Minerd.exe + možná další potvory - Prosím o kontrolu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Zamčeno
Uživatelský avatar
Karlik
Level 4
Level 4
Příspěvky: 1007
Registrován: červenec 13
Bydliště: továrna na čokoládu
Pohlaví: Muž
Stav:
Offline

Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod Karlik » 22 úno 2014 20:41

odkaz na původní téma: http://www.pc-help.cz/viewtopic.php?f=47&t=127550

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:30:30, on 22.2.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 33.0.1750.117
FIREFOX: 26.0 (cs)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\PetrS\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myplaycity.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (file missing)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Games\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (file missing)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [mine] C:\Users\Public\Documents\pooler-cpuminer-2.3.2-win64\nieco.vbs
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] D:\Games\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PetrS\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SysProc] C:\Users\Public\Public\run_shc.lnk
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Games\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Games\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Games\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Games\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Games\Skype\Updater\Updater.exe

--
End of file - 9684 bytes
PC:
CPU: Intel Core i3-4150 Processor + Cooler Master TPC 600 pasivně
MB: GIGABYTE GA-B85M-D3H rev 1.1,
RAM: Kingston HyperX Fury white 4GB DDR3 1866 (2x)
GPU: MSI GTX 750Ti Gaming
HDD: Samsung 320GB, Seagate Barracuda 1TB, Kingston V300 120GB
Case: Sama Carbon Cube
PSU: Chieftec 500W
Windows 8.1
Nahoru
Reklama
Top
Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10645
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod Orcus » 22 úno 2014 20:47

V HJT fixni:
O4 - HKLM\..\Run: [mine] C:\Users\Public\Documents\pooler-cpuminer-2.3.2-win64\nieco.vbs

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

===================================================

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

====================================================

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
Láska hřeje, ale uhlí je uhlí. :fire:


Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix

Pokud budete spokojeni , můžete podpořit naše fórum.
Nahoru
Uživatelský avatar
Karlik
Level 4
Level 4
Příspěvky: 1007
Registrován: červenec 13
Bydliště: továrna na čokoládu
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod Karlik » 22 úno 2014 21:04

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org

Verze: v2014.02.22.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
PetrS :: PETRS-CE9D8505A [administrátor]

Ochrana: Zakázána

22.2.2014 20:57:48
MBAM-log-2014-02-22 (21-02-11).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 208435
Uplynulý čas: 4 minut, 7 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 17
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F} (PUP.Optional.SearchYa) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E} (PUP.Optional.SearchYa) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} (PUP.Optional.Incredibar) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} (PUP.Optional.Incredibar) -> Nebyla provedena žádná instrukce.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.Optional.FunMoods.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Speedchecker Limited\PC Speed Up (PUP.Optional.PCSpeedUp.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SysProc (Trojan.BitcoinMiner) -> Data: C:\Users\Public\Public\run_shc.lnk -> Nebyla provedena žádná instrukce.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0V1C1K1M1D0L0BtF0ZtH0U -> Nebyla provedena žádná instrukce.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {27E56309-1AF7-11E2-A21A-001FD056D99F} -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Mozilla\Firefox\extensions|{336D0C35-8A85-403a-B9D2-65C292C39087} (PUP.Optional.Incredibar) -> Data: C:\Program Files\Web Assistant\Firefox -> Nebyla provedena žádná instrukce.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {27E56309-1AF7-11E2-A21A-001FD056D99F} -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Špatný: (1) Dobrý: (0) -> Nebyla provedena žádná instrukce.

Nalezené složky: 1
C:\Users\Public\Public (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 10
C:\WINDOWS\Installer\14b6cb7.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\Users\Public\Public\run.vbs (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Users\Public\Public\game.bat (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Users\Public\Public\game.vbs (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Users\Public\Public\libcurl.dll (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Users\Public\Public\mining_proxy.exe (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Users\Public\Public\pthreadGC2.dll (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Users\Public\Public\run.bat (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Users\Public\Public\run_shc.lnk (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.
C:\Users\Public\Public\zlib1.dll (Trojan.BitcoinMiner) -> Nebyla provedena žádná instrukce.

(konec)
PC:
CPU: Intel Core i3-4150 Processor + Cooler Master TPC 600 pasivně
MB: GIGABYTE GA-B85M-D3H rev 1.1,
RAM: Kingston HyperX Fury white 4GB DDR3 1866 (2x)
GPU: MSI GTX 750Ti Gaming
HDD: Samsung 320GB, Seagate Barracuda 1TB, Kingston V300 120GB
Case: Sama Carbon Cube
PSU: Chieftec 500W
Windows 8.1
Nahoru
Uživatelský avatar
Karlik
Level 4
Level 4
Příspěvky: 1007
Registrován: červenec 13
Bydliště: továrna na čokoládu
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod Karlik » 22 úno 2014 21:21

AdwCleaner:
# AdwCleaner v3.019 - Report created 22/02/2014 at 21:12:25
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : PetrS - PETRS-CE9D8505A
# Running from : C:\Documents and Settings\PetrS\Plocha\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\PetrS\Data aplikací\Mozilla\Firefox\Profiles\xa09v5uc.default\user.js
File Found : C:\Documents and Settings\PetrS\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Found : C:\Documents and Settings\PetrS\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\WINDOWS\Tasks\YourFile Update.job
Folder Found C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Found C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Found C:\Documents and Settings\All Users\Data aplikací\SweetIM
Folder Found C:\Documents and Settings\All Users\Data aplikací\Trymedia
Folder Found C:\Documents and Settings\PetrS\Data aplikací\Mozilla\Firefox\Profiles\xa09v5uc.default\Smartbar
Folder Found C:\Documents and Settings\PetrS\Local Settings\Data aplikací\Conduit
Folder Found C:\Documents and Settings\PetrS\Local Settings\Data aplikací\uTorrentControl_v2
Folder Found C:\Program Files\~Web Assistant
Folder Found C:\Program Files\MyPC Backup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\uTorrentControl_v2
Key Found : HKCU\Software\Web Assistant
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKCU\Software\wscontb
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E07803C-46A7-45A7-B156-7A3C3D3AF5D1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDCE1073-9CA8-414B-8D11-4E39CBFEA438}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Found : HKLM\Software\Speedchecker Limited
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Trymedia Systems
Key Found : HKLM\Software\uTorrentControl_v2
Key Found : HKLM\Software\Web Assistant
Key Found : HKLM\Software\YourFileDownloader
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\Downloader.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\YourFile.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page] - hxxp://search.babylon.com/?affID=112555 ... 1fd056d99f

-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Documents and Settings\PetrS\Data aplikací\Mozilla\Firefox\Profiles\xa09v5uc.default\prefs.js ]

Line Found : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1Live\",\"url\":\"hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a\"}");
Line Found : user_pref("CT2319825.1000234.TWC_TMP_city", "LIBEN");
Line Found : user_pref("CT2319825.1000234.TWC_TMP_country", "CZ");
Line Found : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2319825.FirstTime", "true");
Line Found : user_pref("CT2319825.FirstTimeFF3", "true");
Line Found : user_pref("CT2319825.ID", "50261380");
Line Found : user_pref("CT2319825.SearchFromAddressBarUrl", "");
Line Found : user_pref("CT2319825.UserID", "UN69386447744621577");
Line Found : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT2319825.autoDisableScopes", 0);
Line Found : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT2319825.defaultSearch", "true");
Line Found : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT2319825.enableAlerts", "always");
Line Found : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT2319825.firstTimeDialogOpened", "true");
Line Found : user_pref("CT2319825.fixPageNotFoundError", "true");
Line Found : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT2319825.fixUrls", true);
Line Found : user_pref("CT2319825.installId", "");
Line Found : user_pref("CT2319825.installType", "");
Line Found : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2319825.isNewTabEnabled", true);
Line Found : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT2319825.keyword", true);
Line Found : user_pref("CT2319825.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.redtube.com%2F204999\",\"EB_MAIN_FRAME_TITLE\":\"Haruka%20Aida%20hot%20blowjob%20and%20c[...]
Line Found : user_pref("CT2319825.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT2319825.openThankYouPage", "false");
Line Found : user_pref("CT2319825.openUninstallPage", "true");
Line Found : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Line Found : user_pref("CT2319825.search.searchCount", "0");
Line Found : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2319825\"}");
Line Found : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Winload.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Winload\"}");
Line Found : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1347965473017");
Line Found : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1347965472538");
Line Found : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1347965476421");
Line Found : user_pref("CT2319825.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347965541419");
Line Found : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1347965474542");
Line Found : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1347965468696");
Line Found : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1347965468509");
Line Found : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1347965474501");
Line Found : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1347972744315");
Line Found : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1347965472623");
Line Found : user_pref("CT2319825.settingsINI", true);
Line Found : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Line Found : user_pref("CT2319825.smartbar.Uninstall", "0");
Line Found : user_pref("CT2319825.smartbar.homepage", true);
Line Found : user_pref("CT2319825.smartbar.isHidden", true);
Line Found : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Line Found : user_pref("CT2319825.toolbarBornServerTime", "18-9-2012");
Line Found : user_pref("CT2319825.toolbarCurrentServerTime", "18-9-2012");
Line Found : user_pref("CT3220468.BT_Stats", "{\"last_log\":1350765371,\"uuid\":512966540411963,\"seq_id\":1,\"ssb\":1350765371}");
Line Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.FirstTime", "true");
Line Found : user_pref("CT3220468.FirstTimeFF3", "true");
Line Found : user_pref("CT3220468.SearchFromAddressBarUrl", "");
Line Found : user_pref("CT3220468.UserID", "UN98628015307443589");
Line Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3220468.autoDisableScopes", 0);
Line Found : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3220468.cbfirsttime", "Sat Oct 20 2012 22:36:10 GMT+0200");
Line Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3220468.enableAlerts", "always");
Line Found : user_pref("CT3220468.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3220468.fixUrls", true);
Line Found : user_pref("CT3220468.installId", "fft123.tmp.exe");
Line Found : user_pref("CT3220468.installType", "XPE");
Line Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.isNewTabEnabled", true);
Line Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.keyword", true);
Line Found : user_pref("CT3220468.navigationAliasesJson", "");
Line Found : user_pref("CT3220468.openThankYouPage", "true");
Line Found : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Found : user_pref("CT3220468.search.searchCount", "0");
Line Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "");
Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350765367000");
Line Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1350765366961");
Line Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350765367293");
Line Found : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1350765377554");
Line Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350765367183");
Line Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1350765364952");
Line Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1350765363482");
Line Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350765367256");
Line Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1350765377606");
Line Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1350765366982");
Line Found : user_pref("CT3220468.settingsINI", true);
Line Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Found : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Found : user_pref("CT3220468.smartbar.homepage", true);
Line Found : user_pref("CT3220468.smartbar.isHidden", true);
Line Found : user_pref("CT3220468.smartbar.toolbarName", "");
Line Found : user_pref("CT3220468.startPage", "TRUE");
Line Found : user_pref("CT3220468.toolbarBornServerTime", "20-10-2012");
Line Found : user_pref("CT3220468.toolbarCurrentServerTime", "20-10-2012");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "");
Line Found : user_pref("extensions.incredibar.actvtyRptTime", "1347027161571");
Line Found : user_pref("extensions.incredibar.admin", false);
Line Found : user_pref("extensions.incredibar.aflt", "orgnl");
Line Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Line Found : user_pref("extensions.incredibar.cntry", "CZ");
Line Found : user_pref("extensions.incredibar.dfltLng", "EN");
Line Found : user_pref("extensions.incredibar.dfltSrch", false);
Line Found : user_pref("extensions.incredibar.dfltlng", "en");
Line Found : user_pref("extensions.incredibar.dfltsrch", "false");
Line Found : user_pref("extensions.incredibar.did", "10671");
Line Found : user_pref("extensions.incredibar.envrmnt", "production");
Line Found : user_pref("extensions.incredibar.excTlbr", false);
Line Found : user_pref("extensions.incredibar.hdrMd5", "FF4B947A5947102E2B982E71F38D0B44");
Line Found : user_pref("extensions.incredibar.hmpg", false);
Line Found : user_pref("extensions.incredibar.hrdid", "24908209000000000000001fd056d99f");
Line Found : user_pref("extensions.incredibar.id", "24908209000000000000001fd056d99f");
Line Found : user_pref("extensions.incredibar.installerproductid", "26");
Line Found : user_pref("extensions.incredibar.instlDay", "15589");
Line Found : user_pref("extensions.incredibar.instlRef", "");
Line Found : user_pref("extensions.incredibar.instlday", "15589");
Line Found : user_pref("extensions.incredibar.instlref", "");
Line Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
Line Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Line Found : user_pref("extensions.incredibar.keywordurl", "");
Line Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:26:02");
Line Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Line Found : user_pref("extensions.incredibar.newTab", false);
Line Found : user_pref("extensions.incredibar.newtab", "false");
Line Found : user_pref("extensions.incredibar.newtaburl", "");
Line Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Found : user_pref("extensions.incredibar.ppd", "77777208");
Line Found : user_pref("extensions.incredibar.prdct", "incredibar");
Line Found : user_pref("extensions.incredibar.productid", "26");
Line Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Line Found : user_pref("extensions.incredibar.sg", "none");
Line Found : user_pref("extensions.incredibar.smplGrp", "none");
Line Found : user_pref("extensions.incredibar.smplgrp", "none");
Line Found : user_pref("extensions.incredibar.srch", "");
Line Found : user_pref("extensions.incredibar.srchprvdr", "");
Line Found : user_pref("extensions.incredibar.tlbrId", "base");
Line Found : user_pref("extensions.incredibar.tlbrSrchUrl", "");
Line Found : user_pref("extensions.incredibar.tlbrid", "base");
Line Found : user_pref("extensions.incredibar.tlbrsrchurl", "");
Line Found : user_pref("extensions.incredibar.upn2", "6OyNkgBRoZ");
Line Found : user_pref("extensions.incredibar.upn2n", "92262061233082233");
Line Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:26:02");
Line Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:26:02");
Line Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Found : user_pref("extensions.incredibar_i.dfltLng", "");
Line Found : user_pref("extensions.incredibar_i.did", "10671");
Line Found : user_pref("extensions.incredibar_i.excTlbr", false);
Line Found : user_pref("extensions.incredibar_i.id", "24908209000000000000001fd056d99f");
Line Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Found : user_pref("extensions.incredibar_i.instlDay", "15589");
Line Found : user_pref("extensions.incredibar_i.instlRef", "");
Line Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Found : user_pref("extensions.incredibar_i.newTab", false);
Line Found : user_pref("extensions.incredibar_i.ppd", "77777208");
Line Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Found : user_pref("extensions.incredibar_i.productid", "26");
Line Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyNkgBRoZ&loc=IB_TB&i=26&search=");
Line Found : user_pref("extensions.incredibar_i.upn2", "6OyNkgBRoZ");
Line Found : user_pref("extensions.incredibar_i.upn2n", "92262061233082233");
Line Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:26:02");
Line Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Found : user_pref("extensions.searchya.aflt", "foxtab");
Line Found : user_pref("extensions.searchya.autoRvrt", false);
Line Found : user_pref("extensions.searchya.cntry", "CZ");
Line Found : user_pref("extensions.searchya.dfltLng", "");
Line Found : user_pref("extensions.searchya.dfltSrch", true);
Line Found : user_pref("extensions.searchya.dnsErr", true);
Line Found : user_pref("extensions.searchya.envrmnt", "production");
Line Found : user_pref("extensions.searchya.excTlbr", false);
Line Found : user_pref("extensions.searchya.hdrMd5", "67383ED4EF88F38E2AB8B644CE44A82A");
Line Found : user_pref("extensions.searchya.hmpg", true);
Line Found : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDyDyC0Dzyzy0FzztBtDzytN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=328705550")[...]
Line Found : user_pref("extensions.searchya.id", "001FD056D99F8209");
Line Found : user_pref("extensions.searchya.instlDay", "15600");
Line Found : user_pref("extensions.searchya.instlRef", "tc-100");
Line Found : user_pref("extensions.searchya.isdcmntcmplt", true);
Line Found : user_pref("extensions.searchya.lastVrsnTs", "1.5.25.018:19:41");
Line Found : user_pref("extensions.searchya.mntrFFxVrsn", "13.0");
Line Found : user_pref("extensions.searchya.mntrvrsn", "1.3.0");
Line Found : user_pref("extensions.searchya.newTab", true);
Line Found : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDyDyC0Dzyzy0FzztBtDzytN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=328705550[...]
Line Found : user_pref("extensions.searchya.prdct", "searchya");
Line Found : user_pref("extensions.searchya.prtnrId", "searchya");
Line Found : user_pref("extensions.searchya.sg", "none");
Line Found : user_pref("extensions.searchya.smplGrp", "none");
Line Found : user_pref("extensions.searchya.srchPrvdr", "Search");
Line Found : user_pref("extensions.searchya.tlbrId", "base");
Line Found : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDyDyC0Dzyzy0FzztBtDzytN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=3287055[...]
Line Found : user_pref("extensions.searchya.vrsn", "1.5.25.0");
Line Found : user_pref("extensions.searchya.vrsnTs", "1.5.25.018:19:41");
Line Found : user_pref("extensions.searchya.vrsni", "1.5.25.0");
Line Found : user_pref("extensions.searchya_i.newTab", true);
Line Found : user_pref("extensions.searchya_i.smplGrp", "none");
Line Found : user_pref("extensions.searchya_i.vrsnTs", "1.5.25.018:19:41");

-\\ Google Chrome v

[ File : C:\Documents and Settings\PetrS\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [33065 octets] - [22/02/2014 21:12:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [33126 octets] ##########
PC:
CPU: Intel Core i3-4150 Processor + Cooler Master TPC 600 pasivně
MB: GIGABYTE GA-B85M-D3H rev 1.1,
RAM: Kingston HyperX Fury white 4GB DDR3 1866 (2x)
GPU: MSI GTX 750Ti Gaming
HDD: Samsung 320GB, Seagate Barracuda 1TB, Kingston V300 120GB
Case: Sama Carbon Cube
PSU: Chieftec 500W
Windows 8.1
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod jaro3 » 23 úno 2014 09:56

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
Klikni na „ Vymazat-Clean
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Karlik
Level 4
Level 4
Příspěvky: 1007
Registrován: červenec 13
Bydliště: továrna na čokoládu
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod Karlik » 23 úno 2014 11:50

# AdwCleaner v3.019 - Report created 23/02/2014 at 11:43:43
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : PetrS - PETRS-CE9D8505A
# Running from : C:\Documents and Settings\PetrS\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Ask
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Trymedia
Folder Deleted : C:\Program Files\~Web Assistant
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Documents and Settings\PetrS\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\PetrS\Local Settings\Data aplikací\uTorrentControl_v2
Folder Deleted : C:\Documents and Settings\PetrS\Data aplikací\Mozilla\Firefox\Profiles\xa09v5uc.default\Smartbar
File Deleted : C:\Documents and Settings\PetrS\Data aplikací\Mozilla\Firefox\Profiles\xa09v5uc.default\user.js
File Deleted : C:\Documents and Settings\PetrS\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\PetrS\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\WINDOWS\Tasks\YourFile Update.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E07803C-46A7-45A7-B156-7A3C3D3AF5D1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CDCE1073-9CA8-414B-8D11-4E39CBFEA438}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30F5AB16-9F1E-4E99-93F2-ECB9ABB0EC12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\Downloader.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\YourFileDownloader\YourFile.exe]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Web Assistant
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\uTorrentControl_v2
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Speedchecker Limited
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\Software\uTorrentControl_v2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]

-\\ Mozilla Firefox v26.0 (cs)

[ File : C:\Documents and Settings\PetrS\Data aplikací\Mozilla\Firefox\Profiles\xa09v5uc.default\prefs.js ]

Line Deleted : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1Live\",\"url\":\"hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a\"}");
Line Deleted : user_pref("CT2319825.1000234.TWC_TMP_city", "LIBEN");
Line Deleted : user_pref("CT2319825.1000234.TWC_TMP_country", "CZ");
Line Deleted : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2319825.FirstTime", "true");
Line Deleted : user_pref("CT2319825.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2319825.ID", "50261380");
Line Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "");
Line Deleted : user_pref("CT2319825.UserID", "UN69386447744621577");
Line Deleted : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2319825.autoDisableScopes", 0);
Line Deleted : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2319825.defaultSearch", "true");
Line Deleted : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2319825.enableAlerts", "always");
Line Deleted : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2319825.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2319825.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2319825.fixUrls", true);
Line Deleted : user_pref("CT2319825.installId", "");
Line Deleted : user_pref("CT2319825.installType", "");
Line Deleted : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2319825.isNewTabEnabled", true);
Line Deleted : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2319825.keyword", true);
Line Deleted : user_pref("CT2319825.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.redtube.com%2F204999\",\"EB_MAIN_FRAME_TITLE\":\"Haruka%20Aida%20hot%20blowjob%20and%20c[...]
Line Deleted : user_pref("CT2319825.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2319825.openThankYouPage", "false");
Line Deleted : user_pref("CT2319825.openUninstallPage", "true");
Line Deleted : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Line Deleted : user_pref("CT2319825.search.searchCount", "0");
Line Deleted : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2319825\"}");
Line Deleted : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Winload.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Winload\"}");
Line Deleted : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1347965473017");
Line Deleted : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1347965472538");
Line Deleted : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1347965476421");
Line Deleted : user_pref("CT2319825.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347965541419");
Line Deleted : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1347965474542");
Line Deleted : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1347965468696");
Line Deleted : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1347965468509");
Line Deleted : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1347965474501");
Line Deleted : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1347972744315");
Line Deleted : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1347965472623");
Line Deleted : user_pref("CT2319825.settingsINI", true);
Line Deleted : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Line Deleted : user_pref("CT2319825.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2319825.smartbar.homepage", true);
Line Deleted : user_pref("CT2319825.smartbar.isHidden", true);
Line Deleted : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Line Deleted : user_pref("CT2319825.toolbarBornServerTime", "18-9-2012");
Line Deleted : user_pref("CT2319825.toolbarCurrentServerTime", "18-9-2012");
Line Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1350765371,\"uuid\":512966540411963,\"seq_id\":1,\"ssb\":1350765371}");
Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.FirstTime", "true");
Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3220468.SearchFromAddressBarUrl", "");
Line Deleted : user_pref("CT3220468.UserID", "UN98628015307443589");
Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.autoDisableScopes", 0);
Line Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3220468.cbfirsttime", "Sat Oct 20 2012 22:36:10 GMT+0200");
Line Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3220468.enableAlerts", "always");
Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3220468.fixUrls", true);
Line Deleted : user_pref("CT3220468.installId", "fft123.tmp.exe");
Line Deleted : user_pref("CT3220468.installType", "XPE");
Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Line Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.keyword", true);
Line Deleted : user_pref("CT3220468.navigationAliasesJson", "");
Line Deleted : user_pref("CT3220468.openThankYouPage", "true");
Line Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Deleted : user_pref("CT3220468.search.searchCount", "0");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350765367000");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1350765366961");
Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350765367293");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1350765377554");
Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350765367183");
Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1350765364952");
Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1350765363482");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350765367256");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1350765377606");
Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1350765366982");
Line Deleted : user_pref("CT3220468.settingsINI", true);
Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3220468.smartbar.homepage", true);
Line Deleted : user_pref("CT3220468.smartbar.isHidden", true);
Line Deleted : user_pref("CT3220468.smartbar.toolbarName", "");
Line Deleted : user_pref("CT3220468.startPage", "TRUE");
Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "20-10-2012");
Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "20-10-2012");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "");
Line Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1347027161571");
Line Deleted : user_pref("extensions.incredibar.admin", false);
Line Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Line Deleted : user_pref("extensions.incredibar.cntry", "CZ");
Line Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Line Deleted : user_pref("extensions.incredibar.dfltlng", "en");
Line Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Line Deleted : user_pref("extensions.incredibar.did", "10671");
Line Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar.hdrMd5", "FF4B947A5947102E2B982E71F38D0B44");
Line Deleted : user_pref("extensions.incredibar.hmpg", false);
Line Deleted : user_pref("extensions.incredibar.hrdid", "24908209000000000000001fd056d99f");
Line Deleted : user_pref("extensions.incredibar.id", "24908209000000000000001fd056d99f");
Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar.instlDay", "15589");
Line Deleted : user_pref("extensions.incredibar.instlRef", "");
Line Deleted : user_pref("extensions.incredibar.instlday", "15589");
Line Deleted : user_pref("extensions.incredibar.instlref", "");
Line Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Line Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Line Deleted : user_pref("extensions.incredibar.keywordurl", "");
Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:26:02");
Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Line Deleted : user_pref("extensions.incredibar.newTab", false);
Line Deleted : user_pref("extensions.incredibar.newtab", "false");
Line Deleted : user_pref("extensions.incredibar.newtaburl", "");
Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.incredibar.ppd", "77777208");
Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar.productid", "26");
Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.sg", "none");
Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Line Deleted : user_pref("extensions.incredibar.srch", "");
Line Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Line Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "");
Line Deleted : user_pref("extensions.incredibar.upn2", "6OyNkgBRoZ");
Line Deleted : user_pref("extensions.incredibar.upn2n", "92262061233082233");
Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:26:02");
Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:26:02");
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10671");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "24908209000000000000001fd056d99f");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15589");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "77777208");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyNkgBRoZ&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6OyNkgBRoZ");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92262061233082233");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:26:02");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.searchya.aflt", "foxtab");
Line Deleted : user_pref("extensions.searchya.autoRvrt", false);
Line Deleted : user_pref("extensions.searchya.cntry", "CZ");
Line Deleted : user_pref("extensions.searchya.dfltLng", "");
Line Deleted : user_pref("extensions.searchya.dfltSrch", true);
Line Deleted : user_pref("extensions.searchya.dnsErr", true);
Line Deleted : user_pref("extensions.searchya.envrmnt", "production");
Line Deleted : user_pref("extensions.searchya.excTlbr", false);
Line Deleted : user_pref("extensions.searchya.hdrMd5", "67383ED4EF88F38E2AB8B644CE44A82A");
Line Deleted : user_pref("extensions.searchya.hmpg", true);
Line Deleted : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDyDyC0Dzyzy0FzztBtDzytN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=328705550")[...]
Line Deleted : user_pref("extensions.searchya.id", "001FD056D99F8209");
Line Deleted : user_pref("extensions.searchya.instlDay", "15600");
Line Deleted : user_pref("extensions.searchya.instlRef", "tc-100");
Line Deleted : user_pref("extensions.searchya.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.searchya.lastVrsnTs", "1.5.25.018:19:41");
Line Deleted : user_pref("extensions.searchya.mntrFFxVrsn", "13.0");
Line Deleted : user_pref("extensions.searchya.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.searchya.newTab", true);
Line Deleted : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDyDyC0Dzyzy0FzztBtDzytN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=328705550[...]
Line Deleted : user_pref("extensions.searchya.prdct", "searchya");
Line Deleted : user_pref("extensions.searchya.prtnrId", "searchya");
Line Deleted : user_pref("extensions.searchya.sg", "none");
Line Deleted : user_pref("extensions.searchya.smplGrp", "none");
Line Deleted : user_pref("extensions.searchya.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.searchya.tlbrId", "base");
Line Deleted : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtC0F0DtDyDyC0Dzyzy0FzztBtDzytN0D0Tzu0StByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=3287055[...]
Line Deleted : user_pref("extensions.searchya.vrsn", "1.5.25.0");
Line Deleted : user_pref("extensions.searchya.vrsnTs", "1.5.25.018:19:41");
Line Deleted : user_pref("extensions.searchya.vrsni", "1.5.25.0");
Line Deleted : user_pref("extensions.searchya_i.newTab", true);
Line Deleted : user_pref("extensions.searchya_i.smplGrp", "none");
Line Deleted : user_pref("extensions.searchya_i.vrsnTs", "1.5.25.018:19:41");

-\\ Google Chrome v

[ File : C:\Documents and Settings\PetrS\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [33207 octets] - [22/02/2014 21:12:25]
AdwCleaner[R1].txt - [33268 octets] - [23/02/2014 11:40:12]
AdwCleaner[S0].txt - [33309 octets] - [23/02/2014 11:43:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33370 octets] ##########
PC:
CPU: Intel Core i3-4150 Processor + Cooler Master TPC 600 pasivně
MB: GIGABYTE GA-B85M-D3H rev 1.1,
RAM: Kingston HyperX Fury white 4GB DDR3 1866 (2x)
GPU: MSI GTX 750Ti Gaming
HDD: Samsung 320GB, Seagate Barracuda 1TB, Kingston V300 120GB
Case: Sama Carbon Cube
PSU: Chieftec 500W
Windows 8.1
Nahoru
Uživatelský avatar
Karlik
Level 4
Level 4
Příspěvky: 1007
Registrován: červenec 13
Bydliště: továrna na čokoládu
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod Karlik » 23 úno 2014 12:06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by PetrS on ne 23.02.2014 at 11:53:35,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8b234892-a4bc-4dfc-8dee-05752b542341}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\PetrS\Data aplikacˇ\mozilla\firefox\profiles\xa09v5uc.default\prefs.js

user_pref("keyword.URL", "hxxp://my.myplaycity.com/results.php?category=web&s=");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.seznam.cz/|||8641347052420496");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://search.seznam.cz/?aq=-1&oq=yx&sourceid=szn-HP&thru=&q=yx/|#|old_value|||864134705242049





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 23.02.2014 at 11:57:32,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PC:
CPU: Intel Core i3-4150 Processor + Cooler Master TPC 600 pasivně
MB: GIGABYTE GA-B85M-D3H rev 1.1,
RAM: Kingston HyperX Fury white 4GB DDR3 1866 (2x)
GPU: MSI GTX 750Ti Gaming
HDD: Samsung 320GB, Seagate Barracuda 1TB, Kingston V300 120GB
Case: Sama Carbon Cube
PSU: Chieftec 500W
Windows 8.1
Nahoru
Uživatelský avatar
Karlik
Level 4
Level 4
Příspěvky: 1007
Registrován: červenec 13
Bydliště: továrna na čokoládu
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod Karlik » 23 úno 2014 12:12

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : PetrS [Práva správce]
Mód : Kontrola -- Datum : 02/23/2014 12:10:07
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ SECU][PUM] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> NALEZENO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 2 ¤¤¤
[All Users][SUSP UNIC] HP Digital Imaging Monitor.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk [-] -> NALEZENO
[PetrS][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk : C:\Documents and Settings\PetrS\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [-] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD322HJ +++++
--- User ---
[MBR] 65260b1d1e85dbdc59ad3d42d6ba31cd
[BSP] 28fbe9ca2a2668c7305b1d48070ccdc0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40962 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 83891430 | Size: 264272 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_02232014_121007.txt >>
PC:
CPU: Intel Core i3-4150 Processor + Cooler Master TPC 600 pasivně
MB: GIGABYTE GA-B85M-D3H rev 1.1,
RAM: Kingston HyperX Fury white 4GB DDR3 1866 (2x)
GPU: MSI GTX 750Ti Gaming
HDD: Samsung 320GB, Seagate Barracuda 1TB, Kingston V300 120GB
Case: Sama Carbon Cube
PSU: Chieftec 500W
Windows 8.1
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod memphisto » 23 úno 2014 17:30

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen pro odstranění, stačí restartovat počítač.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
Uživatelský avatar
Karlik
Level 4
Level 4
Příspěvky: 1007
Registrován: červenec 13
Bydliště: továrna na čokoládu
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod Karlik » 23 úno 2014 20:07

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : PetrS [Práva správce]
Mód : Odebrat -- Datum : 02/23/2014 20:05:48
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ SECU][PUM] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 2 ¤¤¤
[All Users][SUSP UNIC] HP Digital Imaging Monitor.lnk : C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk [-] -> VYMAZÁNO
[PetrS][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk : C:\Documents and Settings\PetrS\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [-] -> VYMAZÁNO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HD322HJ +++++
--- User ---
[MBR] 65260b1d1e85dbdc59ad3d42d6ba31cd
[BSP] 28fbe9ca2a2668c7305b1d48070ccdc0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40962 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 83891430 | Size: 264272 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_02232014_200548.txt >>
RKreport[0]_S_02232014_121007.txt;RKreport[0]_S_02232014_200542.txt
PC:
CPU: Intel Core i3-4150 Processor + Cooler Master TPC 600 pasivně
MB: GIGABYTE GA-B85M-D3H rev 1.1,
RAM: Kingston HyperX Fury white 4GB DDR3 1866 (2x)
GPU: MSI GTX 750Ti Gaming
HDD: Samsung 320GB, Seagate Barracuda 1TB, Kingston V300 120GB
Case: Sama Carbon Cube
PSU: Chieftec 500W
Windows 8.1
Nahoru
Uživatelský avatar
Karlik
Level 4
Level 4
Příspěvky: 1007
Registrován: červenec 13
Bydliště: továrna na čokoládu
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod Karlik » 23 úno 2014 20:19

ComboFix 14-02-23.01 - PetrS 23.02.2014 20:13:11.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2448 [GMT 1:00]
Spuštěný z: c:\documents and settings\PetrS\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\PetrS\WINDOWS
c:\windows\system32\frapsvid.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-01-23 do 2014-02-23 )))))))))))))))))))))))))))))))
.
.
2014-02-23 10:53 . 2014-02-23 10:53 -------- d-----w- c:\windows\ERUNT
2014-02-22 19:59 . 2014-02-23 10:44 -------- d-----w- C:\AdwCleaner
2014-02-22 19:09 . 2014-02-22 19:09 -------- d-----w- c:\documents and settings\PetrS\Data aplikací\Malwarebytes
2014-02-22 19:09 . 2014-02-22 19:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-02-22 19:09 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-01 18:10 . 2014-02-01 18:10 -------- d-----w- c:\documents and settings\PetrS\Data aplikací\AVAST Software
2014-02-01 17:30 . 2014-01-22 14:52 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2014-01-26 18:49 . 2014-01-26 18:49 -------- d-----w- C:\Users
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 14:16 . 2012-07-16 10:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 14:16 . 2012-07-16 10:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 17:31 . 2013-03-25 18:25 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-01 17:36 . 2013-03-25 18:25 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-01 17:36 . 2013-03-25 18:25 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-01 17:36 . 2012-07-15 11:41 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-01 17:36 . 2012-07-15 11:41 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-01 17:36 . 2012-07-15 11:41 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-01 17:36 . 2012-07-15 11:41 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-01 17:36 . 2012-07-15 11:41 43152 ----a-w- c:\windows\avastSS.scr
2014-02-01 17:36 . 2012-07-15 11:41 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-24 18:05 . 2014-01-24 18:05 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-01 17:36 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SysProc"="c:\users\Public\Public\run_shc.lnk" [2014-02-01 1239]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"BlueStacks Agent"="c:\program files\BlueStacks\HD-Agent.exe" [2013-09-19 606024]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-01 3767096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"d:\\Games\\Landwirtschafts Simulator 2011\\FarmingSimulator2011.exe"=
"d:\\Games\\Landwirtschafts Simulator 2011\\game.exe"=
"d:\\Games\\fifa11\\Game\\fifa.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"d:\\Games\\OpenTTD\\openttd.exe"=
"c:\\Program Files\\Portable\\Farming Simulator 2013 v1.3\\FarmingSimulator2013Game.exe"=
"d:\\Games\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"443:TCP"= 443:TCP:War Thunder
"20010:UDP"= 20010:UDP:War Thunder
"3478:UDP"= 3478:UDP:War Thunder
"7850:TCP"= 7850:TCP:War Thunder
"27022:TCP"= 27022:TCP:War Thunder
"6881:TCP"= 6881:TCP:War Thunder
"33333:TCP"= 33333:TCP:War Thunder
"20443:TCP"= 20443:TCP:War Thunder
"8090:TCP"= 8090:TCP:War Thunder
"57385:TCP"= 57385:TCP:Pando Media Booster
"57385:UDP"= 57385:UDP:Pando Media Booster
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [25.3.2013 19:25 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [25.3.2013 19:25 180248]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15.7.2012 12:41 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15.7.2012 12:41 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [25.3.2013 19:25 67824]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [19.9.2013 12:05 63816]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [19.9.2013 12:05 384840]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [26.7.2013 9:12 103040]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [19.9.2013 12:05 393032]
S2 MBAMService;MBAMService;d:\games\Malwarebytes' Anti-Malware\mbamservice.exe [22.2.2014 20:09 701512]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [16.9.2013 11:29 3273088]
S2 SkypeUpdate;Skype Updater;d:\games\Skype\Updater\Updater.exe [5.9.2013 9:34 171680]
S3 DIRECTIO;DIRECTIO;\??\d:\games\PerformanceTest\DirectIo32.sys --> d:\games\PerformanceTest\DirectIo32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.2.2014 20:09 22856]
S3 WinRing0_1_2_0;WinRing0_1_2_0;\??\d:\games\Game Booster 3\Driver\WinRing0.sys --> d:\games\Game Booster 3\Driver\WinRing0.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2014-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 14:16]
.
2014-02-23 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\PetrS\Data aplikací\Mozilla\Firefox\Profiles\xa09v5uc.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-OEXPRESS - (no file)
AddRemove-PC Translator 2007 DEMO - c:\docume~1\PetrS\LOCALS~1\Temp\UN32.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-23 20:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Celkový čas: 2014-02-23 20:17:46
ComboFix-quarantined-files.txt 2014-02-23 19:17
.
Před spuštěním: Volných bajtů: 22 045 073 408
Po spuštění: Volných bajtů: 22 007 083 008
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E6299ABB71A46A63DC6D2E2A692408B3
413FC2A0C716421B3158746D63736515
PC:
CPU: Intel Core i3-4150 Processor + Cooler Master TPC 600 pasivně
MB: GIGABYTE GA-B85M-D3H rev 1.1,
RAM: Kingston HyperX Fury white 4GB DDR3 1866 (2x)
GPU: MSI GTX 750Ti Gaming
HDD: Samsung 320GB, Seagate Barracuda 1TB, Kingston V300 120GB
Case: Sama Carbon Cube
PSU: Chieftec 500W
Windows 8.1
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Minerd.exe + možná další potvory - Prosím o kontrolu

Příspěvekod jaro3 » 24 úno 2014 10:25

. spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.


Pak znovu Combofix.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Zamčeno

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 66 hostů