Prosím o kontrolu

[rengra]

Dobrý den,moc prosím jak mám odeslat HiJackThis?
Po návodu na použití HiJackThis ve Vašem fóru jsem splnila první tři kroky a bohužel nenaskočil ani poznámkový blok......jen při skenu cca po 5 položkách naskočila tabulka "For some reasoon your systems........notepadC:\windows\System32\drivers\etc\hosts ....."

takže vůůůůůbec nevím co s tím jsem počítačový amatér


můžete prosím nějak pomoct????

[Reklama]

[jaro3]

viewtopic.php?f=70&t=5119

spustit jako správce.

[rengra]

Děkuji moc,tak posílám a prosím o kontrolu.Děkuji

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:29, on 8.4.2014
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Windows\System32\WScript.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\lcpmncgihywl.exe
C:\Windows\system32\lcpmncggrk.exe
C:\Windows\system32\conime.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [mncggrkSrv] C:\Windows\system32\mncggrk.vbe
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKLM\..\Run: [mncgihywlSrv] C:\Windows\system32\mncgihywl.vbe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [reg_svr] "C:\Windows\System32\regsvr32.exe" /s "C:\Users\Doma-pc\AppData\Roaming\glister\nvm.dll"
O4 - Startup: trz167C.tmp
O4 - Startup: trz1F52.tmp
O4 - Startup: trz2461.tmp
O4 - Startup: trz475B.tmp
O4 - Startup: trz71E4.tmp
O4 - Startup: trz72AF.tmp
O4 - Startup: trzAD5E.tmp
O4 - Startup: trzADEA.tmp
O4 - Startup: trzF6FB.tmp
O4 - Startup: trzFEF6.tmp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 8972 bytes

[jaro3]

Windows Vista SP1 po odvirování doinstaluj SP2

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.



Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[rengra]

# AdwCleaner v3.023 - Report created 11/04/2014 at 08:55:10
# Updated 01/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Doma-pc - DOMA-PC-PC
# Running from : C:\Users\Doma-pc\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Doma-pc\AppData\Roaming\Mozilla\Firefox\Profiles\v0ubsbrw.default\user.js
File Found : C:\Windows\System32\Tasks\Driver Booster Update
File Found : C:\Windows\System32\Tasks\LaunchApp
Folder Found C:\Users\Doma-pc\Documents\BitLord

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Driver Booster Update
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\LaunchApp
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B49440D-B864-461D-8110-19FC49320D36}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE75D8F1-15C6-43E0-BF43-1EC5ABB423EE}

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18527


-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\Doma-pc\AppData\Roaming\Mozilla\Firefox\Profiles\v0ubsbrw.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2677 octets] - [11/04/2014 08:19:39]
AdwCleaner[R1].txt - [2597 octets] - [11/04/2014 08:55:10]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2657 octets] ##########

[rengra]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11.4.2014
Scan Time: 9:21:38
Logfile: scan malwar.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.11.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Doma-pc

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 184349
Time Elapsed: 13 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.BitCoinMiner, C:\Windows\System32\lcpmncgihywl.exe, 3364, Delete-on-Reboot, [7d941910e3985bdb7d2fd7306998e41c]
PUP.BitCoinMiner, C:\Windows\System32\lcpmncggrk.exe, 1436, Delete-on-Reboot, [09087faa700bb383a10b907756ab4ab6]

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-707345232-136388631-313284310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [e03167c2b4c77eb83c02007558aa54ac],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-707345232-136388631-313284310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [6fa20029e09bd561adcec9c2a75c8c74],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-707345232-136388631-313284310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M2P0U0F0B1O1O1G, Quarantined, [6fa20029e09bd561adcec9c2a75c8c74]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
PUP.BitCoinMiner, C:\Windows\System32\lcpmncgihywl.exe, Delete-on-Reboot, [7d941910e3985bdb7d2fd7306998e41c],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncggrk.exe, Delete-on-Reboot, [09087faa700bb383a10b907756ab4ab6],
Malware.Trace, C:\Windows\inf\ntvdm.inf, Quarantined, [2ee30b1ef08b43f3cce83e4e10f3bf41],
Malware.Trace.E, C:\Users\Doma-pc\AppData\Roaming\apachesrvin.vbs, Quarantined, [40d184a57cff93a3e4b6a5eeea1944bc],
PUP.Optional.QV06.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9200827AS_5RG2L9B8XXXX5RG2L9B8&ts=1365704839", "http://www.seznam.cz/", "http://www.zsbrok.cz/" ],), Replaced,[789955d4b4c7b383ece63f095fa51ae6]

Physical Sectors: 0
(No malicious items detected)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[rengra]

# AdwCleaner v3.101 - Report created 21/04/2014 at 08:46:40
# Updated 20/04/2014 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Username : Doma-pc - DOMA-PC-PC
# Running from : C:\Users\Doma-pc\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Doma-pc\Documents\BitLord
File Deleted : C:\Users\Doma-pc\AppData\Roaming\Mozilla\Firefox\Profiles\v0ubsbrw.default\user.js
File Deleted : C:\Windows\System32\Tasks\Driver Booster Update
File Deleted : C:\Windows\System32\Tasks\LaunchApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE75D8F1-15C6-43E0-BF43-1EC5ABB423EE}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE75D8F1-15C6-43E0-BF43-1EC5ABB423EE}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B49440D-B864-461D-8110-19FC49320D36}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B49440D-B864-461D-8110-19FC49320D36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18527


-\\ Mozilla Firefox v28.0 (cs)

[ File : C:\Users\Doma-pc\AppData\Roaming\Mozilla\Firefox\Profiles\v0ubsbrw.default\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2677 octets] - [11/04/2014 08:19:39]
AdwCleaner[R1].txt - [2737 octets] - [11/04/2014 08:55:10]
AdwCleaner[R2].txt - [3653 octets] - [21/04/2014 08:44:44]
AdwCleaner[S0].txt - [3696 octets] - [21/04/2014 08:46:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3756 octets] ##########

[jaro3]

Ještě JRT a RK.

[rengra]

Po ukončení skenu JRT se na ploše log (JRT.txt) neuložil.

MbAM: Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 29.6.2014
Scan Time: 9:02:58
Logfile: MWM.txt
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Doma-pc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 219412
Time Elapsed: 10 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 28
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{1E8D9DDE-D9CD-E5B7-CB2A-03721300C8E5}, , [1138aa55d7a3e74f0635a6e6c140f20e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1E8D9DDE-D9CD-E5B7-CB2A-03721300C8E5}, , [1138aa55d7a3e74f0635a6e6c140f20e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\50Coueppons.50Coueppons, , [1138aa55d7a3e74f0635a6e6c140f20e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\50Coueppons.50Coueppons.1.8, , [1138aa55d7a3e74f0635a6e6c140f20e],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-707345232-136388631-313284310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1E8D9DDE-D9CD-E5B7-CB2A-03721300C8E5}, , [1138aa55d7a3e74f0635a6e6c140f20e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{1E8D9DDE-D9CD-E5B7-CB2A-03721300C8E5}, , [1138aa55d7a3e74f0635a6e6c140f20e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{1E8D9DDE-D9CD-E5B7-CB2A-03721300C8E5}\INPROCSERVER32, , [1138aa55d7a3e74f0635a6e6c140f20e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{159F6B3B-0019-9975-F4AE-68E6B73D55C3}, , [b891bc433941a2940e2dabe159a82dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{159F6B3B-0019-9975-F4AE-68E6B73D55C3}, , [b891bc433941a2940e2dabe159a82dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\SavveLots.SavveLots, , [b891bc433941a2940e2dabe159a82dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\SavveLots.SavveLots.6.3, , [b891bc433941a2940e2dabe159a82dd3],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-707345232-136388631-313284310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{159F6B3B-0019-9975-F4AE-68E6B73D55C3}, , [b891bc433941a2940e2dabe159a82dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{159F6B3B-0019-9975-F4AE-68E6B73D55C3}, , [b891bc433941a2940e2dabe159a82dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{159F6B3B-0019-9975-F4AE-68E6B73D55C3}\INPROCSERVER32, , [b891bc433941a2940e2dabe159a82dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{AF29C82B-2A76-AF4C-E7F3-4DE4E9EDA1AE}, , [55f429d6daa05adc6ad1781407fafd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AF29C82B-2A76-AF4C-E7F3-4DE4E9EDA1AE}, , [55f429d6daa05adc6ad1781407fafd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\RouboSavver.RouboSavver, , [55f429d6daa05adc6ad1781407fafd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\RouboSavver.RouboSavver.6.1, , [55f429d6daa05adc6ad1781407fafd03],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-707345232-136388631-313284310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF29C82B-2A76-AF4C-E7F3-4DE4E9EDA1AE}, , [55f429d6daa05adc6ad1781407fafd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{AF29C82B-2A76-AF4C-E7F3-4DE4E9EDA1AE}, , [55f429d6daa05adc6ad1781407fafd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{AF29C82B-2A76-AF4C-E7F3-4DE4E9EDA1AE}\INPROCSERVER32, , [55f429d6daa05adc6ad1781407fafd03],
PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [86c328d7403acd692c3bf54c748ebd43],
PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}\INPROCSERVER32, , [86c328d7403acd692c3bf54c748ebd43],
PUP.Optional.Spigot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [86c328d7403acd692c3bf54c748ebd43],
PUP.Optional.Spigot, HKU\S-1-5-21-707345232-136388631-313284310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, , [86c328d7403acd692c3bf54c748ebd43],
PUP.Optional.GreatSaver.A, HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}, , [153433cca2d8be7892397cc3a35f629e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}, , [e56450afc8b25adc07348efe966b8878],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3A787631-66A2-4634-B928-A37E73B58FB6}, , [de6bae517901a3938c213c772bd8c43c],

Registry Values: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-707345232-136388631-313284310-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Slick Savings, "C:\Users\Doma-pc\AppData\Roaming\Slick Savings\CouponsHelper.exe", , [de6bae517901a3938c213c772bd8c43c]

Registry Data: 0
(No malicious items detected)

Folders: 8
PUP.Optional.Spigot.A, C:\Users\Doma-pc\AppData\Roaming\Slick Savings, , [de6bae517901a3938c213c772bd8c43c],
PUP.Optional.Spigot.A, C:\Users\Doma-pc\AppData\Local\Slick Savings, , [3a0f956a89f12313fbb54c678c7709f7],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp, , [80c9d02f601ae452fe89a4e79072f60a],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_2, , [80c9d02f601ae452fe89a4e79072f60a],

Files: 48
PUP.Optional.MultiPlug.A, C:\ProgramData\5u0CouuPoNs\0xcB.dll, , [1138aa55d7a3e74f0635a6e6c140f20e],
PUP.Optional.MultiPlug.A, C:\ProgramData\SavELots\Kc7ly_d.dll, , [b891bc433941a2940e2dabe159a82dd3],
PUP.Optional.MultiPlug.A, C:\ProgramData\RoeboSaver\x0L7i662Q.dll, , [55f429d6daa05adc6ad1781407fafd03],
PUP.Optional.Spigot, C:\Users\Doma-pc\AppData\Roaming\Slick Savings\Coupons.dll, , [86c328d7403acd692c3bf54c748ebd43],
PUP.Optional.MultiPlug.A, C:\ProgramData\5u0CouuPoNs\trzE0F9.tmp, , [d47521def4862a0cab90f89444bd7090],
PUP.Optional.MultiPlug.A, C:\ProgramData\RoeboSaver\x0L7i662Q.exe, , [e56450afc8b25adc07348efe966b8878],
PUP.Optional.MultiPlug.A, C:\ProgramData\SavELots\trz313C.tmp, , [e960679866142b0bc9720e7e2dd42bd5],
Trojan.SProtector, C:\Program Files\trz8E81.tmp, , [1f2adc23abcfb6806d11f7a59a6706fa],
Trojan.SProtector, C:\Program Files\trzEA6D.tmp, , [0a3fb748e694132394e9bedee71adf21],
Trojan.FakeMS, C:\Users\Doma-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz167C.tmp, , [fd4cd52a4535a0965f6aea369b665aa6],
Trojan.FakeMS, C:\Users\Doma-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz2461.tmp, , [72d7e817f189fd391dacd749f30e6799],
Trojan.FakeMS, C:\Users\Doma-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz71E4.tmp, , [7fca55aab8c221159f2a1010bd44a759],
Trojan.FakeMS, C:\Users\Doma-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz72AF.tmp, , [4efb07f842386ccabe0ba77916eb7a86],
Trojan.FakeMS, C:\Users\Doma-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzADEA.tmp, , [65e4946b6a101224c60332eec9380df3],
Trojan.FakeMS, C:\Users\Doma-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzF6FB.tmp, , [f4550ef163171e1865643be519e85aa6],
Trojan.FakeMS, C:\Users\Doma-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzFEF6.tmp, , [4aff1de289f140f63990a080d42d24dc],
Trojan.BitMiner, C:\Windows\System32\dcgmncfhhc.exe, , [6fdaa857e991fa3c6c2e76388f72c63a],
Trojan.BitMiner, C:\Windows\System32\dcgmncggrk.exe, , [b79228d73d3dc67083179915f11045bb],
Trojan.BitMiner, C:\Windows\System32\dcgmncgihywl.exe, , [a7a2bf40b4c6ae887921694552af04fc],
PUP.Optional.OutBrowse, C:\Users\Doma-pc\Downloads\Install Game Setup.exe, , [81c839c64832290dd0063734b050a35d],
Trojan.MSIL, C:\Users\Doma-pc\Downloads\gta-san-andreas-crack.exe, , [4108718e0b6f6accccfb93db68980000],
PUP.Optional.Softonic.A, C:\Users\Doma-pc\Downloads\SoftonicDownloader_for_mcedit.exe, , [de6bf00fef8b3600ec178ed4fe0307f9],
Trojan.Downloader, C:\Users\Doma-pc\Downloads\NFSU-2-Crack-100%.rar, , [62e7f807f08ade58ea592a685ba5946c],
Trojan.Bitcoin.SE, C:\Users\Doma-pc\Downloads\Battlefield-Bad-Company-2-Crack-Fix.zip, , [c287f30c106a0432fb903e22c63b0af6],
Malware.Packer, C:\Users\Doma-pc\Microsoft\DesktopLayer.exe, , [0b3eac53275394a22dd7711c2bd5936d],
Trojan.FakeMS, C:\Users\Doma-pc\Microsoft\DesktopLayermgr.exe, , [84c55fa06713152133965ec2ea173bc5],
Riskware.BitcoinMiner, C:\Users\Public\Other\minerd.exe, , [43069f6045351620d7e1ceb550b145bb],
PUP.Proxy.BCM, C:\Users\Public\Other\mining_proxy.exe, , [69e0b24ded8d81b501e22e35837de41c],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [e16839c6592133030bfe08a44ab9e51b],
PUP.Optional.Spigot.A, C:\Users\Doma-pc\AppData\Roaming\Slick Savings\coupons_2.4.crx, , [de6bae517901a3938c213c772bd8c43c],
PUP.Optional.Spigot.A, C:\Users\Doma-pc\AppData\Roaming\Slick Savings\Coupons64.dll, , [de6bae517901a3938c213c772bd8c43c],
PUP.Optional.Spigot.A, C:\Users\Doma-pc\AppData\Roaming\Slick Savings\CouponsHelper.exe, , [de6bae517901a3938c213c772bd8c43c],
PUP.Optional.Spigot.A, C:\Users\Doma-pc\AppData\Roaming\Slick Savings\coupons_2.9.xpi, , [de6bae517901a3938c213c772bd8c43c],
PUP.Optional.Spigot.A, C:\Users\Doma-pc\AppData\Roaming\Slick Savings\Uninstall.exe, , [de6bae517901a3938c213c772bd8c43c],
PUP.Optional.Spigot.A, C:\Users\Doma-pc\AppData\Local\Slick Savings\coupons.crx, , [3a0f956a89f12313fbb54c678c7709f7],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\background.html, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\config.json, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\manifest.json, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-128.png, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\icons\ss-48.png, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\background.js, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\loader_1036.js, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.5_0\scripts\utils.js, , [d4750bf4532749ed41456f1cee146f91],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_2\amazon-128.png, , [80c9d02f601ae452fe89a4e79072f60a],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_2\amazon-19.png, , [80c9d02f601ae452fe89a4e79072f60a],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_2\amazon-48.png, , [80c9d02f601ae452fe89a4e79072f60a],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_2\background.js, , [80c9d02f601ae452fe89a4e79072f60a],
PUP.Optional.SlickSavings.A, C:\Users\Doma-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_2\manifest.json, , [80c9d02f601ae452fe89a4e79072f60a],

Physical Sectors: 0
(No malicious items detected)


(end)

RK:

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Doma-pc [Práva správce]
Mód : Kontrola -- Datum : 06/29/2014 11:33:32

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 14 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-707345232-136388631-313284310-1000\Software\Microsoft\Windows\CurrentVersion\Run | reg_svr : "C:\Windows\System32\regsvr32.exe" /s "C:\Users\Doma-pc\AppData\Roaming\glister\nvm.dll" -> NALEZENO
[Suspicious.Path] HKEY_USERS\S-1-5-21-707345232-136388631-313284310-1000\Software\Microsoft\Windows\CurrentVersion\Run | Slick Savings : "C:\Users\Doma-pc\AppData\Roaming\Slick Savings\CouponsHelper.exe" -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{934A6B6A-DCE4-49CF-8AE9-8A7AF803EB81} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{934A6B6A-DCE4-49CF-8AE9-8A7AF803EB81} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{934A6B6A-DCE4-49CF-8AE9-8A7AF803EB81} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{934A6B6A-DCE4-49CF-8AE9-8A7AF803EB81} | DhcpNameServer : 213.46.172.37 213.46.172.36 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-707345232-136388631-313284310-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-707345232-136388631-313284310-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 3 ¤¤¤
[PUP][CHROME:Addon] Default : Ebay Shopping Assistant by Spigot [hbcennhacfaagdopikcegfcobcadeocj] -> NALEZENO
[PUP][CHROME:Addon] Default : Slick Savings [mhkaekfpcppmmioggniknbnbdbcigpkk] -> NALEZENO
[PUP][CHROME:Addon] Default : Amazon Shopping Assistant by Spigot [pfndaklgolladniicklehhancnlgocpp] -> NALEZENO

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9200827AS +++++
--- User ---
[MBR] 24fa79e2aed1d14e360fb2872ff3b4dd
[BSP] c83f6d3cdea8c218388548da794008b8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 10001 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20484096 | Size: 180779 MB
User = LL1 ... OK
User = LL2 ... OK

[Orcus]

V MBAM dej vše odstanit, pokud jsi tak neudělala a dodej nový log. Vidím tam cracky k hrám, ty pak uměj dělat taky paseku.

====================================================

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Pokud se log nevejde do jedné zprávy, rozděl jej na více částí.