Prosím o kontrolu logu - sekání her

[Zlatopalcův Medovar]

Zdar,prosím o kontolu. Hry,které bych měl vpohodě rozjet se mi sekají,přitom dříve šly normálně.

[Reklama]

[strangereu]

A kde ten log máš ?
Z prstu si nevycucám tvůj log...

[Zlatopalcův Medovar]

Jo promiň,nevím proč se to nezkopírovalo.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:01:42, on 8.6.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Users\Admin\AppData\Roaming\update_tc\update.exe
C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Users\Admin\AppData\Roaming\update_tc\ab6b302125\sndhelperv_3.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\AI Suite II\AsAPHider\AsAPHider.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Admin\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SoundUpdateHelper2] C:\Users\Admin\AppData\Roaming\update_tc\update.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0126E96C-D256-49A3-A71A-324229F5D87C}: NameServer = 212.111.0.10,194.213.32.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{0126E96C-D256-49A3-A71A-324229F5D87C}: NameServer = 212.111.0.10,194.213.32.237
O17 - HKLM\System\CS2\Services\Tcpip\..\{0126E96C-D256-49A3-A71A-324229F5D87C}: NameServer = 212.111.0.10,194.213.32.237
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files\ASUS\AAHM\1.00.13\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 8488 bytes

[strangereu]

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

--
memphisto promiň, že jsem ti ukradl práci a uvolnil čas na pár vteřin

[Zlatopalcův Medovar]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.08.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Admin :: ADMIN-PC [administrator]

Protection: Enabled

8.6.2013 17:15:24
MBAM-log-2013-06-08 (17-30-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213079
Time elapsed: 13 minute(s), 37 second(s)

Memory Processes Detected: 1
C:\Users\Admin\AppData\Roaming\update_tc\ab6b302125\sndhelperv_3.exe (Trojan.BCMiner) -> 904 -> No action taken.

Memory Modules Detected: 2
C:\Users\Admin\AppData\Roaming\update_tc\ab6b302125\miner.dll (PUP.BitCoinMiner) -> No action taken.
C:\Users\Admin\AppData\Roaming\update_tc\ab6b302125\usft_ext.dll (PUP.BitCoinMiner) -> No action taken.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Admin\AppData\Roaming\update_tc\ab6b302125\sndhelperv_3.exe (Trojan.BCMiner) -> No action taken.
C:\Users\Admin\AppData\Roaming\update_tc\ab6b302125\miner.dll (PUP.BitCoinMiner) -> No action taken.
C:\Users\Admin\AppData\Roaming\update_tc\ab6b302125\usft_ext.dll (PUP.BitCoinMiner) -> No action taken.
C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> No action taken.

(end)

[Zlatopalcův Medovar]

# AdwCleaner v2.302 - Logfile created 06/08/2013 at 17:32:22
# Updated 06/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Admin - ADMIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : BCUService
Found : BrowserProtect

***** [Files / Folders] *****

File Found : C:\user.js
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Found : C:\Program Files\DeviceVM
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\DeviceVM
Folder Found : C:\Users\Admin\AppData\LocalLow\tuvaro
Folder Found : C:\Users\Admin\AppData\Roaming\Babylon
Folder Found : C:\Users\Admin\AppData\Roaming\DeviceVM
Folder Found : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\d55ded9bc3dec43
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\DeviceVM
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\PIP
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Found : HKLM\SOFTWARE\d55ded9bc3dec43
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\Software\PIP
Key Found : HKU\S-1-5-21-304314829-1288621032-585611354-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www1.delta-search.com/?affID=119 ... 6D0413C9E3

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3094 octets] - [08/06/2013 17:32:22]

########## EOF - C:\AdwCleaner[R1].txt - [3154 octets] ##########

[strangereu]

Další rady ti poskytne memphisto, jen jsem mu usnadnil práci.

[Žbeky]

papam7 mi radši hodně rychle zmizí z očí

Odinstaluj SUPERAntiSpyware

V HJT fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SoundUpdateHelper2] C:\Users\Admin\AppData\Roaming\update_tc\update.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O15 - Trusted Zone: http://*.aeriagames.com
O20 - AppInit_DLLs: c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“)
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt), jeho obsah sem celý vlož.

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si RogueKiller
32bit:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a WIN7 spusť program jako správce, u XP poklepáním.
- Počkej až skončí Prescan.
- Zkontroluj, zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
- Potom klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“ - celý obsah logu sem zkopíruj.
Pokud je program blokován, zkus ho spustit několikrát. Pokud dále program nepůjde spustit, přejmenuj ho na winlogon.exe.

[Zlatopalcův Medovar]

# AdwCleaner v2.302 - Logfile created 06/08/2013 at 20:20:00
# Updated 06/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Admin - ADMIN-PC
# Boot Mode : Normal
# Running from : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BCUService
Stopped & Deleted : BrowserProtect

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\BrowserProtect
File Deleted : C:\user.js
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\Program Files\DeviceVM
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\Users\Admin\AppData\LocalLow\tuvaro
Folder Deleted : C:\Users\Admin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Admin\AppData\Roaming\DeviceVM
Folder Deleted : C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\d55ded9bc3dec43
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\d55ded9bc3dec43
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKU\S-1-5-21-304314829-1288621032-585611354-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3223 octets] - [08/06/2013 17:32:22]
AdwCleaner[S1].txt - [2998 octets] - [08/06/2013 20:20:00]

########## EOF - C:\AdwCleaner[S1].txt - [3058 octets] ##########

[Zlatopalcův Medovar]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
http://www.malwarebytes.org

Database version: v2013.06.08.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
Admin :: ADMIN-PC [administrator]

Protection: Enabled

8.6.2013 20:25:47
mbam-log-2013-06-08 (20-25-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212687
Time elapsed: 11 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Users\Admin\AppData\Roaming\update_tc\ab6b302125\miner.dll (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Roaming\update_tc\ab6b302125\sndhelperv_3.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
C:\Users\Admin\AppData\Roaming\update_tc\ab6b302125\usft_ext.dll (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\MP3 Downloader.lnk (Rogue.Link) -> Quarantined and deleted successfully.

(end)

[Zlatopalcův Medovar]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Scan -- Date : 06/08/2013 20:47:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] Hoolapp For Android : C:\Users\Admin\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND
[TASK][SUSP PATH] Hoolapp Init : C:\Users\Admin\AppData\Roaming\HoolappForAndroid\Hoolapp.exe /Minimized [x] -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{0126E96C-D256-49A3-A71A-324229F5D87C} : NameServer (212.111.0.10,194.213.32.237) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{0126E96C-D256-49A3-A71A-324229F5D87C} : NameServer (212.111.0.10,194.213.32.237) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x832E1DA5 -> HOOKED (Unknown @ 0x86B35A20)
SSDT[14] : NtAlertThread @ 0x83234CC7 -> HOOKED (Unknown @ 0x86B35B00)
SSDT[19] : NtAllocateVirtualMemory @ 0x8322DCBC -> HOOKED (Unknown @ 0x86B3C438)
SSDT[22] : NtAlpcConnectPort @ 0x8327956E -> HOOKED (Unknown @ 0x86AED3D8)
SSDT[43] : NtAssignProcessToJobObject @ 0x832030BE -> HOOKED (Unknown @ 0x86B39818)
SSDT[74] : NtCreateMutant @ 0x8321434C -> HOOKED (Unknown @ 0x86B39DC0)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x832059C6 -> HOOKED (Unknown @ 0x86B3CD48)
SSDT[87] : NtCreateThread @ 0x832DFFE2 -> HOOKED (Unknown @ 0x86B3A990)
SSDT[88] : NtCreateThreadEx @ 0x8327449B -> HOOKED (Unknown @ 0x86B3CE38)
SSDT[96] : NtDebugActiveProcess @ 0x832B1EAA -> HOOKED (Unknown @ 0x86B398F8)
SSDT[111] : NtDuplicateObject @ 0x83235761 -> HOOKED (Unknown @ 0x86B3A6D8)
SSDT[131] : NtFreeVirtualMemory @ 0x830BC81C -> HOOKED (Unknown @ 0x86B3C278)
SSDT[145] : NtImpersonateAnonymousToken @ 0x831F9962 -> HOOKED (Unknown @ 0x86B39EB0)
SSDT[147] : NtImpersonateThread @ 0x8327D962 -> HOOKED (Unknown @ 0x86B39F90)
SSDT[155] : NtLoadDriver @ 0x831C9C32 -> HOOKED (Unknown @ 0x869E6048)
SSDT[168] : NtMapViewOfSection @ 0x8324A5F1 -> HOOKED (Unknown @ 0x86B3C178)
SSDT[177] : NtOpenEvent @ 0x83213D48 -> HOOKED (Unknown @ 0x86B39CE0)
SSDT[190] : NtOpenProcess @ 0x83215B93 -> HOOKED (Unknown @ 0x86B3A878)
SSDT[191] : NtOpenProcessToken @ 0x8326836F -> HOOKED (Unknown @ 0x86B3C508)
SSDT[194] : NtOpenSection @ 0x8326D9EB -> HOOKED (Unknown @ 0x86B39B20)
SSDT[198] : NtOpenThread @ 0x832620EE -> HOOKED (Unknown @ 0x86B3A7A8)
SSDT[215] : NtProtectVirtualMemory @ 0x83246651 -> HOOKED (Unknown @ 0x86B3CF38)
SSDT[304] : NtResumeThread @ 0x832746C2 -> HOOKED (Unknown @ 0x86B35BE0)
SSDT[316] : NtSetContextThread @ 0x832E1851 -> HOOKED (Unknown @ 0x86B35E80)
SSDT[333] : NtSetInformationProcess @ 0x8323C875 -> HOOKED (Unknown @ 0x86B35F60)
SSDT[350] : NtSetSystemInformation @ 0x8325237A -> HOOKED (Unknown @ 0x86B399D8)
SSDT[366] : NtSuspendProcess @ 0x832E1CDF -> HOOKED (Unknown @ 0x86B39C00)
SSDT[367] : NtSuspendThread @ 0x8329919B -> HOOKED (Unknown @ 0x86B35CC0)
SSDT[370] : NtTerminateProcess @ 0x8325ED86 -> HOOKED (Unknown @ 0x86B3AA70)
SSDT[371] : NtTerminateThread @ 0x8327C69B -> HOOKED (Unknown @ 0x86B35DA0)
SSDT[385] : NtUnmapViewOfSection @ 0x832689AA -> HOOKED (Unknown @ 0x86B3C098)
SSDT[399] : NtWriteVirtualMemory @ 0x83263A83 -> HOOKED (Unknown @ 0x86B3C368)
S_SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8682F9D0)
S_SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x87820300)
S_SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x879FBE00)
S_SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x86809428)
S_SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x86B4DDF0)
S_SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x8671B008)
S_SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x8680B120)
S_SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x87C560B0)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x87A14AD0)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x867E46B0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-007AA0 ATA Device +++++
--- User ---
[MBR] 1a86fd64952cb3c8dbf34dd257209a36
[BSP] 8e2c31f611748354ff4a79bb592eea95 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_06082013_02d2047.txt >>
RKreport[1]_S_06082013_02d2047.txt

[Žbeky]

Zavři všechny programy a prohlížeče.
Odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller (Pro Windows Vista nebo WIN7 klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status box zobrazuje "Scan" "
- Klikni na "Delete"
- Počkej, dokud status box zobrazuje "Smazání - Finished"
- Klikni na "Zprávy", zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [1].txt na ploše.
- Zavři RogueKiller