prosim o kontrolu logu

[huhto]

DOBŘE,K TOMU SE DOSTANU ZITRA,ZA CHVILI JDU NA NOČNÍ,PORADITE MI ZITRA ?

[Reklama]

[memphisto]

Samozřejmě. Buď já nebo jaro3 či orcus

[huhto]

RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : oem [Práva správce]
Mód : Prohledat -- Datum : 11/15/2014 15:31:07

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 36 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> Nalezeno
[PUP] (X64) HKEY_USERS\S-1-5-21-2685867222-1597755569-815654481-1000\Software\Microsoft\Windows\CurrentVersion\Run | NextLive : C:\Windows\SysWOW64\rundll32.exe "C:\Users\oem\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Nalezeno
[PUP] (X86) HKEY_USERS\S-1-5-21-2685867222-1597755569-815654481-1000\Software\Microsoft\Windows\CurrentVersion\Run | NextLive : C:\Windows\SysWOW64\rundll32.exe "C:\Users\oem\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DefaultTabSearch (C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IePluginServices (C:\ProgramData\IePluginServices\PluginService.exe -service) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPBIUpd (C:\Program Files\Common Files\ShopperPro\spbiu.exe /service) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPBIUpdd (\??\C:\Program Files\Common Files\ShopperPro\spbiw.sys) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DefaultTabSearch (C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IePluginServices (C:\ProgramData\IePluginServices\PluginService.exe -service) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPBIUpd (C:\Program Files\Common Files\ShopperPro\spbiu.exe /service) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPBIUpdd (\??\C:\Program Files\Common Files\ShopperPro\spbiw.sys) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DefaultTabSearch (C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdate (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdatem (C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IePluginServices (C:\ProgramData\IePluginServices\PluginService.exe -service) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SPBIUpd (C:\Program Files\Common Files\ShopperPro\spbiu.exe /service) -> Nalezeno
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SPBIUpdd (\??\C:\Program Files\Common Files\ShopperPro\spbiw.sys) -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2685867222-1597755569-815654481-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=13415/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2685867222-1597755569-815654481-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/?clid=13415/ -> Nalezeno
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.istartsurf.com/web/?type=ds& ... B212587&q={searchTerms} -> Nalezeno
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.istartsurf.com/web/?type=ds& ... B212587&q={searchTerms} -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B06233BD-0946-415D-BDF1-6AA59A8D31E8} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B06233BD-0946-415D-BDF1-6AA59A8D31E8} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B06233BD-0946-415D-BDF1-6AA59A8D31E8} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 [UNITED STATES (US)][UNITED STATES (US)][PHILIPPINES (PH)][UNITED STATES (US)] -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2685867222-1597755569-815654481-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2685867222-1597755569-815654481-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 4mi37o5f.default : user_pref("browser.startup.homepage", "http://www.seznam.cz/"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] 77f9ea2da2ea0315794a676ed3efd245
[BSP] 37a3239771826a9248e70b0b8205f8a7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 299900 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 176938 MB
User = LL1 ... OK
User = LL2 ... OK

[huhto]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.8 (11.15.2014:1)
OS: Windows 7 Professional x64
Ran by oem on so 15.11.2014 at 15:52:18,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nextlive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\trolatunt_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\trolatunt_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatetrolatunt_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatetrolatunt_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\trolatunt_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\trolatunt_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatetrolatunt_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatetrolatunt_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3636431A-3EF5-4624-B1D2-FB3BD4A77AE4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{573AB5AA-C156-4FB6-B572-F1C55D9099B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\oem\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\oem\AppData\Roaming\isafe"
Successfully deleted: [Folder] "C:\Users\oem\AppData\Roaming\metacrawler"
Successfully deleted: [Folder] "C:\Users\oem\AppData\Roaming\newnext.me"
Successfully deleted: [Folder] "C:\Users\oem\appdata\local\genienext"
Successfully deleted: [Folder] "C:\Users\oem\appdata\local\globalupdate"
Successfully deleted: [Folder] "C:\Users\oem\appdata\locallow\minibar"
Successfully deleted: [Folder] "C:\Users\oem\appdata\locallow\sitefinder"
Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\suptab"
Successfully deleted: [Folder] "C:\Program Files (x86)\trolatunt"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Emptied folder: C:\Users\oem\AppData\Roaming\mozilla\firefox\profiles\4mi37o5f.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 15.11.2014 at 15:54:54,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[huhto]

tak vše jsem udělal,tak jak jsem na tom ,děkuji

[huhto]

ještě jedna věc,tak jak jsem udělal všechen postup co mi zde byl napsan,nemužu jsi v pc ve win smazat duležite věci že?že bych musel potom přeinstalovat novy win

[huhto]

je tu někdo,kdo se mi teda na to podiva?děkuji

[huhto]

nebo to mam v poho?

[huhto]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15.11.2014
Čas skenování: 18:45:55
Protokol: BBBBB.txt
Správce: Ano

Verze: 2.00.3.1025
Databáze malwaru: v2014.11.15.07
Databáze rootkitů: v2014.11.12.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Sebeobrany: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: oem

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 375363
Uplynulý čas: 6 min, 38 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 38
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [72a18dafadcf2016f9094d718a78916f],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [72a18dafadcf2016f9094d718a78916f],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [f0239ca02d4f46f058f505b7f60c827e],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [f0239ca02d4f46f058f505b7f60c827e],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [f0239ca02d4f46f058f505b7f60c827e],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [f0239ca02d4f46f058f505b7f60c827e],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, , [c74c6ece5923c37353b0c1fd6b97a759],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, , [c74c6ece5923c37353b0c1fd6b97a759],
PUP.Optional.Datamngr.A, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}, , [0e05cc70661690a66d3f836ee61c15eb],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, , [a46f7ac26715ad89d14e0e350df6ec14],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, , [d93a67d5f08c2d097f93693e0004ca36],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, , [bb58f547ff7dee48a3c6033e1ae91ae6],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, , [d142a99386f6fe38bff26bded62d5da3],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [f3205be1daa2d85ed6432f7bfe06a65a],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [b162ae8e6a1296a004163377788cfd03],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [1bf898a41a629e98ea7e73ce63a0649c],
PUP.Optional.DefaultTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DefaultTabSearch, , [ab6862daa8d464d273b8760e80847090],
PUP.Optional.ShopperPro, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPDRIVER_1.37.0.202, , [997a1527aad29d9955a6c979b84beb15],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, , [49cac07c215b2d09ef7f85b17b88b44c],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [42d12a1259238aac036c72c45da67090],
PUP.Optional.WebSearches.A, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, , [5ab9f64614683303a475da6949ba29d7],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [060dc07c90ec023479d9900ba06429d7],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [fa19310b1369c17537aa0e62ea19b749],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [24ef5ae2017b0630fd1cf592986cfe02],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [48cb5ddf0c7076c084a2550bf11248b8],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\CLASSES\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\CLASSES\TYPELIB\{8FB1A663-2820-468B-95C4-5060A4C5F413}, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\CLASSES\INTERFACE\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8FB1A663-2820-468B-95C4-5060A4C5F413}, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\CLASSES\ShopperPro.ShopperProBHO.1, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\CLASSES\ShopperPro.ShopperProBHO, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopperPro.ShopperProBHO, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShopperPro.ShopperProBHO.1, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, , [6aa9d8641c60c07601a29bb4f213867a],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}, , [6aa9d8641c60c07601a29bb4f213867a],

Hodnoty registru: 3
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [d142a99386f6fe38bff26bded62d5da3]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, smt, , [1bf898a41a629e98ea7e73ce63a0649c]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2685867222-1597755569-815654481-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0O1S1D1N0A2Y1Q1D1G, , [24ef5ae2017b0630fd1cf592986cfe02]

Data registru: 2
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=ds& ... B212587&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://www.istartsurf.com/web/?type=ds& ... B212587&q={searchTerms}),,[6ea598a46319d26429ea52ecfd08718f]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://www.istartsurf.com/web/?type=ds& ... B212587&q={searchTerms}, Dobré: (www.google.com), Špatné: (http://www.istartsurf.com/web/?type=ds& ... B212587&q={searchTerms}),,[f91a5ede0c70989e3bd8d06e18ed1ae6]

Složky: 2
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, , [9182e8542a5230067b96dd6d29dad62a],
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader, , [e231c973ee8e0a2cf6079a8e5ba8d32d],

Soubory: 21
PUP.Optional.Somoto.A, C:\Users\oem\AppData\Local\Application Data\Bundled software uninstaller\bi_client (1).exe, , [d63dad8fccb0b581d35c022f18e928d8],
PUP.Optional.Somoto.A, C:\Users\oem\AppData\Local\Application Data\Bundled software uninstaller\bi_client.exe, , [050ee359601c57df5ed1bc75d42dce32],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\ShopperPro, , [93805fdd1e5e78be95cbec597093ec14],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\ShopperProJSUpd, , [0e05bd7f3d3fae8851100243e51e3ec2],
PUP.Optional.ShopperPro, C:\Windows\System32\Tasks\SPDriver, , [82910537f488b3830c566fd66c9716ea],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5b35d1bf-8985-41a7-a5c0-520df08c38cc-1, , [6ca7a29ab2cad561bbf1de6b649fb14f],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5b35d1bf-8985-41a7-a5c0-520df08c38cc-11, , [21f2af8dd7a5f145a804272219ea56aa],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5b35d1bf-8985-41a7-a5c0-520df08c38cc-2, , [25ee82ba6f0d54e2d7d562e7de25eb15],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5b35d1bf-8985-41a7-a5c0-520df08c38cc-3, , [060d53e9443881b5c3e9a5a46c97758b],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5b35d1bf-8985-41a7-a5c0-520df08c38cc-4, , [ad6652ea067645f1bbf1ac9d13f056aa],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5b35d1bf-8985-41a7-a5c0-520df08c38cc-5, , [898a16265d1f03332785d178da29926e],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5b35d1bf-8985-41a7-a5c0-520df08c38cc-5_user, , [7c97a09c4d2ffd395c50cf7afb087987],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\5b35d1bf-8985-41a7-a5c0-520df08c38cc-7, , [28eb42faf3892016525a69e09a69bf41],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, , [9182e8542a5230067b96dd6d29dad62a],
Trojan.BitcoinMiner, C:\Users\oem\AppData\Roaming\miner\minerd.exe, , [33e00834d0ac65d1f5a0bf8d3fc42bd5],
Trojan.BitcoinMiner, C:\Users\oem\AppData\Roaming\miner\start.bat, , [f122f3496d0f57df177fa8a493707090],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, , [a66d6fcd8bf15bdba025a8ff47bd8a76],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, , [42d10f2d0a7272c4e9ddf2b546be8977],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, , [5ab994a8ec90cb6b8f38c9de43c141bf],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, , [957ecd6fa1dbe94d4b7d2e7935cffc04],
PUP.Optional.EZDownloader, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader\EZDownloader.lnk, , [e231c973ee8e0a2cf6079a8e5ba8d32d],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

[huhto]

TO JSEM JEŠTĚ NAŠEL

[memphisto]

V Mbam nech vše smazat a dodej log po smazání

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller


Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.