Kontrola logu

Cowan · Příspěvekod **Cowan** » 09 bře 2015 11:19

PC se začal sekat, zamrzávat, hry se sekají, některé aplikace se nespustí...

Udělal jsem hijackthis, ATF cleaner, TFC, ADWcleaner, MBAM. Logy níže.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:12 AM, on 3/9/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Users\TOM\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\TOM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Users\TOM\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [MSStp] C:\Windows\inf\msstp.vbe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
O4 - HKCU\..\Run: [uTorrent] "C:\Users\TOM\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\TOM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\TOM\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9594 bytes

Reklama

Cowan · Příspěvekod **Cowan** » 09 bře 2015 11:19

# AdwCleaner v4.111 - Logfile created 09/03/2015 at 10:48:57
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : TOM - TOM-PC
# Running from : C:\Users\TOM\Desktop\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Driver Manager
Folder Found : C:\Program Files (x86)\DriverToolkit
Folder Found : C:\Program Files (x86)\Plus500
Folder Found : C:\ProgramData\Driver Manager
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Manager
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus500
Folder Found : C:\Users\TOM\AppData\Local\DriverToolkit
Folder Found : C:\Users\TOM\AppData\Local\Plus500
Folder Found : C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500

***** [ Scheduled tasks ] *****

Task Found : Driver Manager-RTMUpdater
Task Found : Driver Manager-RTMRules
Task Found : Driver Manager-RTMScan

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\46db36386ca78f078544ab15a3285fdc
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DriverToolkit
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DriverToolkit
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177CD779-4EEC-43C5-8DEA-4E0EC103624B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Key Found : HKLM\SOFTWARE\Solvusoft
Key Found : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Mozilla Firefox v36.0.1 (x86 cs)

-\\ Google Chrome v40.0.2214.115

[C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [3465 bytes] - [09/03/2015 10:48:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3524 bytes] ##########

Cowan · Příspěvekod **Cowan** » 09 bře 2015 11:20

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/9/2015
Scan Time: 10:51:59 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.09.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TOM

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350561
Time Elapsed: 10 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Agent.SCR, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSStp, C:\Windows\inf\msstp.vbe, , [1d59321116740531bcfcb32e90736799]

Registry Data: 0
(No malicious items detected)

Folders: 2
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\bitstreams, , [97df2a190684b77f51b291da3cc7d927],

Files: 20
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncomlfy.exe, , [5d191132e6a4f93d81f02920fd05c13f],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncomlfy.exe, , [78fe152eb8d23df9af2f1c1c10f116ea],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncomlfy.exe, , [46304102eb9fc86ee686c7930ff36c94],
Riskware.Keygen, C:\Windows\AutoKMS.exe, , [1c5ace7547430e289f40726229d755ab],
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, , [3145f350652576c004bb5c40768cd42c],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [1d59321116740531bcfcb32e90736799],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\diablo130302.cl, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\diakgcn121016.cl, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\libcurl-4.dll, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\libeay32.dll, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\libidn-11.dll, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\librtmp.dll, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\libssh2.dll, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\mncvcdluu.exe, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\phatk121016.cl, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\poclbm130302.cl, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\scrypt130511.cl, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\ssleay32.dll, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\zlib1.dll, , [97df2a190684b77f51b291da3cc7d927],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [97df2a190684b77f51b291da3cc7d927],

Physical Sectors: 0
(No malicious items detected)

(end)

Příspěvekod **Orcus** » 09 bře 2015 14:34

V HJT fixni a smaž ručně tento soubor:
[MSStp] C:\Windows\inf\msstp.vbe

====================================================

Znovu spusť MbAM a dej Skenovat nyní
Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
Zkopíruj sem celý obsah toho logu.

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Cowan · Příspěvekod **Cowan** » 09 bře 2015 15:22

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/9/2015
Scan Time: 3:10:33 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.09.03
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TOM

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346231
Time Elapsed: 10 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\PluginContainer.exe, 3640, , [7afda3a0ee9cd264ae98337460a3c739]
PUP.Optional.RollAround.A, C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\Updater.exe, 5568, , [b8bf4df61b6f60d663e39f0842c1cf31]

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}, , [0c6b4201d3b757df8c768195f70ce11f],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{506DDB16-455A-4746-AD77-D23228955FD3}, , [0c6b4201d3b757df8c768195f70ce11f],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{22E9CC7A-04B2-4558-A993-763395274E42}, , [0c6b4201d3b757df8c768195f70ce11f],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{22E9CC7A-04B2-4558-A993-763395274E42}, , [0c6b4201d3b757df8c768195f70ce11f],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{506DDB16-455A-4746-AD77-D23228955FD3}, , [0c6b4201d3b757df8c768195f70ce11f],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{83C0E288-8FA0-43D3-ACC7-C1E839D85ABC}, , [0c6b4201d3b757df8c768195f70ce11f],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\RollAround, , [d1a6e95ad2b851e53c1f1592a16220e0],
PUP.Optional.RollAround.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr RollAround, , [7afda3a0ee9cd264ae98337460a3c739],
PUP.Optional.RollAround.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr RollAround, , [b8bf4df61b6f60d663e39f0842c1cf31],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Roll Around, , [e6919ca76f1b1c1a5c511c85cc37e61a],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 12
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy, , [43342e15e8a26ccaa8585613a65d3fc1],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\1703D71D0C2F4726A4409203B375D75A, , [43342e15e8a26ccaa8585613a65d3fc1],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\43C00F1CDC3943B1A8E6D0976E626BBE, , [43342e15e8a26ccaa8585613a65d3fc1],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\4F460AD4D01E47ED8C0FF6506FC5C35A, , [43342e15e8a26ccaa8585613a65d3fc1],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\AB870E120ABF47DE970F154077D716AC, , [43342e15e8a26ccaa8585613a65d3fc1],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\bitstreams, , [adcad96a0a8041f50d2a9fcc34cffc04],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around, , [e6919ca76f1b1c1a5c511c85cc37e61a],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Extensions, , [e6919ca76f1b1c1a5c511c85cc37e61a],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf, , [0077d66d4b3faa8cbd114c550ff45ba5],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins, , [0077d66d4b3faa8cbd114c550ff45ba5],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3, , [0077d66d4b3faa8cbd114c550ff45ba5],

Files: 38
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Extensions\83c0e288-8fa0-43d3-acc7-c1e839d85abc.dll, , [0c6b4201d3b757df8c768195f70ce11f],
PUP.Optional.RollAround.C, C:\Users\TOM\AppData\Roaming\OpenCandy\1703D71D0C2F4726A4409203B375D75A\setup0213.exe, , [3344d073c0ca8caa62fc5fccaa5837c9],
PUP.Optional.Bitcoin, C:\Windows\SysWOW64\acumncomlfy.exe, , [9cdb50f37a10aa8cdcc975d4758d24dc],
PUP.BitCoinMiner, C:\Windows\SysWOW64\lcpmncomlfy.exe, , [73045de683075adcc21b94a4ae5322de],
Trojan.BitMiner, C:\Windows\SysWOW64\dcgmncomlfy.exe, , [fe795ce7f6943105aaf6ed6d867cfd03],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Local\Temp\is-19604.tmp\OCSetupHlp.dll, , [e29554efb2d8c274360e37d04bbb9070],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Local\Temp\is-QI2BJ.tmp\OCSetupHlp.dll, , [a7d0c47f6921de5860e45ea93bcb9c64],
Riskware.Keygen, C:\Windows\AutoKMS.exe, , [2e4913306b1fd363607ec31102fe6f91],
RiskWare.Tool.CK, C:\Windows\KMSEmulator.exe, , [314667dc5a303afc6f84f7a52ad8926e],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [0f68cf7498f22016ef02459cac5717e9],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\PluginContainer.exe, , [7afda3a0ee9cd264ae98337460a3c739],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\Updater.exe, , [b8bf4df61b6f60d663e39f0842c1cf31],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\1703D71D0C2F4726A4409203B375D75A\du.exe, , [43342e15e8a26ccaa8585613a65d3fc1],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\43C00F1CDC3943B1A8E6D0976E626BBE\du.exe, , [43342e15e8a26ccaa8585613a65d3fc1],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\43C00F1CDC3943B1A8E6D0976E626BBE\WebCompanionInstaller.exe, , [43342e15e8a26ccaa8585613a65d3fc1],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\4F460AD4D01E47ED8C0FF6506FC5C35A\du.exe, , [43342e15e8a26ccaa8585613a65d3fc1],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\4F460AD4D01E47ED8C0FF6506FC5C35A\LenovoSHAREit.exe, , [43342e15e8a26ccaa8585613a65d3fc1],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\AB870E120ABF47DE970F154077D716AC\du.exe, , [43342e15e8a26ccaa8585613a65d3fc1],
PUP.Optional.OpenCandy, C:\Users\TOM\AppData\Roaming\OpenCandy\AB870E120ABF47DE970F154077D716AC\pcmechanicpmROW_p1v2.exe, , [43342e15e8a26ccaa8585613a65d3fc1],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\diablo130302.cl, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\diakgcn121016.cl, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\libcurl-4.dll, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\libeay32.dll, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\libidn-11.dll, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\librtmp.dll, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\libssh2.dll, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\mncvcdluu.exe, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\phatk121016.cl, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\poclbm130302.cl, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\scrypt130511.cl, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\ssleay32.dll, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\zlib1.dll, , [adcad96a0a8041f50d2a9fcc34cffc04],
Trojan.Agent.BCM, C:\Windows\inf\mncvcdluu\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [adcad96a0a8041f50d2a9fcc34cffc04],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\7za.exe, , [e6919ca76f1b1c1a5c511c85cc37e61a],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Uninstaller.exe, , [e6919ca76f1b1c1a5c511c85cc37e61a],
PUP.Optional.RollAround.A, C:\Program Files (x86)\Roll Around\Extensions\{120d139c-badc-425d-b697-9b0ae489425e}.xpi, , [e6919ca76f1b1c1a5c511c85cc37e61a],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\temp, , [0077d66d4b3faa8cbd114c550ff45ba5],
PUP.Optional.RollAround.A, C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\Plugin.exe, , [0077d66d4b3faa8cbd114c550ff45ba5],

Physical Sectors: 0
(No malicious items detected)

(end)

Cowan · Příspěvekod **Cowan** » 09 bře 2015 15:34

# AdwCleaner v4.111 - Logfile created 09/03/2015 at 15:25:45
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : TOM - TOM-PC
# Running from : C:\Users\TOM\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : Service Mgr RollAround
Service Deleted : Update Mgr RollAround

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Driver Manager
Folder Deleted : C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus500
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Manager
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
Folder Deleted : C:\Program Files (x86)\Plus500
Folder Deleted : C:\Program Files (x86)\Driver Manager
Folder Deleted : C:\Program Files (x86)\DriverToolkit
Folder Deleted : C:\Program Files (x86)\Common Files\2a617352-d396-46a3-a71b-5d89535356cf
Folder Deleted : C:\Users\TOM\AppData\Local\Temp\Roll Around
Folder Deleted : C:\Users\TOM\AppData\Local\Plus500
Folder Deleted : C:\Users\TOM\AppData\Local\DriverToolkit
Folder Deleted : C:\Users\TOM\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\TOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500

***** [ Scheduled tasks ] *****

Task Deleted : Driver Manager-RTMUpdater
Task Deleted : Driver Manager-RTMRules
Task Deleted : Driver Manager-RTMScan

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\46db36386ca78f078544ab15a3285fdc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DriverToolkit
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Solvusoft
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177CD779-4EEC-43C5-8DEA-4E0EC103624B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

-\\ Mozilla Firefox v36.0.1 (x86 cs)

-\\ Google Chrome v40.0.2214.115

[C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

-\\ Chromium v

[C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\TOM\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3635 bytes] - [09/03/2015 10:48:57]
AdwCleaner[R1].txt - [5726 bytes] - [09/03/2015 15:23:53]
AdwCleaner[S0].txt - [5870 bytes] - [09/03/2015 15:25:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5929 bytes] ##########

Cowan · Příspěvekod **Cowan** » 09 bře 2015 15:42

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Ultimate x64
Ran by TOM on Mon 03/09/2015 at 15:37:41.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\DriverToolkit Autorun.job

~~~ Folders

Successfully deleted: [Folder] "C:\Users\TOM\appdata\local\pc_drivers_headquarters"

~~~ FireFox

Emptied folder: C:\Users\TOM\AppData\Roaming\mozilla\firefox\profiles\0gna7ih6.default\minidumps [34 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/09/2015 at 15:40:52.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cowan · Příspěvekod **Cowan** » 09 bře 2015 16:20

RogueKiller V10.5.2.0 (x64) [Mar 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TOM [Administrator]
Started from : C:\Users\TOM\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 03/09/2015 16:15:51

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] SpotifyWebHelper.exe(2600) -- C:\Users\TOM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\TOM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify : "C:\Users\TOM\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\TOM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify : "C:\Users\TOM\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub (system32\drivers\tsusbhub.sys) -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 812639f846e84d5f48ffa8958fe96bbf
[BSP] 36af098e76f333604175b496ef901f66 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_09072014_212932.log - RKreport_DEL_09122014_141515.log - RKreport_SCN_09072014_193620.log - RKreport_SCN_09072014_212918.log
RKreport_SCN_09122014_141423.log

Příspěvekod **jaro3** » 09 bře 2015 18:32

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

Cowan · Příspěvekod **Cowan** » 10 bře 2015 09:44

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/10/2015
Scan Time: 9:26:30 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.10.02
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TOM

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346327
Time Elapsed: 16 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Příspěvekod **jaro3** » 10 bře 2015 10:38

A to další?

Cowan · Příspěvekod **Cowan** » 10 bře 2015 11:12

RogueKiller V10.5.2.0 (x64) [Mar 9 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TOM [Administrator]
Started from : C:\Users\TOM\Desktop\RogueKillerX64.exe
Mode : Delete -- Date : 03/10/2015 11:12:06

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] SpotifyWebHelper.exe(2180) -- C:\Users\TOM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\TOM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [7] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify : "C:\Users\TOM\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart [7][x][x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\TOM\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify : "C:\Users\TOM\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart -> ERROR [2]
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tsusbhub (system32\drivers\tsusbhub.sys) -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3772393103-1989253770-2045647073-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Replaced (0)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Deleted

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 6 ¤¤¤
[FIREFX:Addon] 0gna7ih6.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Deleted
[FIREFX:Addon] 0gna7ih6.default : DownThemAll! [{DDC359D1-844A-42a7-9AA1-88A850A938A8}] -> Deleted
[FIREFX:Addon] 0gna7ih6.default : PrintPDF [printpdf@pavlov.net] -> Deleted
[FIREFX:Addon] 0gna7ih6.default : Print pages to Pdf [printPages2Pdf@reinhold.ripper] -> Deleted
[FIREFX:Addon] 0gna7ih6.default : Firebug [firebug@software.joehewitt.com] -> Deleted
[FIREFX:Addon] 0gna7ih6.default : Quick Translator [{5C655500-E712-41e7-9349-CE462F844B19}] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 812639f846e84d5f48ffa8958fe96bbf
[BSP] 36af098e76f333604175b496ef901f66 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_09072014_212932.log - RKreport_DEL_09122014_141515.log - RKreport_SCN_03092015_161551.log - RKreport_SCN_09072014_193620.log
RKreport_SCN_09072014_212918.log - RKreport_SCN_09122014_141423.log - RKreport_SCN_03102015_111104.log

Kontrola logu Vyřešeno

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Kdo je online