.254.254.254 -> NAHRADENÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1F112442-DC3E-49A8-9C37-0CC8057BE4C3} | NameServer : 208.67.222.222,86.110.224.3 -> NAHRADENÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DDF5AD71-555A-464D-9DE8-C4810AACF33F} | DhcpNameServer : 7.254.254.254 -> NAHRADENÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1F112442-DC3E-49A8-9C37-0CC8057BE4C3} | NameServer : 208.67.222.222,86.110.224.3 -> NAHRADENÉ ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DDF5AD71-555A-464D-9DE8-C4810AACF33F} | DhcpNameServer : 7.254.254.254 -> NAHRADENÉ ()
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZANÉ
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZANÉ
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZANÉ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NAHRADENÉ (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NAHRADENÉ (2)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRADENÉ (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRADENÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRADENÉ (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRADENÉ (0)
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NAHRADENÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NAHRADENÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.sk/ -> NAHRADENÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3288747937-693066357-2820141306-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.sk/ -> NAHRADENÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NAHRADENÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dl ... ar=msnhome -> NAHRADENÉ (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NAHRADENÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NAHRADENÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NAHRADENÉ (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dl ... r=iesearch -> NAHRADENÉ (http://go.microsoft.com/fwlink/?LinkId=54896)

¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Windows\Media Center\PeriodicScanRetry -- %windir%\ehome\MCUpdate.exe (-pscn 0) -> VYMAZANÉ

¤¤¤ Súbory : 0 ¤¤¤

¤¤¤ Súbor HOSTS : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 8 (Driver: NAHRATÉ) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CREATE[0] : Unknown @ 0x3e302c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x3e302c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x3e302c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x3e302c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_POWER[22] : Unknown @ 0x3e302c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x3e302c0
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_PNP[27] : Unknown @ 0x3e302c0
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\ETD @ \Device\000000b0 (\SystemRoot\system32\DRIVERS\ETD.sys)

¤¤¤ webové prehliadače : 2 ¤¤¤
[IE:Addon] System : Google Toolbar [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] -> VYMAZANÉ
[PUM.HomePage][FIREFX:Config] opvgxs1n.default : user_pref("browser.startup.homepage", "google.sk"); -> NAHRADENÉ (about:home)

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-80A0R SCSI Disk Device +++++
--- User ---
[MBR] 697fe5d5f8f6c594432ea117b4bfe546
[BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 45062325 | Size: 119231 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 289249280 | Size: 335704 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_08222014_225451.log - RKreport_SCN_08232014_001458.log - RKreport_SCN_08232014_162408.log