Prosím o kontrolu - nejde odinstalovat toolbar

darbak · Příspěvekod **darbak** » 21 čer 2014 13:54

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:49:40, on 21.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)

FIREFOX: 30.0 (cs)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\windows\System32\WScript.exe
C:\windows\System32\WScript.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Users\Agata\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\windows\system32\lcpmncshjm.exe
C:\windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SaveSnap\SaveSnap.exe
C:\Users\Agata\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_s ... 2&tsp=5265
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: RichMediaViewV1release2599 - {181f6271-6c5d-45a8-bce8-01363007ee61} - C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ie\RichMediaViewV1release2599.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocník pro pøihlášení ke službì Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll
O3 - Toolbar: SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [DApp] C:\Program Files\PCDApp\start.vbs
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [MSStp] C:\windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mncshjmSrv] C:\windows\system32\mncshjm.vbe
O4 - HKLM\..\Run: [NtVdmSrv] C:\windows\inf\ntvdm.vbe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Agata\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Users\Agata\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Agata\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Agata\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Agata\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: SaveSnap.lnk = C:\Program Files\SaveSnap\SaveSnap.exe
O4 - Startup: Výøezy obrazovky a spuštìní aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zaøízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zaøízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFF33CFE-371C-4120-A200-C26F0FF3001D}: NameServer = 217.77.165.81 217.77.161.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAF63146-6B56-4A75-BECA-EB846347B7F5}: NameServer = 217.77.165.81 217.77.161.131
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DCMessages - Global Graphics Software Ltd - C:\Windows\System32\DCMessages.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Network HTTP Support Service (NetHttpService) - Unknown owner - C:\windows\system32\nethtsrv.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Network Support Service Updater (ServiceUpdater) - Unknown owner - C:\windows\system32\netupdsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Update Surftastic - Unknown owner - C:\Program Files\Surftastic\updateSurftastic.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 13406 bytes

Reklama

Příspěvekod **jaro3** » 22 čer 2014 10:08

Odinstaluj:
Spyware Terminator
McAfee Security Scan

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

darbak · Příspěvekod **darbak** » 26 čer 2014 18:11

# AdwCleaner v3.213 - Report created 26/06/2014 at 17:25:28
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Agata - AGATA-PC
# Running from : C:\Users\Agata\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update Surftastic

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml
File Found : C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\invalidprefs.js
File Found : C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\searchplugins\buenosearch.xml
File Found : C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\searchplugins\default-search.xml
File Found : C:\Users\Agata\daemonprocess.txt
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\ICQ6Toolbar
Folder Found : C:\Program Files\iSafe
Folder Found : C:\Program Files\MyAshampoo
Folder Found : C:\Program Files\PCDApp
Folder Found : C:\Program Files\RichMediaViewV1
Folder Found : C:\Program Files\Settings Manager
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\ProgramData\systemk
Folder Found : C:\ProgramData\wincert
Folder Found : C:\Users\Agata\AppData\Local\41
Folder Found : C:\Users\Agata\AppData\Local\Conduit
Folder Found : C:\Users\Agata\AppData\Local\Mobogenie
Folder Found : C:\Users\Agata\AppData\LocalLow\Conduit
Folder Found : C:\Users\Agata\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Agata\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Agata\AppData\LocalLow\MyAshampoo
Folder Found : C:\Users\Agata\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Agata\AppData\Roaming\iSafe
Folder Found : C:\Users\Agata\AppData\Roaming\SimilarSites
Folder Found : C:\Users\Agata\Documents\Mobogenie

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\MyAshampoo
Key Found : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SystemK
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E134B06-6696-456F-B313-450861EDE066}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{363BB65D-1747-4826-B445-1DA6244E2037}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\ICQ\ICQToolbar
Key Found : HKLM\Software\iSafe
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32B87C75-5ED5-4EA1-A287-E3BDE33C4CAA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C9C7A2E-5BC2-455F-9636-AA581C8CC475}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B75950B5-463A-45D2-9C2C-297C128008E9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E134B06-6696-456F-B313-450861EDE066}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Found : HKLM\Software\MyAshampoo
Key Found : HKLM\Software\MyAshampoo\toolbar
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SystemK
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v30.0 (cs)

[ File : C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js ]

Line Found : user_pref("extensions.buenosearch.admin", false);
Line Found : user_pref("extensions.buenosearch.aflt", "babsst");
Line Found : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Found : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Found : user_pref("extensions.buenosearch.dfltLng", "cs");
Line Found : user_pref("extensions.buenosearch.excTlbr", false);
Line Found : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Found : user_pref("extensions.buenosearch.id", "c8b9cbef0000000000000c607670d000");
Line Found : user_pref("extensions.buenosearch.instlDay", "16222");
Line Found : user_pref("extensions.buenosearch.instlRef", "sst");
Line Found : user_pref("extensions.buenosearch.newTab", false);
Line Found : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Found : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Found : user_pref("extensions.buenosearch.rvrt", "false");
Line Found : user_pref("extensions.buenosearch.smplGrp", "none");
Line Found : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=C8B90C607670D000&affID=128492&tsp=5265");
Line Found : user_pref("extensions.buenosearch.tlbrId", "base");
Line Found : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=C8B90C607670D000&affID=128492&tsp=5265");
Line Found : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Found : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.712:57:45");
Line Found : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");

-\\ Google Chrome v36.0.1985.84

[ File : C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://www.default-search.net/search?si ... &src=ds&p={searchTerms}
Found [Search Provider] : hxxp://www.default-search.net/search?si ... &src=ds&p={searchTerms}

*************************

AdwCleaner[R0].txt - [19947 octets] - [26/06/2014 17:14:14]
AdwCleaner[R1].txt - [19814 octets] - [26/06/2014 17:25:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [19875 octets] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26.6.2014
Scan Time: 17:52:29
Logfile: malware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.26.06
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Agata

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280217
Time Elapsed: 15 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 25
PUP.Optional.NetFilter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nethfdrv, , [7e909de0a9d263d3996b7b1728d951af],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\CLASSES\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [db33fa83d7a4c96df4d5aa9eb34f629e],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\CLASSES\CLSID\{61BD593A-8B45-4337-BA74-04E931A68DB9}, , [db33fa83d7a4c96df4d5aa9eb34f629e],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\CLASSES\Conduit.Engine, , [db33fa83d7a4c96df4d5aa9eb34f629e],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{61BD593A-8B45-4337-BA74-04E931A68DB9}, , [db33fa83d7a4c96df4d5aa9eb34f629e],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\CLASSES\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\INPROCSERVER32, , [db33fa83d7a4c96df4d5aa9eb34f629e],
PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [db33fa83d7a4c96df4d5aa9eb34f629e],
PUP.Optional.ConduitTB.A, HKU\S-1-5-21-866015508-761126416-567208969-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [db33fa83d7a4c96df4d5aa9eb34f629e],
PUP.Optional.ConduitTB.A, HKU\S-1-5-21-866015508-761126416-567208969-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, , [db33fa83d7a4c96df4d5aa9eb34f629e],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [13fb3a43afcc87afde292b20a26026da],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [13fb3a43afcc87afde292b20a26026da],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-866015508-761126416-567208969-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [69a51c610c6fba7cbe0280c6a2605ea2],
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [69a51c610c6fba7cbe0280c6a2605ea2],
PUP.Optional.Linkey.A, HKU\S-1-5-21-866015508-761126416-567208969-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [9678c5b82c4f61d53a3e3e0bc63c41bf],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\Datamngr, , [808e106d3a41979f27ae783945bdd729],
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\RichMediaViewV1release2599, , [f81609747cfffe38dd42961f7989e51b],
PUP.Optional.SystemK.A, HKLM\SOFTWARE\SystemK, , [97772e4f9be0280e3b59ad01ce34936d],
PUP.Software.Updater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, , [96783b421863b77fe7839a3d41c134cc],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK\General, , [f11d0875b3c8171fc1b0d0f2db2715eb],
PUP.Optional.Surftastic.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Surftastic, , [b45a94e91f5caf8767c7b01d52b08779],
PUP.Optional.SystemK.A, HKU\S-1-5-21-866015508-761126416-567208969-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, , [a8668df069127db93d397d3228da41bf],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-866015508-761126416-567208969-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [38d63d40542789adef5343875fa37987],
PUP.Optional.Softonic.A, HKU\S-1-5-21-866015508-761126416-567208969-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [b35bd3aa601bbd79622b2698fd0515eb],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Settings Manager, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RichMediaViewV1release2599, , [c04e04797506ab8beaefe8baed15e020],

Registry Values: 2
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@RichMediaViewV1release2599.net, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff, , [2ce24637710a68ce081605b033cfa55b]
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK|browser, ie ff cr, , [11fd3c4181fa3cfa0d65c002f9093dc3]

Registry Data: 0
(No malicious items detected)

Folders: 10
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SimilarSites.A, C:\Users\Agata\AppData\Roaming\SimilarSites, , [7e90dda0f388cb6bf5953d5d22e0cc34],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ch, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff\chrome, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff\chrome\content, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff\chrome\content\icons, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff\chrome\content\icons\default, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ie, , [c04e04797506ab8beaefe8baed15e020],

Files: 60
PUP.Optional.NetFilter, C:\Windows\System32\drivers\nethfdrv.sys, , [7e909de0a9d263d3996b7b1728d951af],
PUP.Optional.ConduitTB.A, C:\Program Files\ConduitEngine\prxConduitEngine.dll, , [db33fa83d7a4c96df4d5aa9eb34f629e],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncshjm.exe, , [1cf25a230576181e4901d2c40100ab55],
Trojan.BitMiner, C:\Windows\System32\dcgmncshjm.exe, , [bd51aad36b10063056f2604707fa8f71],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncshjm.exe, , [e529f38aec8f79bdbd529380b54cf010],
PUP.Optional.AztecMedia.A, C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsaD685.tmp\Helper.dll, , [927c90ed5724e94df7946314be464fb1],
PUP.Optional.AztecMedia.A, C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsaD685.tmp\Starter.exe, , [2ce25f1e1b60a690f884d2a5bf45847c],
PUP.Optional.AztecMedia.A, C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nspD818.tmp\Starter.exe, , [8886f38a295200369edee98e857fc937],
PUP.Optional.DefaultSearch.A, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\searchplugins\default-search.xml, , [0d01621b691288ae16527c46877b8080],
PUP.Optional.DefaultSearch.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml, , [e8267b027605280e046505bd62a032ce],
PUP.Optional.BuenoSearch.A, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\searchplugins\buenosearch.xml, , [b757720bea919f9704ee329215ed51af],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [47c780fdfc7fc17563c39453d92a3fc1],
PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win32cert.dll, , [54baacd181fa1c1abec1826759aae41c],
PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64cert.dll, , [3fcf15682d4e2c0af48b2fbafc07cd33],
PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win32prop.dll, , [3dd129544437f93df38d539641c2c53b],
PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64prop.dll, , [49c565184239dc5a81ffb23781821de3],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\del_DM_LL_nspF172.dll, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\favicon.ico, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Helper.dll, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\syskldr.dll, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\syskldr_u.dll, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\systemk.dll, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\systemkbho.dll, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\systemkChrome.dll, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\SystemkService.exe, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\systemku.exe, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\tbicon.exe, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Uninstall.exe, , [0b038eeff08ba29419828e0b7a88b848],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\uninstall.exe, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ch\RichMediaViewV1release2599.crx, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff\chrome.manifest, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff\install.rdf, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff\chrome\content\ffRichMediaViewV1release2599.js, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff\chrome\content\overlay.xul, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff\chrome\content\icons\Thumbs.db, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff\chrome\content\icons\default\RichMediaViewV1release2599_32.png, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.RichMediaView.A, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ie\RichMediaViewV1release2599.dll, , [c04e04797506ab8beaefe8baed15e020],
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.admin", false);), ,[33db1a63017a1f1775d0922644c09e62]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.aflt", "babsst");), ,[7f8f3f3e9edd5bdbdb6ab404758f3ec2]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), ,[7d910677c4b70c2a7dc8dddba460f709]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.autoRvrt", "false");), ,[62ac2d5039426ec84bfa2692e61e53ad]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.dfltLng", "cs");), ,[ee203d408cef38fe2520d1e7c83cb14f]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.excTlbr", false);), ,[fa145528fd7e290dd66fcbed9c689967]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), ,[6aa4bcc1ed8e69cd87be14a450b4cf31]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.id", "c8b9cbef0000000000000c607670d000");), ,[7a94423be794c96df253a90f5da7ce32]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlDay", "16222");), ,[a36ba7d66b1074c2ea5b03b58a7a0bf5]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.instlRef", "sst");), ,[d33b0974512a2d09b98c6058778dda26]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.newTab", false);), ,[f11d4538f5861d19ff46348411f332ce]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.prdct", "buenosearch");), ,[b658c7b60e6d9a9c0342b5031aeabd43]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), ,[46c83548a6d5e84eec593e7af70d46ba]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.rvrt", "false");), ,[54baf18c3d3e89ad202516a2bf455aa6]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.smplGrp", "none");), ,[38d62a535a211c1a7cc90aae7b89d828]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tb_url", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=C8B90C607670D000&affID=128492&tsp=5265");), ,[c5496e0f304b38fea1a4b008fa0acb35]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrId", "base");), ,[65a9ccb14a31330349fc15a3fb092ed2]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.tlbrSrchUrl", "http://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=C8B90C607670D000&affID=128492&tsp=5265");), ,[c945c1bc116a62d4a5a09d1b4fb51fe1]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), ,[fe10b8c52a51ce688bbab701fd0704fc]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.712:57:45");), ,[0e00b3ca9dde42f4ee5712a62ed6e719]
PUP.Optional.BuenoSearch, C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js, Good: (), Bad: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), ,[a26cb4c96c0f191d8cb98236000434cc]

Physical Sectors: 0
(No malicious items detected)

(end)

darbak · Příspěvekod **darbak** » 26 čer 2014 18:13

Jo a sorry, že mi to tak trvalo, pár dní jsem tu nebyl

Příspěvekod **jaro3** » 27 čer 2014 09:49

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

darbak · Příspěvekod **darbak** » 28 čer 2014 11:45

# AdwCleaner v3.213 - Report created 28/06/2014 at 10:36:39
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Agata - AGATA-PC
# Running from : C:\Users\Agata\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update Surftastic

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\Program Files\iSafe
Folder Deleted : C:\Program Files\PCDApp
Folder Deleted : C:\Program Files\RichMediaViewV1
Folder Deleted : C:\Program Files\Settings Manager
Folder Deleted : C:\Program Files\MyAshampoo
Folder Deleted : C:\Users\Agata\AppData\Local\41
Folder Deleted : C:\Users\Agata\AppData\Local\Conduit
Folder Deleted : C:\Users\Agata\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Agata\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Agata\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Agata\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Agata\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Agata\AppData\LocalLow\MyAshampoo
Folder Deleted : C:\Users\Agata\AppData\Roaming\iSafe
Folder Deleted : C:\Users\Agata\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\Agata\Documents\Mobogenie
File Deleted : C:\Users\Agata\daemonprocess.txt
File Deleted : C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\invalidprefs.js
File Deleted : C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\searchplugins\buenosearch.xml
File Deleted : C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\searchplugins\default-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E134B06-6696-456F-B313-450861EDE066}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{363BB65D-1747-4826-B445-1DA6244E2037}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E134B06-6696-456F-B313-450861EDE066}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B75950B5-463A-45D2-9C2C-297C128008E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C9C7A2E-5BC2-455F-9636-AA581C8CC475}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32B87C75-5ED5-4EA1-A287-E3BDE33C4CAA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\iSafe
Key Deleted : HKLM\Software\MyAshampoo\toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\Software\MyAshampoo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyAshampoo Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v30.0 (cs)

[ File : C:\Users\Agata\AppData\Roaming\Mozilla\Firefox\Profiles\k0jfila6.default\prefs.js ]

Line Deleted : user_pref("extensions.buenosearch.admin", false);
Line Deleted : user_pref("extensions.buenosearch.aflt", "babsst");
Line Deleted : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
Line Deleted : user_pref("extensions.buenosearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.dfltLng", "cs");
Line Deleted : user_pref("extensions.buenosearch.excTlbr", false);
Line Deleted : user_pref("extensions.buenosearch.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.buenosearch.id", "c8b9cbef0000000000000c607670d000");
Line Deleted : user_pref("extensions.buenosearch.instlDay", "16222");
Line Deleted : user_pref("extensions.buenosearch.instlRef", "sst");
Line Deleted : user_pref("extensions.buenosearch.newTab", false);
Line Deleted : user_pref("extensions.buenosearch.prdct", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
Line Deleted : user_pref("extensions.buenosearch.rvrt", "false");
Line Deleted : user_pref("extensions.buenosearch.smplGrp", "none");
Line Deleted : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=C8B90C607670D000&affID=128492&tsp=5265");
Line Deleted : user_pref("extensions.buenosearch.tlbrId", "base");
Line Deleted : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=C8B90C607670D000&affID=128492&tsp=5265");
Line Deleted : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
Line Deleted : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.712:57:45");
Line Deleted : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");

-\\ Google Chrome v36.0.1985.97

[ File : C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [19947 octets] - [26/06/2014 17:14:14]
AdwCleaner[R1].txt - [19956 octets] - [26/06/2014 17:25:28]
AdwCleaner[R2].txt - [19761 octets] - [28/06/2014 10:33:09]
AdwCleaner[S0].txt - [16532 octets] - [28/06/2014 10:36:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16593 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by Agata on so 28.06.2014 at 10:45:26,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9635CAB9-489F-4D4B-8C4C-C25B23179469}

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Agata\AppData\Roaming\mozilla\firefox\profiles\k0jfila6.default\minidumps [34 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 28.06.2014 at 10:50:42,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28.6.2014
Scan Time: 10:54:17
Logfile: malware.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.28.01
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Agata

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281101
Time Elapsed: 17 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.NetFilter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nethfdrv, Quarantined, [5a772756e79452e43214d5bd9c659c64],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-866015508-761126416-567208969-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [369b8eef7efd003618c33f0813ef8878],
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [369b8eef7efd003618c33f0813ef8878],
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\RichMediaViewV1release2599, Quarantined, [24ad730a88f301356213cde9e61cb050],

Registry Values: 1
PUP.Optional.RichMediaView.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@RichMediaViewV1release2599.net, C:\Program Files\RichMediaViewV1\RichMediaViewV1release2599\ff, Quarantined, [329f4934cead9c9a027201b592708d73]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 8
PUP.Optional.NetFilter, C:\Windows\System32\drivers\nethfdrv.sys, Quarantined, [5a772756e79452e43214d5bd9c659c64],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncshjm.exe, Quarantined, [4d84a6d748333ff7a57d069156ab6997],
Trojan.BitMiner, C:\Windows\System32\dcgmncshjm.exe, Quarantined, [09c8e49997e4c3735fc1aefa04fd718f],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncshjm.exe, Quarantined, [23ae0a730e6d5ed8093d898a8b7620e0],
PUP.Optional.AztecMedia.A, C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsaD685.tmp\Helper.dll, Quarantined, [607198e57902cb6b7fd567112bd9f20e],
PUP.Optional.AztecMedia.A, C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsaD685.tmp\Starter.exe, Quarantined, [5b76582586f572c458eded8bcc38817f],
PUP.Optional.AztecMedia.A, C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nspD818.tmp\Starter.exe, Quarantined, [9f32bcc1304b52e493b2fc7ce91be917],
Malware.Trace, C:\Windows\inf\ntvdm.inf, Quarantined, [f8d994e9f88395a17e7beff8a16206fa],

Physical Sectors: 0
(No malicious items detected)

(end)

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Agata [Práva správce]
Mód : Kontrola -- Datum : 06/28/2014 11:39:59

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Svchost] svchost.exe -- [x] -> SMAZÁNO [TermThr]

¤¤¤ ¤¤¤ Záznamy Registrů: : 20 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-866015508-761126416-567208969-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.autoupdate : "C:\Users\Agata\AppData\Roaming\Seznam.cz\szninstall.exe" -c -> NALEZENO
[Suspicious.Path] HKEY_USERS\S-1-5-21-866015508-761126416-567208969-1001\Software\Microsoft\Windows\CurrentVersion\Run | cz.seznam.software.szndesktop : "C:\Users\Agata\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 86.61.217.129 84.16.96.2 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 86.61.217.129 84.16.96.2 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 86.61.217.129 84.16.96.2 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3C51D35B-0C93-4DF9-BB84-24EE57FC71EF} | DhcpNameServer : 86.61.217.129 84.16.96.2 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AFF33CFE-371C-4120-A200-C26F0FF3001D} | NameServer : 217.77.165.81 217.77.161.131 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DAF63146-6B56-4A75-BECA-EB846347B7F5} | NameServer : 217.77.165.81 217.77.161.131 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3C51D35B-0C93-4DF9-BB84-24EE57FC71EF} | DhcpNameServer : 86.61.217.129 84.16.96.2 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AFF33CFE-371C-4120-A200-C26F0FF3001D} | NameServer : 217.77.165.81 217.77.161.131 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DAF63146-6B56-4A75-BECA-EB846347B7F5} | NameServer : 217.77.165.81 217.77.161.131 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3C51D35B-0C93-4DF9-BB84-24EE57FC71EF} | DhcpNameServer : 86.61.217.129 84.16.96.2 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AFF33CFE-371C-4120-A200-C26F0FF3001D} | NameServer : 217.77.165.81 217.77.161.131 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DAF63146-6B56-4A75-BECA-EB846347B7F5} | NameServer : 217.77.165.81 217.77.161.131 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-866015508-761126416-567208969-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-866015508-761126416-567208969-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-866015508-761126416-567208969-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-866015508-761126416-567208969-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO

¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \\{D9B70227-A8EF-4165-8EF7-D19CB866F440} -- C:\windows\system32\pcalua.exe (-a C:\Users\Agata\Downloads\SCD-Install.exe -d C:\Users\Agata\Downloads) -> NALEZENO

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS723232L9A360 +++++
--- User ---
[MBR] 29d0b1f129fcf6446ad156a94e004440
[BSP] afa6a77e140755f36c0ac93c46cd0e70 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 300 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 616448 | Size: 247535 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 507568128 | Size: 40000 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 589488128 | Size: 15360 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 0c2864bbd260c505750bd4cfae6dd666
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 7437 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

============================================
RKreport_SCN_06282014_112410.log

Příspěvekod **Orcus** » 28 čer 2014 18:44

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Pokud se log nevejde do jedné zprávy, rozděl jej na více částí.

darbak · Příspěvekod **darbak** » 29 čer 2014 12:24

To už si radši nechám přeinstalovat systém, sestra to plánuje, než aby jsem pořád stahoval nějaký programy, je to nutný? Mě už to nebaví

. Nehledě na to, že to co jsem chtěl odinstalovat jsem už nějak (nevím jak) odstranil.

Příspěvekod **Oxxid** » 29 čer 2014 12:41

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll
O3 - Toolbar: SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll

Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\MyAshampoo
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo\toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\MyAshampoo

Toolbar jsi neodinstaloval Ty, nybrz ho smazal AdwCleaner. Jak vidis nalezu bylo opravdu mnoho (100+) a ty programy udelaly kus prace. Navic tech programu neni mnoho.

Pokud hodlas preinstalovat system, tak toto tema oznac jako vyresene zelenou fajfkou vpravo nahore Obrázek

Příspěvekod **Orcus** » 29 čer 2014 18:09

Asi tak jak bylo napsáno Oxxidem.

Prosím o kontrolu - nejde odinstalovat toolbar Vyřešeno

Prosím o kontrolu - nejde odinstalovat toolbar Vyřešeno

Re: Prosím o kontrolu - nejde odinstalovat toolbar

Re: Prosím o kontrolu - nejde odinstalovat toolbar

Re: Prosím o kontrolu - nejde odinstalovat toolbar

Re: Prosím o kontrolu - nejde odinstalovat toolbar

Re: Prosím o kontrolu - nejde odinstalovat toolbar

Re: Prosím o kontrolu - nejde odinstalovat toolbar

Re: Prosím o kontrolu - nejde odinstalovat toolbar

Re: Prosím o kontrolu - nejde odinstalovat toolbar

Re: Prosím o kontrolu - nejde odinstalovat toolbar

Kdo je online