Dobrý den prosím o kontrolu logu. Děkuji.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:04:09, on 6.8.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
CHROME: 36.0.1985.125
FIREFOX: 22.0 (cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Users\pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\pavel\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: VideoPlayerV3beta830 - {24595a5a-2c43-4ec8-808c-65ac8cd3751d} - (no file)
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\pavel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Battle.net] "C:\Program Files\Battle.net\Battle.net Launcher.exe" --autostarted
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Active@ Disk Monitor - LSoft Technologies Inc - C:\Program Files\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Network HTTP Support Service (NetHttpService) - Unknown owner - C:\Windows\system32\nethtsrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Network Support Service Updater (ServiceUpdater) - Unknown owner - C:\Windows\system32\netupdsrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
--
End of file - 7792 bytes
Prosím o kontrolu logu, pomalá reakce PC Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, pomalá reakce PC
V prvé řadě si doinstaluj SP1!
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu, pomalá reakce PC
# AdwCleaner v3.303 - Report created 07/08/2014 at 10:49:03
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : pavel - KRUTOPŘÍSNEJ
# Running from : C:\Users\pavel\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : nethfdrv
Service Found : NethxxpService
Service Found : ServiceUpdater
***** [ Files / Folders ] *****
File Found : C:\Windows\system32\drivers\nethfdrv.sys
File Found : C:\Windows\system32\hfpapi.dll
File Found : C:\Windows\system32\installd.exe
File Found : C:\Windows\system32\nethtsrv.exe
File Found : C:\Windows\system32\netupdsrv.exe
Folder Found : C:\Program Files\Betcat
Folder Found : C:\Program Files\BetterSurf
Folder Found : C:\Program Files\Better-Surf
Folder Found : C:\Program Files\MediaBuzzV1
Folder Found : C:\Program Files\MediaPlayerV1
Folder Found : C:\Program Files\MediaViewerV1
Folder Found : C:\Program Files\MediaViewV1
Folder Found : C:\Program Files\MediaWatchV1
Folder Found : C:\Program Files\NCH Software
Folder Found : C:\Program Files\VideoPlayerV3
Folder Found : C:\Program Files\WebexpEnhancedV1
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\pavel\AppData\Local\SwvUpdater
Folder Found : C:\Users\pavel\AppData\Roaming\Betcat
Folder Found : C:\Users\pavel\AppData\Roaming\NCH Software
Folder Found : C:\Users\pavel\AppData\Roaming\Web Cake
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1824FF90-C98E-48A6-838F-E3B6572B0C77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1824FF90-C98E-48A6-838F-E3B6572B0C77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKCU\Software\powerpack
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Found : HKLM\Software\MediaBuzzV1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Tarma Installer
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Mozilla Firefox v22.0 (cs)
[ File : C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\uhw4cafa.default-1374704129801\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : dedmngkbaffkenlfdcbganndoghblmap
Found [Extension] : poheodfamflhhhdcmjfeggbgigeefaco
*************************
AdwCleaner[R0].txt - [4861 octets] - [07/08/2014 10:49:03]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4921 octets] ##########
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : pavel - KRUTOPŘÍSNEJ
# Running from : C:\Users\pavel\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : nethfdrv
Service Found : NethxxpService
Service Found : ServiceUpdater
***** [ Files / Folders ] *****
File Found : C:\Windows\system32\drivers\nethfdrv.sys
File Found : C:\Windows\system32\hfpapi.dll
File Found : C:\Windows\system32\installd.exe
File Found : C:\Windows\system32\nethtsrv.exe
File Found : C:\Windows\system32\netupdsrv.exe
Folder Found : C:\Program Files\Betcat
Folder Found : C:\Program Files\BetterSurf
Folder Found : C:\Program Files\Better-Surf
Folder Found : C:\Program Files\MediaBuzzV1
Folder Found : C:\Program Files\MediaPlayerV1
Folder Found : C:\Program Files\MediaViewerV1
Folder Found : C:\Program Files\MediaViewV1
Folder Found : C:\Program Files\MediaWatchV1
Folder Found : C:\Program Files\NCH Software
Folder Found : C:\Program Files\VideoPlayerV3
Folder Found : C:\Program Files\WebexpEnhancedV1
Folder Found : C:\ProgramData\NCH Software
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\pavel\AppData\Local\SwvUpdater
Folder Found : C:\Users\pavel\AppData\Roaming\Betcat
Folder Found : C:\Users\pavel\AppData\Roaming\NCH Software
Folder Found : C:\Users\pavel\AppData\Roaming\Web Cake
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1824FF90-C98E-48A6-838F-E3B6572B0C77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1824FF90-C98E-48A6-838F-E3B6572B0C77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Found : HKCU\Software\powerpack
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Found : HKLM\Software\MediaBuzzV1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Tarma Installer
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Mozilla Firefox v22.0 (cs)
[ File : C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\uhw4cafa.default-1374704129801\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : dedmngkbaffkenlfdcbganndoghblmap
Found [Extension] : poheodfamflhhhdcmjfeggbgigeefaco
*************************
AdwCleaner[R0].txt - [4861 octets] - [07/08/2014 10:49:03]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4921 octets] ##########
Re: Prosím o kontrolu logu, pomalá reakce PC
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7.8.2014
Scan Time: 10:55:16
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.07.01
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7
CPU: x86
File System: NTFS
User: pavel
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 270010
Time Elapsed: 10 min, 31 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 2
PUP.Optional.Amonetize, C:\Windows\System32\nethtsrv.exe, 108, , [a815ac1797e48bab0621237422df1de3]
PUP.Optional.Amonetize, C:\Windows\System32\netupdsrv.exe, 696, , [378672514437a29447e14a4d1ee312ee]
Modules: 0
(No malicious items detected)
Registry Keys: 26
PUP.Optional.Amonetize, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetHttpService, , [a815ac1797e48bab0621237422df1de3],
PUP.Optional.Amonetize, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ServiceUpdater, , [378672514437a29447e14a4d1ee312ee],
PUP.Optional.NetFilter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nethfdrv, , [328bf5cedf9cda5c0c49e2b5e51ca060],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, , [beff853e1368cc6a0b6f4321dd25e51b],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, , [beff853e1368cc6a0b6f4321dd25e51b],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, , [beff853e1368cc6a0b6f4321dd25e51b],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, , [beff853e1368cc6a0b6f4321dd25e51b],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, , [beff853e1368cc6a0b6f4321dd25e51b],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, , [6e4f0fb44f2c77bf1638eb7d55add22e],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, , [6e4f0fb44f2c77bf1638eb7d55add22e],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, , [6e4f0fb44f2c77bf1638eb7d55add22e],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, , [6e4f0fb44f2c77bf1638eb7d55add22e],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, , [6e4f0fb44f2c77bf1638eb7d55add22e],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, , [b80509bafe7d9a9cc9bf09940af850b0],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, , [d0ed7053710a2016d2a7293ba35f738d],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, , [d0ed7053710a2016d2a7293ba35f738d],
PUP.Optional.WebCake.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}, , [526b2a994a31e05641374526a65c3fc1],
PUP.Optional.WebCake.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, , [3c814d7686f561d55c2b0e8fbf4343bd],
PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, , [a617a91a047762d4f3cab12837cbc33d],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1, , [edd07251b6c525117d9b26c7857d35cb],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1mode3018, , [427bb70ca1da0c2a1bfd7d70f210dc24],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dedmngkbaffkenlfdcbganndoghblmap, , [c4f9aa19f289d264c9193aafaf53b050],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\poheodfamflhhhdcmjfeggbgigeefaco, , [d6e7ad16a2d936006fcf90656b97619f],
PUP.Optional.Webexp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Webexp Enhanced, , [ac1115aed5a6fe38818206fbac572fd1],
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{24595a5a-2c43-4ec8-808c-65ac8cd3751d}, , [7746695aa1daa195c3b68c3d758fe61a],
PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{24595A5A-2C43-4EC8-808C-65AC8CD3751D}, , [7746695aa1daa195c3b68c3d758fe61a],
Registry Values: 8
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|xz123@ya456.com, C:\Program Files\BetterSurf\ff, , [1e9f883b89f2bb7b841e835b877b02fe]
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|12x3q@3244516.com, C:\Program Files\Better-Surf\ff, , [aa135b68ef8c26106b1f0d2bbf45e020]
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha256.net, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff, , [ecd1b70c95e693a3f0feca3341c1df21]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta830.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff, , [615cc6fd88f381b5f083f400679bf907]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode3018.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff, , [19a48e35d4a7fa3ce9308865986a936d]
PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETHTTPSERVICE|ImagePath, C:\Windows\system32\nethtsrv.exe, , [6b52972c27546bcb82d0a5911ee68878]
PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICEUPDATER|ImagePath, C:\Windows\system32\netupdsrv.exe, , [9a23c300cab147ef58fbb482ed1702fe]
Worm.Brontok, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, , [3a83c8fb6b10a294ebbb086fd52ee61a],
Registry Data: 0
(No malicious items detected)
Folders: 46
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, , [a617a91a047762d4f3cab12837cbc33d],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-22, , [9c2182410b70270fe31dc5e821e1c13f],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-25, , [0ab30fb4d2a9300688785855cb3703fd],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-26, , [44791ea5f2899b9b5ea2921b13ef738d],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-27, , [3984f4cf671464d29f6166471ce614ec],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-28, , [7845834032493303a45c8b22b052f60a],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-29, , [dce100c3324995a1f0109617e51da35d],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-30, , [b805ac17710a79bd7a863e6fb74b6898],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ch, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\chrome, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\chrome\content, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ie, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ch, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\chrome, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\chrome\content, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ie, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ch, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\icons, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\icons\default, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ie, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ch, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\icons, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\icons\default, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ie, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ch, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\icons, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\icons\default, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ie, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1, , [2e8f09bae69566d07fb85277f70b6c94],
Files: 48
PUP.Optional.Amonetize, C:\Windows\System32\nethtsrv.exe, , [a815ac1797e48bab0621237422df1de3],
PUP.Optional.Amonetize, C:\Windows\System32\netupdsrv.exe, , [378672514437a29447e14a4d1ee312ee],
PUP.Optional.NetFilter, C:\Windows\System32\drivers\nethfdrv.sys, , [328bf5cedf9cda5c0c49e2b5e51ca060],
PUP.Optional.Conduit.A, C:\Users\pavel\AppData\Roaming\uTorrent\ism.exe, , [d0eda51e3f3cee48c113abe6f30e8d73],
PUP.Optional.InstallD.A, C:\Windows\System32\installd.exe, , [bd00d8eb89f290a69fcf8e4859a96997],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, , [a617a91a047762d4f3cab12837cbc33d],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, , [a617a91a047762d4f3cab12837cbc33d],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, , [a617a91a047762d4f3cab12837cbc33d],
Trojan.Agent.Gen, C:\ProgramData\rundll32.exe, , [09b402c1a0dbc571607f35e13cc749b7],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ch\Chrome.crx, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\BetterSurf.xpi, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\build.cmd, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\chrome.manifest, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\install.rdf, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\chrome\content\firefox.js, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\chrome\content\inject.js, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ch\Chrome.crx, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\Better-Surf.xpi, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\build.cmd, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\chrome.manifest, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\install.rdf, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\chrome\content\better-surf.js, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\chrome\content\firefox.js, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ch\WebexpEnhancedV1alpha256.crx, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome.manifest, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\install.rdf, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\ffWebexpEnhancedV1alpha256.js, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\ffWebexpEnhancedV1alpha256ffaction.js, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\overlay.xul, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\icons\Thumbs.db, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\icons\default\WebexpEnhancedV1alpha256_32.png, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ch\VideoPlayerV3beta830.crx, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome.manifest, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\install.rdf, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\ffVideoPlayerV3beta830.js, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\ffVideoPlayerV3beta830ffaction.js, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\overlay.xul, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\icons\Thumbs.db, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\icons\default\VideoPlayerV3beta830_32.png, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ie\VideoPlayerV3beta830.dll, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ch\MediaBuzzV1mode3018.crx, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome.manifest, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\install.rdf, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\ffMediaBuzzV1mode3018.js, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\ffMediaBuzzV1mode3018ffaction.js, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\overlay.xul, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\icons\Thumbs.db, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\icons\default\MediaBuzzV1mode3018_32.png, , [299452715c1f7bbb215cf4c934ce05fb],
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 7.8.2014
Scan Time: 10:55:16
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.07.01
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7
CPU: x86
File System: NTFS
User: pavel
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 270010
Time Elapsed: 10 min, 31 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 2
PUP.Optional.Amonetize, C:\Windows\System32\nethtsrv.exe, 108, , [a815ac1797e48bab0621237422df1de3]
PUP.Optional.Amonetize, C:\Windows\System32\netupdsrv.exe, 696, , [378672514437a29447e14a4d1ee312ee]
Modules: 0
(No malicious items detected)
Registry Keys: 26
PUP.Optional.Amonetize, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetHttpService, , [a815ac1797e48bab0621237422df1de3],
PUP.Optional.Amonetize, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ServiceUpdater, , [378672514437a29447e14a4d1ee312ee],
PUP.Optional.NetFilter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nethfdrv, , [328bf5cedf9cda5c0c49e2b5e51ca060],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, , [beff853e1368cc6a0b6f4321dd25e51b],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, , [beff853e1368cc6a0b6f4321dd25e51b],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, , [beff853e1368cc6a0b6f4321dd25e51b],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, , [beff853e1368cc6a0b6f4321dd25e51b],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, , [beff853e1368cc6a0b6f4321dd25e51b],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, , [6e4f0fb44f2c77bf1638eb7d55add22e],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{BEAA0C04-ED15-4C17-800B-28716025A4E4}, , [6e4f0fb44f2c77bf1638eb7d55add22e],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{65B07D06-95A1-409D-93FF-8CB14E1EC86A}, , [6e4f0fb44f2c77bf1638eb7d55add22e],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, , [6e4f0fb44f2c77bf1638eb7d55add22e],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}, , [6e4f0fb44f2c77bf1638eb7d55add22e],
PUP.Optional.WebCake.A, HKLM\SOFTWARE\CLASSES\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}, , [b80509bafe7d9a9cc9bf09940af850b0],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, , [d0ed7053710a2016d2a7293ba35f738d],
PUP.Optional.BetterSurf.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, , [d0ed7053710a2016d2a7293ba35f738d],
PUP.Optional.WebCake.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}, , [526b2a994a31e05641374526a65c3fc1],
PUP.Optional.WebCake.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AF6B0594-6008-4327-93E5-608AD710A6FA}, , [3c814d7686f561d55c2b0e8fbf4343bd],
PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, , [a617a91a047762d4f3cab12837cbc33d],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1, , [edd07251b6c525117d9b26c7857d35cb],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1mode3018, , [427bb70ca1da0c2a1bfd7d70f210dc24],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dedmngkbaffkenlfdcbganndoghblmap, , [c4f9aa19f289d264c9193aafaf53b050],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\poheodfamflhhhdcmjfeggbgigeefaco, , [d6e7ad16a2d936006fcf90656b97619f],
PUP.Optional.Webexp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Webexp Enhanced, , [ac1115aed5a6fe38818206fbac572fd1],
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{24595a5a-2c43-4ec8-808c-65ac8cd3751d}, , [7746695aa1daa195c3b68c3d758fe61a],
PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{24595A5A-2C43-4EC8-808C-65AC8CD3751D}, , [7746695aa1daa195c3b68c3d758fe61a],
Registry Values: 8
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|xz123@ya456.com, C:\Program Files\BetterSurf\ff, , [1e9f883b89f2bb7b841e835b877b02fe]
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|12x3q@3244516.com, C:\Program Files\Better-Surf\ff, , [aa135b68ef8c26106b1f0d2bbf45e020]
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha256.net, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff, , [ecd1b70c95e693a3f0feca3341c1df21]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta830.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff, , [615cc6fd88f381b5f083f400679bf907]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode3018.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff, , [19a48e35d4a7fa3ce9308865986a936d]
PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETHTTPSERVICE|ImagePath, C:\Windows\system32\nethtsrv.exe, , [6b52972c27546bcb82d0a5911ee68878]
PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICEUPDATER|ImagePath, C:\Windows\system32\netupdsrv.exe, , [9a23c300cab147ef58fbb482ed1702fe]
Worm.Brontok, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, , [3a83c8fb6b10a294ebbb086fd52ee61a],
Registry Data: 0
(No malicious items detected)
Folders: 46
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, , [a617a91a047762d4f3cab12837cbc33d],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-22, , [9c2182410b70270fe31dc5e821e1c13f],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-25, , [0ab30fb4d2a9300688785855cb3703fd],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-26, , [44791ea5f2899b9b5ea2921b13ef738d],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-27, , [3984f4cf671464d29f6166471ce614ec],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-28, , [7845834032493303a45c8b22b052f60a],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-29, , [dce100c3324995a1f0109617e51da35d],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-30, , [b805ac17710a79bd7a863e6fb74b6898],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ch, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\chrome, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\chrome\content, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ie, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ch, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\chrome, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\chrome\content, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ie, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ch, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\icons, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\icons\default, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ie, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ch, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\icons, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\icons\default, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ie, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ch, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\icons, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\icons\default, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ie, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1, , [2e8f09bae69566d07fb85277f70b6c94],
Files: 48
PUP.Optional.Amonetize, C:\Windows\System32\nethtsrv.exe, , [a815ac1797e48bab0621237422df1de3],
PUP.Optional.Amonetize, C:\Windows\System32\netupdsrv.exe, , [378672514437a29447e14a4d1ee312ee],
PUP.Optional.NetFilter, C:\Windows\System32\drivers\nethfdrv.sys, , [328bf5cedf9cda5c0c49e2b5e51ca060],
PUP.Optional.Conduit.A, C:\Users\pavel\AppData\Roaming\uTorrent\ism.exe, , [d0eda51e3f3cee48c113abe6f30e8d73],
PUP.Optional.InstallD.A, C:\Windows\System32\installd.exe, , [bd00d8eb89f290a69fcf8e4859a96997],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, , [a617a91a047762d4f3cab12837cbc33d],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, , [a617a91a047762d4f3cab12837cbc33d],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, , [a617a91a047762d4f3cab12837cbc33d],
Trojan.Agent.Gen, C:\ProgramData\rundll32.exe, , [09b402c1a0dbc571607f35e13cc749b7],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ch\Chrome.crx, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\BetterSurf.xpi, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\build.cmd, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\chrome.manifest, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\install.rdf, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\chrome\content\firefox.js, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\BetterSurf\ff\chrome\content\inject.js, , [44797f44d8a347ef979a71416999c63a],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ch\Chrome.crx, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\Better-Surf.xpi, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\build.cmd, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\chrome.manifest, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\install.rdf, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\chrome\content\better-surf.js, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.BetterSurf, C:\Program Files\Better-Surf\ff\chrome\content\firefox.js, , [9627af1449327bbbfd7907ab09f9ed13],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ch\WebexpEnhancedV1alpha256.crx, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome.manifest, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\install.rdf, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\ffWebexpEnhancedV1alpha256.js, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\ffWebexpEnhancedV1alpha256ffaction.js, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\overlay.xul, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\icons\Thumbs.db, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff\chrome\content\icons\default\WebexpEnhancedV1alpha256_32.png, , [2a930ab9ea91a69047767f3347bb02fe],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ch\VideoPlayerV3beta830.crx, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome.manifest, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\install.rdf, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\ffVideoPlayerV3beta830.js, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\ffVideoPlayerV3beta830ffaction.js, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\overlay.xul, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\icons\Thumbs.db, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff\chrome\content\icons\default\VideoPlayerV3beta830_32.png, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.VideoPlayer.A, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ie\VideoPlayerV3beta830.dll, , [caf3f4cf0b70a4926f266651eb1759a7],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ch\MediaBuzzV1mode3018.crx, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome.manifest, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\install.rdf, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\ffMediaBuzzV1mode3018.js, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\ffMediaBuzzV1mode3018ffaction.js, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\overlay.xul, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\icons\Thumbs.db, , [299452715c1f7bbb215cf4c934ce05fb],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff\chrome\content\icons\default\MediaBuzzV1mode3018_32.png, , [299452715c1f7bbb215cf4c934ce05fb],
Physical Sectors: 0
(No malicious items detected)
(end)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, pomalá reakce PC
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu, pomalá reakce PC
# AdwCleaner v3.303 - Report created 08/08/2014 at 16:04:34
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : pavel - KRUTOPŘÍSNEJ
# Running from : C:\Users\pavel\Desktop\adwcleaner_3.303.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Mozilla Firefox v22.0 (cs)
[ File : C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\uhw4cafa.default-1374704129801\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : dedmngkbaffkenlfdcbganndoghblmap
Found [Extension] : poheodfamflhhhdcmjfeggbgigeefaco
*************************
AdwCleaner[R0].txt - [5001 octets] - [07/08/2014 10:49:03]
AdwCleaner[R1].txt - [5061 octets] - [08/08/2014 15:41:50]
AdwCleaner[R2].txt - [1286 octets] - [08/08/2014 15:45:43]
AdwCleaner[R3].txt - [1379 octets] - [08/08/2014 15:47:07]
AdwCleaner[R4].txt - [1498 octets] - [08/08/2014 15:48:27]
AdwCleaner[R5].txt - [1623 octets] - [08/08/2014 15:56:14]
AdwCleaner[R6].txt - [1742 octets] - [08/08/2014 16:02:47]
AdwCleaner[R7].txt - [1366 octets] - [08/08/2014 16:04:34]
AdwCleaner[S0].txt - [4955 octets] - [08/08/2014 15:44:27]
AdwCleaner[S1].txt - [916 octets] - [08/08/2014 15:46:24]
AdwCleaner[S2].txt - [916 octets] - [08/08/2014 15:47:55]
AdwCleaner[S3].txt - [916 octets] - [08/08/2014 15:49:08]
AdwCleaner[S4].txt - [922 octets] - [08/08/2014 15:57:01]
AdwCleaner[S5].txt - [922 octets] - [08/08/2014 16:03:59]
########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1781 octets] ##########
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : pavel - KRUTOPŘÍSNEJ
# Running from : C:\Users\pavel\Desktop\adwcleaner_3.303.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Mozilla Firefox v22.0 (cs)
[ File : C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\uhw4cafa.default-1374704129801\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : dedmngkbaffkenlfdcbganndoghblmap
Found [Extension] : poheodfamflhhhdcmjfeggbgigeefaco
*************************
AdwCleaner[R0].txt - [5001 octets] - [07/08/2014 10:49:03]
AdwCleaner[R1].txt - [5061 octets] - [08/08/2014 15:41:50]
AdwCleaner[R2].txt - [1286 octets] - [08/08/2014 15:45:43]
AdwCleaner[R3].txt - [1379 octets] - [08/08/2014 15:47:07]
AdwCleaner[R4].txt - [1498 octets] - [08/08/2014 15:48:27]
AdwCleaner[R5].txt - [1623 octets] - [08/08/2014 15:56:14]
AdwCleaner[R6].txt - [1742 octets] - [08/08/2014 16:02:47]
AdwCleaner[R7].txt - [1366 octets] - [08/08/2014 16:04:34]
AdwCleaner[S0].txt - [4955 octets] - [08/08/2014 15:44:27]
AdwCleaner[S1].txt - [916 octets] - [08/08/2014 15:46:24]
AdwCleaner[S2].txt - [916 octets] - [08/08/2014 15:47:55]
AdwCleaner[S3].txt - [916 octets] - [08/08/2014 15:49:08]
AdwCleaner[S4].txt - [922 octets] - [08/08/2014 15:57:01]
AdwCleaner[S5].txt - [922 octets] - [08/08/2014 16:03:59]
########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1781 octets] ##########
Re: Prosím o kontrolu logu, pomalá reakce PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by pavel on p 08.08.2014 at 16:11:21,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 08.08.2014 at 16:13:33,97
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by pavel on p 08.08.2014 at 16:11:21,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p 08.08.2014 at 16:13:33,97
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Prosím o kontrolu logu, pomalá reakce PC
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 8.8.2014
Čas skenování: 16:16:07
Protokol:
Správce: Ano
Verze: 2.00.2.1012
Databáze malwaru: v2014.08.08.03
Databáze rootkitů: v2014.08.04.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Self-protection: Vypnuto
OS: Windows 7
CPU: x86
Souborový systém: NTFS
Uživatel: pavel
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 270849
Uplynulý čas: 11 min, 50 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(No malicious items detected)
Moduly: 0
(No malicious items detected)
Klíče registru: 5
PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, , [3de6b50fdf9c78be321e8d4fd52d8977],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1mode3018, , [c3609b29a6d54de9cdd55798cf3301ff],
PUP.Optional.Webexp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Webexp Enhanced, , [ba69477d6714082e652442c1ac575ca4],
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{24595a5a-2c43-4ec8-808c-65ac8cd3751d}, , [a380497ba2d9e4524509c705857f9868],
PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{24595A5A-2C43-4EC8-808C-65AC8CD3751D}, , [a380497ba2d9e4524509c705857f9868],
Hodnoty registru: 4
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha256.net, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff, , [150eb80cd7a44beb581c728eb54e7888]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta830.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff, , [5fc4527297e487afe81127cfb151659b]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode3018.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff, , [e83b655fc6b5fd396e350ee1d13128d8]
Worm.Brontok, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, , [30f33094512a0e2836f5cdad3cc77f81],
Data registru: 0
(No malicious items detected)
Složky: 9
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, , [3de6b50fdf9c78be321e8d4fd52d8977],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-22, , [5cc7586c314a4de9a5cb8a24ac567d83],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-25, , [f42f259f3c3f85b127498c22946e8c74],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-26, , [8c97e5dffd7e82b4432da707b74bd927],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-27, , [32f11da77b003cfafc74c8e68f73ba46],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-28, , [1c07a321ccaf2b0bf37d3975ce34db25],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-29, , [ad76992bc2b90135442ceec07a887789],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-30, , [57cc5b69017a999da2ce2d8125ddc739],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1, , [da495b69c8b3a6909b0c55753ec422de],
Soubory: 5
PUP.Optional.Conduit.A, C:\Users\pavel\AppData\Roaming\uTorrent\ism.exe, , [a87b07bdbdbe290d829c048e79885aa6],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, , [3de6b50fdf9c78be321e8d4fd52d8977],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, , [3de6b50fdf9c78be321e8d4fd52d8977],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, , [3de6b50fdf9c78be321e8d4fd52d8977],
Trojan.Agent.Gen, C:\ProgramData\rundll32.exe, , [fe253f85e7945cda68fdba5f49bac23e],
Fyzické sektory: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Datum skenování: 8.8.2014
Čas skenování: 16:16:07
Protokol:
Správce: Ano
Verze: 2.00.2.1012
Databáze malwaru: v2014.08.08.03
Databáze rootkitů: v2014.08.04.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Self-protection: Vypnuto
OS: Windows 7
CPU: x86
Souborový systém: NTFS
Uživatel: pavel
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 270849
Uplynulý čas: 11 min, 50 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(No malicious items detected)
Moduly: 0
(No malicious items detected)
Klíče registru: 5
PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, , [3de6b50fdf9c78be321e8d4fd52d8977],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1mode3018, , [c3609b29a6d54de9cdd55798cf3301ff],
PUP.Optional.Webexp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Webexp Enhanced, , [ba69477d6714082e652442c1ac575ca4],
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{24595a5a-2c43-4ec8-808c-65ac8cd3751d}, , [a380497ba2d9e4524509c705857f9868],
PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{24595A5A-2C43-4EC8-808C-65AC8CD3751D}, , [a380497ba2d9e4524509c705857f9868],
Hodnoty registru: 4
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha256.net, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff, , [150eb80cd7a44beb581c728eb54e7888]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta830.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff, , [5fc4527297e487afe81127cfb151659b]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode3018.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff, , [e83b655fc6b5fd396e350ee1d13128d8]
Worm.Brontok, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, , [30f33094512a0e2836f5cdad3cc77f81],
Data registru: 0
(No malicious items detected)
Složky: 9
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, , [3de6b50fdf9c78be321e8d4fd52d8977],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-22, , [5cc7586c314a4de9a5cb8a24ac567d83],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-25, , [f42f259f3c3f85b127498c22946e8c74],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-26, , [8c97e5dffd7e82b4432da707b74bd927],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-27, , [32f11da77b003cfafc74c8e68f73ba46],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-28, , [1c07a321ccaf2b0bf37d3975ce34db25],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-29, , [ad76992bc2b90135442ceec07a887789],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-30, , [57cc5b69017a999da2ce2d8125ddc739],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1, , [da495b69c8b3a6909b0c55753ec422de],
Soubory: 5
PUP.Optional.Conduit.A, C:\Users\pavel\AppData\Roaming\uTorrent\ism.exe, , [a87b07bdbdbe290d829c048e79885aa6],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, , [3de6b50fdf9c78be321e8d4fd52d8977],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, , [3de6b50fdf9c78be321e8d4fd52d8977],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, , [3de6b50fdf9c78be321e8d4fd52d8977],
Trojan.Agent.Gen, C:\ProgramData\rundll32.exe, , [fe253f85e7945cda68fdba5f49bac23e],
Fyzické sektory: 0
(No malicious items detected)
(end)
Re: Prosím o kontrolu logu, pomalá reakce PC
RogueKiller V9.2.6.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : pavel [Práva správce]
Mód : Kontrola -- Datum : 08/08/2014 16:37:45
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gdrv -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FCB46678-E34A-42F7-90B9-EE271DA2F08A} | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FCB46678-E34A-42F7-90B9-EE271DA2F08A} | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FCB46678-E34A-42F7-90B9-EE271DA2F08A} | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FCB46678-E34A-42F7-90B9-EE271DA2F08A} | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-548458550-2039160914-725767956-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-548458550-2039160914-725767956-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: NAHRÁNO) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] a15c6a21c25a3435dc816fc8c553872e
[BSP] 6d11f3b9ddfd8b6fbcaa9c4d1c7d31a8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24578048 | Size: 90000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 208898048 | Size: 50625 MB
User = LL1 ... OK
User = LL2 ... OK
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : pavel [Práva správce]
Mód : Kontrola -- Datum : 08/08/2014 16:37:45
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gdrv -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FCB46678-E34A-42F7-90B9-EE271DA2F08A} | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FCB46678-E34A-42F7-90B9-EE271DA2F08A} | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FCB46678-E34A-42F7-90B9-EE271DA2F08A} | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FCB46678-E34A-42F7-90B9-EE271DA2F08A} | DhcpNameServer : 192.168.1.20 217.197.159.194 217.197.152.135 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-548458550-2039160914-725767956-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-548458550-2039160914-725767956-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: NAHRÁNO) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] a15c6a21c25a3435dc816fc8c553872e
[BSP] 6d11f3b9ddfd8b6fbcaa9c4d1c7d31a8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24578048 | Size: 90000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 208898048 | Size: 50625 MB
User = LL1 ... OK
User = LL2 ... OK
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, pomalá reakce PC
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu, pomalá reakce PC
# AdwCleaner v3.304 - Report created 11/08/2014 at 10:15:13
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : pavel - KRUTOPŘÍSNEJ
# Running from : C:\Users\pavel\Desktop\adwcleaner_3.304.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Mozilla Firefox v22.0 (cs)
[ File : C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\uhw4cafa.default-1374704129801\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : dedmngkbaffkenlfdcbganndoghblmap
Deleted [Extension] : poheodfamflhhhdcmjfeggbgigeefaco
*************************
AdwCleaner[R0].txt - [5001 octets] - [07/08/2014 10:49:03]
AdwCleaner[R1].txt - [5061 octets] - [08/08/2014 15:41:50]
AdwCleaner[R2].txt - [1286 octets] - [08/08/2014 15:45:43]
AdwCleaner[R3].txt - [1379 octets] - [08/08/2014 15:47:07]
AdwCleaner[R4].txt - [1498 octets] - [08/08/2014 15:48:27]
AdwCleaner[R5].txt - [1623 octets] - [08/08/2014 15:56:14]
AdwCleaner[R6].txt - [1742 octets] - [08/08/2014 16:02:47]
AdwCleaner[R7].txt - [1861 octets] - [08/08/2014 16:04:34]
AdwCleaner[R8].txt - [1921 octets] - [11/08/2014 10:14:16]
AdwCleaner[S0].txt - [4955 octets] - [08/08/2014 15:44:27]
AdwCleaner[S1].txt - [916 octets] - [08/08/2014 15:46:24]
AdwCleaner[S2].txt - [916 octets] - [08/08/2014 15:47:55]
AdwCleaner[S3].txt - [916 octets] - [08/08/2014 15:49:08]
AdwCleaner[S4].txt - [922 octets] - [08/08/2014 15:57:01]
AdwCleaner[S5].txt - [922 octets] - [08/08/2014 16:03:59]
AdwCleaner[S6].txt - [1848 octets] - [11/08/2014 10:15:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1908 octets] ##########
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : pavel - KRUTOPŘÍSNEJ
# Running from : C:\Users\pavel\Desktop\adwcleaner_3.304.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Mozilla Firefox v22.0 (cs)
[ File : C:\Users\pavel\AppData\Roaming\Mozilla\Firefox\Profiles\uhw4cafa.default-1374704129801\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\pavel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : dedmngkbaffkenlfdcbganndoghblmap
Deleted [Extension] : poheodfamflhhhdcmjfeggbgigeefaco
*************************
AdwCleaner[R0].txt - [5001 octets] - [07/08/2014 10:49:03]
AdwCleaner[R1].txt - [5061 octets] - [08/08/2014 15:41:50]
AdwCleaner[R2].txt - [1286 octets] - [08/08/2014 15:45:43]
AdwCleaner[R3].txt - [1379 octets] - [08/08/2014 15:47:07]
AdwCleaner[R4].txt - [1498 octets] - [08/08/2014 15:48:27]
AdwCleaner[R5].txt - [1623 octets] - [08/08/2014 15:56:14]
AdwCleaner[R6].txt - [1742 octets] - [08/08/2014 16:02:47]
AdwCleaner[R7].txt - [1861 octets] - [08/08/2014 16:04:34]
AdwCleaner[R8].txt - [1921 octets] - [11/08/2014 10:14:16]
AdwCleaner[S0].txt - [4955 octets] - [08/08/2014 15:44:27]
AdwCleaner[S1].txt - [916 octets] - [08/08/2014 15:46:24]
AdwCleaner[S2].txt - [916 octets] - [08/08/2014 15:47:55]
AdwCleaner[S3].txt - [916 octets] - [08/08/2014 15:49:08]
AdwCleaner[S4].txt - [922 octets] - [08/08/2014 15:57:01]
AdwCleaner[S5].txt - [922 octets] - [08/08/2014 16:03:59]
AdwCleaner[S6].txt - [1848 octets] - [11/08/2014 10:15:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [1908 octets] ##########
Re: Prosím o kontrolu logu, pomalá reakce PC
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 11.8.2014
Čas skenování: 10:20:21
Protokol: chyba.txt
Správce: Ano
Verze: 2.00.2.1012
Databáze malwaru: v2014.08.11.01
Databáze rootkitů: v2014.08.04.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Self-protection: Vypnuto
OS: Windows 7
CPU: x86
Souborový systém: NTFS
Uživatel: pavel
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 270915
Uplynulý čas: 8 min, 15 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(No malicious items detected)
Moduly: 0
(No malicious items detected)
Klíče registru: 5
PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, Do karantény, [3b12d5f0cab1a6904b79dd0022e05ca4],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1mode3018, Do karantény, [5fee2f96354653e31204fcf5c43e5aa6],
PUP.Optional.Webexp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Webexp Enhanced, Do karantény, [fa53ae17bdbe3501fb00d92be41f08f8],
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{24595a5a-2c43-4ec8-808c-65ac8cd3751d}, Do karantény, [8cc1fbca7a01979f4ddd2ca23ec645bb],
PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{24595A5A-2C43-4EC8-808C-65AC8CD3751D}, Do karantény, [8cc1fbca7a01979f4ddd2ca23ec645bb],
Hodnoty registru: 4
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha256.net, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff, Do karantény, [54f9ad18186321156482d22f5ba8b749]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta830.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff, Do karantény, [04493d88e49795a1e982a94f669c916f]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode3018.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff, Do karantény, [a0ade9dc4a315dd9a473fff222e0b14f]
Worm.Brontok, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, Do karantény, [6be2bc09e19af3432d70a9d2f0135ca4],
Data registru: 0
(No malicious items detected)
Složky: 9
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, Do karantény, [3b12d5f0cab1a6904b79dd0022e05ca4],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-22, Do karantény, [1a33a61f0f6c1f17bdcc664903ffbc44],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-25, Do karantény, [034a962f413a03330b7e1b94c83a21df],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-26, Do karantény, [1c31c3026714ff377c0d4b6444be26da],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-27, Do karantény, [d57842835d1e30063d4c218e788aca36],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-28, Do karantény, [9db02a9b710adc5a8bfeab04fd05d030],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-29, Do karantény, [71dce0e584f7bb7b0386d6d9946e9769],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-30, Do karantény, [52fbd7eedba089ad3f4a614ea55d8d73],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1, Do karantény, [79d43b8a2655cc6ac4fcb8131de5c040],
Soubory: 5
PUP.Optional.Conduit.A, C:\Users\pavel\AppData\Roaming\uTorrent\ism.exe, Do karantény, [4d0003c294e781b563f1236f13ee8977],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, Do karantény, [3b12d5f0cab1a6904b79dd0022e05ca4],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, Do karantény, [3b12d5f0cab1a6904b79dd0022e05ca4],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, Do karantény, [3b12d5f0cab1a6904b79dd0022e05ca4],
Trojan.Agent.Gen, C:\ProgramData\rundll32.exe, Do karantény, [3815368ff289c5716c6bf1293ac915eb],
Fyzické sektory: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Datum skenování: 11.8.2014
Čas skenování: 10:20:21
Protokol: chyba.txt
Správce: Ano
Verze: 2.00.2.1012
Databáze malwaru: v2014.08.11.01
Databáze rootkitů: v2014.08.04.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Self-protection: Vypnuto
OS: Windows 7
CPU: x86
Souborový systém: NTFS
Uživatel: pavel
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 270915
Uplynulý čas: 8 min, 15 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(No malicious items detected)
Moduly: 0
(No malicious items detected)
Klíče registru: 5
PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, Do karantény, [3b12d5f0cab1a6904b79dd0022e05ca4],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1mode3018, Do karantény, [5fee2f96354653e31204fcf5c43e5aa6],
PUP.Optional.Webexp, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Webexp Enhanced, Do karantény, [fa53ae17bdbe3501fb00d92be41f08f8],
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{24595a5a-2c43-4ec8-808c-65ac8cd3751d}, Do karantény, [8cc1fbca7a01979f4ddd2ca23ec645bb],
PUP.Optional.VideoPlayer.A, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{24595A5A-2C43-4EC8-808C-65AC8CD3751D}, Do karantény, [8cc1fbca7a01979f4ddd2ca23ec645bb],
Hodnoty registru: 4
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@WebexpEnhancedV1alpha256.net, C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha256\ff, Do karantény, [54f9ad18186321156482d22f5ba8b749]
PUP.Optional.VideoPlayer.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@VideoPlayerV3beta830.net, C:\Program Files\VideoPlayerV3\VideoPlayerV3beta830\ff, Do karantény, [04493d88e49795a1e982a94f669c916f]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode3018.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode3018\ff, Do karantény, [a0ade9dc4a315dd9a473fff222e0b14f]
Worm.Brontok, HKU\S-1-5-21-548458550-2039160914-725767956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Tok-Cirrhatus, Do karantény, [6be2bc09e19af3432d70a9d2f0135ca4],
Data registru: 0
(No malicious items detected)
Složky: 9
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config, Do karantény, [3b12d5f0cab1a6904b79dd0022e05ca4],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-22, Do karantény, [1a33a61f0f6c1f17bdcc664903ffbc44],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-25, Do karantény, [034a962f413a03330b7e1b94c83a21df],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-26, Do karantény, [1c31c3026714ff377c0d4b6444be26da],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-27, Do karantény, [d57842835d1e30063d4c218e788aca36],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-28, Do karantény, [9db02a9b710adc5a8bfeab04fd05d030],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-29, Do karantény, [71dce0e584f7bb7b0386d6d9946e9769],
Worm.Brontok, C:\Users\pavel\AppData\Local\Bron.tok-15-30, Do karantény, [52fbd7eedba089ad3f4a614ea55d8d73],
PUP.Optional.TrustMediaViewer.A, C:\Program Files\TrustMediaViewerV1, Do karantény, [79d43b8a2655cc6ac4fcb8131de5c040],
Soubory: 5
PUP.Optional.Conduit.A, C:\Users\pavel\AppData\Roaming\uTorrent\ism.exe, Do karantény, [4d0003c294e781b563f1236f13ee8977],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\ver.xml, Do karantény, [3b12d5f0cab1a6904b79dd0022e05ca4],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\data.xml, Do karantény, [3b12d5f0cab1a6904b79dd0022e05ca4],
PUP.Optional.OffersWizard.A, C:\Program Files\Common Files\Config\uninstinethnfd.exe, Do karantény, [3b12d5f0cab1a6904b79dd0022e05ca4],
Trojan.Agent.Gen, C:\ProgramData\rundll32.exe, Do karantény, [3815368ff289c5716c6bf1293ac915eb],
Fyzické sektory: 0
(No malicious items detected)
(end)
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 15 hostů