Log z MBAM Vyřešeno

[cobr4in]

Nazdar,

prosím o kontrolu logu z MBAM:

Kód: Vybrat vše

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8. 2. 2015
Scan Time: 1:31:21
Logfile: log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.07.10
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: cobr4in

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329290
Time Elapsed: 4 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1256, , [980ed04b71190b2ba4240b5b02fe9868]

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [980ed04b71190b2ba4240b5b02fe9868],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64, , [6d3936e53b4f94a2e1e8594d9c679e62],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [4d59c952cbbf4beb6e168043877cb14f],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [3076cb50ff8b0d292afd62298281837d],
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, , [6e381803fd8d49edaef0e21b1ee609f7],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, , [70368695ef9b7eb8295b715249ba9d63],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [4c5a2bf08604bd79658d059b60a39e62],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [03a3b269afdb47efb2754e48f1120ff1],
PUP.Optional.Cinema.A, HKU\S-1-5-21-1187842480-2532027073-278142579-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaP-1.9cV30.01-nv-ie, , [772f021990fa42f411e86b3460a3bf41],
PUP.Optional.SavePass.A, HKU\S-1-5-21-1187842480-2532027073-278142579-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SavePass 1.1-nv-ie, , [aafc4bd013772b0bb59dbee5d62df808],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1187842480-2532027073-278142579-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, , [3f674fcc4b3fc67054bd435ad13204fc],
PUP.Optional.Qone8, HKU\S-1-5-21-1187842480-2532027073-278142579-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [9e082af14c3e280eda6d19d8ac588779],

Registry Values: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, obw, , [4c5a2bf08604bd79658d059b60a39e62]

Registry Data: 14
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176),,[b3f3c3587218b5814cd306b2798cc33d]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://isearch.omiga-plus.com/web/?type=ds&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}),,[4f57bc5fc6c4053133f0b4040cf9f40c]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176),,[f5b184971b6f6ccafa280cacd72e8e72]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176),,[f8aed14a513905316fb56454cf3652ae]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga-plus.com/web/?type=ds&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}),,[d9cda675f49642f4c6613c7c1aebd32d]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176),,[56500615345678be60bf3a7e000515eb]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://isearch.omiga-plus.com/web/?type=ds&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}),,[2680cb50593165d1fc27c9efe71e9868]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176),,[6c3a4bd0870382b446dce6d25baa3cc4]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176),,[4d59e833414943f39f85c4f43ec708f8]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga-plus.com/web/?type=ds&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1423012074&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}),,[673ff12a12788fa7ba6dc5f3ab5af10f]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-1187842480-2532027073-278142579-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga-plus.com/web/?type=dspp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=dspp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}),,[7a2c82995a303bfbbf78f5b5fa0b6799]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-1187842480-2532027073-278142579-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176),,[7b2b2dee5e2c61d5da432395fc09b749]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-1187842480-2532027073-278142579-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/?type=hppp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176),,[7333af6c206a85b152cac7f1ea1b23dd]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-1187842480-2532027073-278142579-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://isearch.omiga-plus.com/web/?type=dspp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=dspp&ts=1423012087&from=obw&uid=WDCXWD1002FAEX-00Y9A0_WD-WCAW3168017680176&q={searchTerms}),,[1393d7441476a096300609a134d1d828]

Folders: 4
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [ccdad3488bff171f1c715f06996ab64a],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [ccdad3488bff171f1c715f06996ab64a],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [5d490912503abf77d460cfb30af9916f],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [5d490912503abf77d460cfb30af9916f],

Files: 23
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [980ed04b71190b2ba4240b5b02fe9868],
PUP.Optional.CrossRider.A, C:\Users\cobr4in\AppData\Roaming\GRICHKA.exe, , [1393ff1c3d4d132324c6d216a85dbd43],
PUP.Optional.CrossRider.A, C:\Users\cobr4in\AppData\Local\Temp\setup.exe, , [9c0a51caabdf2a0c7f8bbf5e927001ff],
PUP.Optional.Amonetize, C:\Users\cobr4in\AppData\Local\Temp\DivX.Web.Player.Installer__8420_i1465122039_il203784.exe, , [426446d5cfbb85b113e49d7751b1d52b],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{4889ddce-7a83-45e6-afc9-1e4f1149fff4}Gw64.sys, , [6d3936e53b4f94a2e1e8594d9c679e62],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3653bfbb-501c-413a-b9b3-d4a829f7492a-1-6, , [7a2c0219e6a412245b76fcacb3507f81],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3653bfbb-501c-413a-b9b3-d4a829f7492a-1-7, , [c0e663b8c5c594a28f42a5039f64639d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3653bfbb-501c-413a-b9b3-d4a829f7492a-10_user, , [eeb818038802ef475a771296cd367090],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3653bfbb-501c-413a-b9b3-d4a829f7492a-5, , [e6c0d9426c1e44f2428f9f09c93a2ed2],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3653bfbb-501c-413a-b9b3-d4a829f7492a-5_user, , [cbdb30eba4e650e67e53b2f6c43f8b75],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3653bfbb-501c-413a-b9b3-d4a829f7492a-6, , [9610d04b395101351cb5dccc5fa412ee],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\3653bfbb-501c-413a-b9b3-d4a829f7492a-7, , [c9dd8e8de9a1b086ece59f0909fa8779],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\53137b75-c7fe-4893-9b71-e2dc10801d8c-1-6, , [198d2af168220c2af4ddf1b7c63d1ae6],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\53137b75-c7fe-4893-9b71-e2dc10801d8c-1-7, , [e4c2bf5ca6e4f442e9e8891f37cc7090],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\53137b75-c7fe-4893-9b71-e2dc10801d8c-5, , [683e2eede5a5f73f6d647c2ccb3858a8],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\53137b75-c7fe-4893-9b71-e2dc10801d8c-6, , [71351506abdf5cda23aeddcb9b6815eb],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\53137b75-c7fe-4893-9b71-e2dc10801d8c-7, , [0e988398b4d64de94091a9ff42c1f10f],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\temp_3653bfbb-501c-413a-b9b3-d4a829f7492a-1-6, , [7d292eed177348ee1f73898634d1d22e],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\temp_3653bfbb-501c-413a-b9b3-d4a829f7492a-6, , [9610af6c404aec4a385a7996689d56aa],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\temp_53137b75-c7fe-4893-9b71-e2dc10801d8c-1-6, , [b3f3859636543df9e5ad2ae50cf944bc],
PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\temp_53137b75-c7fe-4893-9b71-e2dc10801d8c-6, , [d6d073a8652551e5bdd5dd3228dd26da],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [ccdad3488bff171f1c715f06996ab64a],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, , [5d490912503abf77d460cfb30af9916f],

Physical Sectors: 0
(No malicious items detected)


(end)

Díky moc.

[Reklama]

[jaro3]

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

[cobr4in]

Prepáč, ale z nejakého dôvodu mi neponúklo export .txt súboru. V zložke s logmi sa nachádzajú tieto dve .xml položky:
mbam-log-2015-02-08 (12-59-08)
a
protection-log-2015-02-08
Ktorá je tá správna?

[jaro3]

smazalo se vše? Myslím do karantény. Máš nějaké problémy?

[cobr4in]

Tak ja som nejaké problémy nemal, len preventívne som to spravil a dosť ma prekvapilo, že našlo toho toľko.
Áno, v karanténe je všetko, ale čo ak program odinštalujem, neobnovia sa tie súbory z karantény?

[jaro3]

Neobnový , ale já bych si program nechal.

[cobr4in]

Tak je to len trial verzia a okrem toho používam aj NOD32, tak asi by sa to bilo.
Inak nie je lepšie súbory rovno zmazať? Na čo karanténa?

[jaro3]

Můžeš smazat.

MbAM nevadí antivirům.

No ten "trial" tady pořád používáme , stačí jen klik na "Skenovat nyní" a už to fičí..