Ahoj, poslední dobou mám hodně zatížení procesor a počítač se chová divně tak radši bych to chtěl zkontrolovat :)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:10:28, on 2.8.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16545)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\vm305_sti.exe
C:\Program Files\Gaming Keyboard\Monitor.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Gaming Keyboard\OSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Voldacz\AppData\Local\Akamai\netsession_win.exe
C:\Users\Voldacz\AppData\Local\Akamai\netsession_win.exe
D:\Origin\Origin.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Voldacz\AppData\Roaming\Curse Client\Bin\Curse.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Origin\OriginClientService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Voldacz\Music\Supr čupr novej ultra seznam hitů\hijackthis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=498&a ... 71&src=hmp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [ShadowPlay] C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AutoKMS] C:\Windows\AutoKMS.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BigDog305] C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [VICTORY Gaming Keyboard] "C:\Program Files\Gaming Keyboard\Monitor.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [help] C:\Windows\InstallDir\help.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [MKLOL] "C:\Program Files\MKJogo\MKLOL\MK.exe" -auto
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Voldacz\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [EADM] "D:\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [help] C:\Windows\InstallDir\help.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Curse.lnk = Voldacz\AppData\Roaming\Curse Client\Bin\Curse.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Systemk Service (SystemkService) - Aztec Media Inc - C:\Program Files\Settings Manager\systemk\SystemkService.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
--
End of file - 10265 bytes
Prosím o kontrolu logu, Procesor na 100%
- Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, Procesor na 100%
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
===================================================
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
===================================================
Stáhni AdwCleaner (by Xplode)
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
===================================================
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
===================================================
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
===================================================
Stáhni AdwCleaner (by Xplode)
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
===================================================
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.

Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Re: Prosím o kontrolu logu, Procesor na 100%
# AdwCleaner v3.302 - Report created 02/08/2014 at 11:44:47
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Voldacz - VOLDACZ-PC
# Running from : C:\Users\Voldacz\Music\Supr čupr novej ultra seznam hitů\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : F06DEFF2-5B9C-490D-910F-35D3A9119622
Service Found : SystemkService
Service Found : AppleChargerSrv
Service Found : PnkBstrA
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml
File Found : C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\9wxig5rh.default\invalidprefs.js
File Found : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\invalidprefs.js
File Found : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\searchplugins\default-search.xml
File Found : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\user.js
File Found : C:\Windows\system32\AppleChargerSrv.exe
File Found : C:\Windows\system32\PnkBstrA.exe
Folder Found : C:\Program Files\Settings Manager
Folder Found : C:\ProgramData\systemk
Folder Found : C:\Users\Maruška\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Voldacz\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Voldacz\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Voldacz\AppData\Roaming\Settings Manager
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SystemK
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-word_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-word_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Found : HKLM\Software\SystemK
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.default-search.net?sid=498&a ... 71&src=hmp
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\9wxig5rh.default\prefs.js ]
[ File : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\prefs.js ]
Line Found : user_pref("browser.search.order.1", "default-search.net");
*************************
AdwCleaner[R0].txt - [6772 octets] - [02/08/2014 11:44:47]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6832 octets] ##########
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Voldacz - VOLDACZ-PC
# Running from : C:\Users\Voldacz\Music\Supr čupr novej ultra seznam hitů\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : F06DEFF2-5B9C-490D-910F-35D3A9119622
Service Found : SystemkService
Service Found : AppleChargerSrv
Service Found : PnkBstrA
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml
File Found : C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\9wxig5rh.default\invalidprefs.js
File Found : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\invalidprefs.js
File Found : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\searchplugins\default-search.xml
File Found : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\user.js
File Found : C:\Windows\system32\AppleChargerSrv.exe
File Found : C:\Windows\system32\PnkBstrA.exe
Folder Found : C:\Program Files\Settings Manager
Folder Found : C:\ProgramData\systemk
Folder Found : C:\Users\Maruška\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Voldacz\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Voldacz\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Voldacz\AppData\Roaming\Settings Manager
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Linkey
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SystemK
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Found : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-word_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-word_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Found : HKLM\Software\SystemK
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.default-search.net?sid=498&a ... 71&src=hmp
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\9wxig5rh.default\prefs.js ]
[ File : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\prefs.js ]
Line Found : user_pref("browser.search.order.1", "default-search.net");
*************************
AdwCleaner[R0].txt - [6772 octets] - [02/08/2014 11:44:47]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6832 octets] ##########
Re: Prosím o kontrolu logu, Procesor na 100%
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 2.8.2014
Scan Time: 11:48:56
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.02.02
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x86
File System: NTFS
User: Voldacz
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307718
Time Elapsed: 6 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 3
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\SystemkService.exe, 964, , [1dadc3fefb8057df5f7393f2639ebf41]
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\SystemkService.exe, 1956, , [1dadc3fefb8057df5f7393f2639ebf41]
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemku.exe, 3888, , [9436bc055e1d6cca339f0580d031da26]
Modules: 35
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\smdmf.dll, , [5e6cc9f89dde8aac7d55b9cc9a670000],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\smdmfldr.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\smdmfldr.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\smdmfldr.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
Registry Keys: 61
PUP.Optional.SystemK.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SystemkService, , [1dadc3fefb8057df5f7393f2639ebf41],
PUP.Optional.SystemK.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A9119622, , [6c5eb110b2c91026fbd7592c847d24dc],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [fad0dbe698e333030d22acb5a55da35d],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [fad0dbe698e333030d22acb5a55da35d],
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [fad0dbe698e333030d22acb5a55da35d],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [b1194a779be045f192555112fa0808f8],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [b1194a779be045f192555112fa0808f8],
PUP.Optional.SystemK.A, HKLM\SOFTWARE\SystemK, , [43878b367cff9e986e7028a7738f5ba5],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, , [9832e1e0adce6acc7c781ab489798779],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, , [08c20bb6fe7dce68e4ca53df5ba923dd],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, , [973331908af12610d81b26a8fe041de3],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, , [e3e7cff2e09bd660951a58da9d679b65],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, , [eae0c001cdaea195d41e7c52837f728e],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, , [b71302bf94e7a98d0aa6f53de61e926e],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, , [93372f92a1dadd597b6b18b634ce9967],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, , [b317ebd68dee91a5763b260c788caa56],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, , [7258c7fa1a615fd7dd0a5f6fd32f29d7],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, , [7852823f89f2b5817d3542f056aec13f],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, , [f7d3833ede9d80b64a9eb41a956d17e9],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, , [03c73c859eddfc3ae4cfdf534aba6799],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, , [6367bc054e2d22143dadebe3d1318779],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, , [804af1d0c7b44aec4272f24032d238c8],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\jumpflip, , [fad0ead7b7c462d4f7be44ee48bccc34],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, , [0ebc07ba88f345f16a8135996f93c43c],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, , [5575e4dd6b1063d3f3c351e103017987],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchinstaller.exe, , [c208bf02a5d64de9dfd87bb7d1339f61],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, , [83474978601b4fe7b834804e768ccc34],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, , [6169239e36457fb72a8ea58d3ec60bf5],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotector.exe, , [63674879df9cbe7816d7efdfcf33a858],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotector.exe, , [a525952c4d2e39fd13a6d85adf2545bb],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchsettings.exe, , [4981f5cc265555e115a5ce64cd37c739],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchsettings64.exe, , [616920a192e94beb4972fe34d62e08f8],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, , [17b360616813e84e36b8f2dcb052ba46],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, , [c703e4dda4d77fb7f0ccf141877de818],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, , [4f7be0e17dfee74f39b696381be7a858],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, , [81494a77d0ab9c9a803d8ca6e22216ea],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, , [c802dbe686f5b18578789e3039c901ff],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, , [44865a673249bc7aaa1369c9e91b867a],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\umbrella.exe, , [d1f912afd8a3c076a41a6cc607fdf20e],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, , [94361aa756256ec828c93e906c96bb45],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, , [9931dfe279029f972a95ca688480bf41],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\volaro, , [e7e30fb2b2c9a393665a1f1316eece32],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\vonteera, , [c604467b0c6ff4426f52989a70949f61],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\websteroids.exe, , [48825a6780fbb2846b5772c02dd78b75],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\websteroidsservice.exe, , [02c8d6eb4c2f1224259eae8444c012ee],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK\General, , [47833e83295281b5ab1a17d65ba78878],
Malware.Trace, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [7e4c4a777ffc73c3f696c9d4ad56b050],
PUP.Optional.SystemK.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, , [ffcb5c655b20a5918b5a13c86c9626da],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [bd0d19a87a01a2944dc26d7dc43e9a66],
Malware.Trace, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [2d9db40df7845cda1676891412f126da],
PUP.Optional.Maucampo.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\maucampo, , [507afac7aad10531eaa2f136c63e41bf],
PUP.Optional.SystemK.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, , [d1f9e1e0e4976acc865f1ebd25dded13],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Settings Manager, , [6763279a5d1e75c1a39c744018ea8080],
Registry Values: 5
Riskware.Keygen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AutoKMS, C:\Windows\AutoKMS.exe, , [ab1f14adee8df541d087456e69977d83]
Trojan.Zbot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [6e5c90318af152e4f528c6d036cb2fd1]
Trojan.Zbot, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [6e5c90318af152e4f528c6d036cb2fd1]
Trojan.Zbot, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [6e5c90318af152e4f528c6d036cb2fd1]
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK|browser, ie ff cr, , [8f3b625f80fb78bebe083faea161ba46]
Registry Data: 1
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.default-search.net?sid=498&a ... 71&src=hmp, Good: (www.google.com), Bad: (http://www.default-search.net?sid=498&a ... 71&src=hmp),,[1ab0625fd4a73501c260446f51b3f30d]
Folders: 10
PUP.Optional.SystemK.A, C:\ProgramData\systemk, , [b317a51cea91ff37cdbfe20ab151fc04],
Stolen.Data, C:\Users\Voldacz\AppData\Roaming\dclogs, , [4387ae135b20a6908eba715b0ff445bb],
PUP.Optional.OpenCandy, C:\Users\Voldacz\AppData\Roaming\OpenCandy, , [7b4f457cb1ca74c21134f4b927db669a],
PUP.Optional.OpenCandy, C:\Users\Voldacz\AppData\Roaming\OpenCandy\62BE7A61DA834476A81120B198321734, , [7b4f457cb1ca74c21134f4b927db669a],
PUP.Optional.Datamngr.A, C:\Users\Maruška\AppData\LocalLow\DataMngr, , [309a3f82641760d65e5703b0bc469b65],
PUP.Optional.Datamngr.A, C:\Users\Voldacz\AppData\LocalLow\DataMngr, , [9634368bee8dca6c2f86773cc53dd828],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
Files: 78
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\SystemkService.exe, , [1dadc3fefb8057df5f7393f2639ebf41],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemku.exe, , [9436bc055e1d6cca339f0580d031da26],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\smdmf.dll, , [5e6cc9f89dde8aac7d55b9cc9a670000],
Riskware.Keygen, C:\Windows\AutoKMS.exe, , [ab1f14adee8df541d087456e69977d83],
Trojan.Zbot, C:\Windows\InstallDir\help.exe, , [6e5c90318af152e4f528c6d036cb2fd1],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemkmgrc2.cfg, , [6c5eb110b2c91026fbd7592c847d24dc],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncdato.exe, , [03c7bb062556b482a753ebc061a0f50b],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncetvrmv.exe, , [a02ae3de65162d097981723908f9a957],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncdato.exe, , [804aa71ab0cb77bf89f559bee31ebc44],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncetvrmv.exe, , [5575ad14a8d3ad89d1ad30e72dd46e92],
Trojan.BitMiner, C:\Windows\System32\dcgmncdato.exe, , [5f6bf2cff784290dac4c0cb0976ae719],
Trojan.BitMiner, C:\Windows\System32\dcgmncetvrmv.exe, , [5278427f2952181e21d7b90359a8d927],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [4486814062193ff7899cbe2ad62cd828],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\general.cfg, , [b317a51cea91ff37cdbfe20ab151fc04],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\coordinator.cfg, , [b317a51cea91ff37cdbfe20ab151fc04],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\S-1-5-21-2286534032-3982842983-3296952562-1000.cfg, , [b317a51cea91ff37cdbfe20ab151fc04],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\S-1-5-21-2286534032-3982842983-3296952562-1005.cfg, , [b317a51cea91ff37cdbfe20ab151fc04],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\S-1-5-32.cfg, , [b317a51cea91ff37cdbfe20ab151fc04],
PUP.Optional.DefaultSearch.A, C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\searchplugins\default-search.xml, , [7e4ca41df58667cfae10cd20847e4eb2],
PUP.Optional.DefaultSearch.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml, , [a723625fcab1092de5da628b9969bb45],
Stolen.Data, C:\Users\Voldacz\AppData\Roaming\dclogs\2014-08-01-6.dc, , [4387ae135b20a6908eba715b0ff445bb],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [f1d9a819245745f14effd33f9e66d12f],
PUP.Optional.OpenCandy, C:\Users\Voldacz\AppData\Roaming\OpenCandy\62BE7A61DA834476A81120B198321734\AVG-PC-TuneUp2014.exe, , [7b4f457cb1ca74c21134f4b927db669a],
PUP.Optional.Datamngr.A, C:\Users\Maruška\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}, , [309a3f82641760d65e5703b0bc469b65],
PUP.Optional.Datamngr.A, C:\Users\Voldacz\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}, , [9634368bee8dca6c2f86773cc53dd828],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\del_IEBHO_nsv72B7.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\favicon.ico, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Helper.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\smdmfldr.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\smdmfldr_u.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\systemkbho.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\tbicon.exe, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\trzBFB5.tmp, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Uninstall.exe, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\chrome.manifest, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\install.rdf, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF14.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF.xpt, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF10.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF11.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF12.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF13.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF15.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF16.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF17.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF18.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF19.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF2.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF20.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF21.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF22.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF23.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF24.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF25.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF26.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF27.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF28.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF29.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF30.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF4.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF5.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF6.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF7.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF8.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF9.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\DnsBHO.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\Error404BHO.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\MainBHO.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\NativeHelper.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\NewTabBHO.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\overlay.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\overlay.xul, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\RelatedSearch.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\RequestPreserver.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\SearchBHO.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\SettingManager.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 2.8.2014
Scan Time: 11:48:56
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.02.02
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x86
File System: NTFS
User: Voldacz
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307718
Time Elapsed: 6 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 3
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\SystemkService.exe, 964, , [1dadc3fefb8057df5f7393f2639ebf41]
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\SystemkService.exe, 1956, , [1dadc3fefb8057df5f7393f2639ebf41]
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemku.exe, 3888, , [9436bc055e1d6cca339f0580d031da26]
Modules: 35
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\smdmf.dll, , [5e6cc9f89dde8aac7d55b9cc9a670000],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\smdmfldr.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\smdmfldr.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\smdmfldr.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
Registry Keys: 61
PUP.Optional.SystemK.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SystemkService, , [1dadc3fefb8057df5f7393f2639ebf41],
PUP.Optional.SystemK.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A9119622, , [6c5eb110b2c91026fbd7592c847d24dc],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [fad0dbe698e333030d22acb5a55da35d],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [fad0dbe698e333030d22acb5a55da35d],
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [fad0dbe698e333030d22acb5a55da35d],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [b1194a779be045f192555112fa0808f8],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [b1194a779be045f192555112fa0808f8],
PUP.Optional.SystemK.A, HKLM\SOFTWARE\SystemK, , [43878b367cff9e986e7028a7738f5ba5],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, , [9832e1e0adce6acc7c781ab489798779],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bitguard.exe, , [08c20bb6fe7dce68e4ca53df5ba923dd],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, , [973331908af12610d81b26a8fe041de3],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bprotect.exe, , [e3e7cff2e09bd660951a58da9d679b65],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, , [eae0c001cdaea195d41e7c52837f728e],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\bpsvc.exe, , [b71302bf94e7a98d0aa6f53de61e926e],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, , [93372f92a1dadd597b6b18b634ce9967],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserdefender.exe, , [b317ebd68dee91a5763b260c788caa56],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, , [7258c7fa1a615fd7dd0a5f6fd32f29d7],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browserprotect.exe, , [7852823f89f2b5817d3542f056aec13f],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, , [f7d3833ede9d80b64a9eb41a956d17e9],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\browsersafeguard.exe, , [03c73c859eddfc3ae4cfdf534aba6799],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, , [6367bc054e2d22143dadebe3d1318779],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\dprotectsvc.exe, , [804af1d0c7b44aec4272f24032d238c8],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\jumpflip, , [fad0ead7b7c462d4f7be44ee48bccc34],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, , [0ebc07ba88f345f16a8135996f93c43c],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\protectedsearch.exe, , [5575e4dd6b1063d3f3c351e103017987],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchinstaller.exe, , [c208bf02a5d64de9dfd87bb7d1339f61],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, , [83474978601b4fe7b834804e768ccc34],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotection.exe, , [6169239e36457fb72a8ea58d3ec60bf5],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotector.exe, , [63674879df9cbe7816d7efdfcf33a858],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchprotector.exe, , [a525952c4d2e39fd13a6d85adf2545bb],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchsettings.exe, , [4981f5cc265555e115a5ce64cd37c739],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\searchsettings64.exe, , [616920a192e94beb4972fe34d62e08f8],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, , [17b360616813e84e36b8f2dcb052ba46],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\snapdo.exe, , [c703e4dda4d77fb7f0ccf141877de818],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, , [4f7be0e17dfee74f39b696381be7a858],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst32.exe, , [81494a77d0ab9c9a803d8ca6e22216ea],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, , [c802dbe686f5b18578789e3039c901ff],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\stinst64.exe, , [44865a673249bc7aaa1369c9e91b867a],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\umbrella.exe, , [d1f912afd8a3c076a41a6cc607fdf20e],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, , [94361aa756256ec828c93e906c96bb45],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\utiljumpflip.exe, , [9931dfe279029f972a95ca688480bf41],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\volaro, , [e7e30fb2b2c9a393665a1f1316eece32],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\vonteera, , [c604467b0c6ff4426f52989a70949f61],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\websteroids.exe, , [48825a6780fbb2846b5772c02dd78b75],
PUP.Optional.IFEO.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\websteroidsservice.exe, , [02c8d6eb4c2f1224259eae8444c012ee],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK\General, , [47833e83295281b5ab1a17d65ba78878],
Malware.Trace, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [7e4c4a777ffc73c3f696c9d4ad56b050],
PUP.Optional.SystemK.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, , [ffcb5c655b20a5918b5a13c86c9626da],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [bd0d19a87a01a2944dc26d7dc43e9a66],
Malware.Trace, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [2d9db40df7845cda1676891412f126da],
PUP.Optional.Maucampo.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\maucampo, , [507afac7aad10531eaa2f136c63e41bf],
PUP.Optional.SystemK.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, , [d1f9e1e0e4976acc865f1ebd25dded13],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\SettingsManagerIEHelper.DNSGuard.1, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{54739D49-AC03-4C57-9264-C5195596B3A1}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA760BA8-5862-4BC5-9263-4452CBC0B264}, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Settings Manager, , [6763279a5d1e75c1a39c744018ea8080],
Registry Values: 5
Riskware.Keygen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|AutoKMS, C:\Windows\AutoKMS.exe, , [ab1f14adee8df541d087456e69977d83]
Trojan.Zbot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [6e5c90318af152e4f528c6d036cb2fd1]
Trojan.Zbot, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [6e5c90318af152e4f528c6d036cb2fd1]
Trojan.Zbot, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [6e5c90318af152e4f528c6d036cb2fd1]
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK|browser, ie ff cr, , [8f3b625f80fb78bebe083faea161ba46]
Registry Data: 1
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.default-search.net?sid=498&a ... 71&src=hmp, Good: (www.google.com), Bad: (http://www.default-search.net?sid=498&a ... 71&src=hmp),,[1ab0625fd4a73501c260446f51b3f30d]
Folders: 10
PUP.Optional.SystemK.A, C:\ProgramData\systemk, , [b317a51cea91ff37cdbfe20ab151fc04],
Stolen.Data, C:\Users\Voldacz\AppData\Roaming\dclogs, , [4387ae135b20a6908eba715b0ff445bb],
PUP.Optional.OpenCandy, C:\Users\Voldacz\AppData\Roaming\OpenCandy, , [7b4f457cb1ca74c21134f4b927db669a],
PUP.Optional.OpenCandy, C:\Users\Voldacz\AppData\Roaming\OpenCandy\62BE7A61DA834476A81120B198321734, , [7b4f457cb1ca74c21134f4b927db669a],
PUP.Optional.Datamngr.A, C:\Users\Maruška\AppData\LocalLow\DataMngr, , [309a3f82641760d65e5703b0bc469b65],
PUP.Optional.Datamngr.A, C:\Users\Voldacz\AppData\LocalLow\DataMngr, , [9634368bee8dca6c2f86773cc53dd828],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
Files: 78
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\SystemkService.exe, , [1dadc3fefb8057df5f7393f2639ebf41],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemku.exe, , [9436bc055e1d6cca339f0580d031da26],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\smdmf.dll, , [5e6cc9f89dde8aac7d55b9cc9a670000],
Riskware.Keygen, C:\Windows\AutoKMS.exe, , [ab1f14adee8df541d087456e69977d83],
Trojan.Zbot, C:\Windows\InstallDir\help.exe, , [6e5c90318af152e4f528c6d036cb2fd1],
PUP.Optional.SystemK.A, C:\Program Files\Settings Manager\systemk\systemkmgrc2.cfg, , [6c5eb110b2c91026fbd7592c847d24dc],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncdato.exe, , [03c7bb062556b482a753ebc061a0f50b],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncetvrmv.exe, , [a02ae3de65162d097981723908f9a957],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncdato.exe, , [804aa71ab0cb77bf89f559bee31ebc44],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncetvrmv.exe, , [5575ad14a8d3ad89d1ad30e72dd46e92],
Trojan.BitMiner, C:\Windows\System32\dcgmncdato.exe, , [5f6bf2cff784290dac4c0cb0976ae719],
Trojan.BitMiner, C:\Windows\System32\dcgmncetvrmv.exe, , [5278427f2952181e21d7b90359a8d927],
Trojan.Agent.SCR, C:\Windows\inf\msstp.vbe, , [4486814062193ff7899cbe2ad62cd828],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\general.cfg, , [b317a51cea91ff37cdbfe20ab151fc04],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\coordinator.cfg, , [b317a51cea91ff37cdbfe20ab151fc04],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\S-1-5-21-2286534032-3982842983-3296952562-1000.cfg, , [b317a51cea91ff37cdbfe20ab151fc04],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\S-1-5-21-2286534032-3982842983-3296952562-1005.cfg, , [b317a51cea91ff37cdbfe20ab151fc04],
PUP.Optional.SystemK.A, C:\ProgramData\systemk\S-1-5-32.cfg, , [b317a51cea91ff37cdbfe20ab151fc04],
PUP.Optional.DefaultSearch.A, C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\searchplugins\default-search.xml, , [7e4ca41df58667cfae10cd20847e4eb2],
PUP.Optional.DefaultSearch.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml, , [a723625fcab1092de5da628b9969bb45],
Stolen.Data, C:\Users\Voldacz\AppData\Roaming\dclogs\2014-08-01-6.dc, , [4387ae135b20a6908eba715b0ff445bb],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [f1d9a819245745f14effd33f9e66d12f],
PUP.Optional.OpenCandy, C:\Users\Voldacz\AppData\Roaming\OpenCandy\62BE7A61DA834476A81120B198321734\AVG-PC-TuneUp2014.exe, , [7b4f457cb1ca74c21134f4b927db669a],
PUP.Optional.Datamngr.A, C:\Users\Maruška\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}, , [309a3f82641760d65e5703b0bc469b65],
PUP.Optional.Datamngr.A, C:\Users\Voldacz\AppData\LocalLow\DataMngr\{99BB1406-1CFB-488C-90D1-2D978E04F707}, , [9634368bee8dca6c2f86773cc53dd828],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\del_IEBHO_nsv72B7.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\favicon.ico, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Helper.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Internet Explorer Settings.exe, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\smdmfldr.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\smdmfldr_u.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\sysapcrt.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\systemkbho.dll, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\tbicon.exe, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\trzBFB5.tmp, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\Uninstall.exe, , [6763279a5d1e75c1a39c744018ea8080],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\chrome.manifest, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\install.rdf, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF14.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF.xpt, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF10.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF11.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF12.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF13.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF15.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF16.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF17.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF18.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF19.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF2.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF20.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF21.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF22.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF23.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF24.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF25.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF26.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF27.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF28.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF29.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF30.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF4.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF5.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF6.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF7.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF8.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\components\SystemKHlpFF9.dll, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\DnsBHO.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\Error404BHO.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\MainBHO.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\NativeHelper.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\NewTabBHO.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\overlay.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\overlay.xul, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\RelatedSearch.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\RequestPreserver.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\SearchBHO.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
PUP.Optional.SystemK.A, C:\Users\Voldacz\AppData\Roaming\Settings Manager\systemk\content\SettingManager.js, , [1dadd9e8b1ca54e24223cbf7bf43c33d],
Physical Sectors: 0
(No malicious items detected)
(end)
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, Procesor na 100%
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
Stáhni si Junkware Removal Tool by Thisisu
na svojí plochu.
Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu, Procesor na 100%
# AdwCleaner v3.302 - Report created 03/08/2014 at 13:52:04
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Voldacz - VOLDACZ-PC
# Running from : C:\Users\Voldacz\Music\Supr čupr novej ultra seznam hitů\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Service Deleted : SystemkService
[#] Service Deleted : AppleChargerSrv
Service Deleted : PnkBstrA
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\systemk
[!] Folder Deleted : C:\Program Files\Settings Manager
Folder Deleted : C:\Users\Maruška\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Voldacz\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Voldacz\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Voldacz\AppData\Roaming\Settings Manager
File Deleted : C:\END
File Deleted : C:\Windows\system32\AppleChargerSrv.exe
File Deleted : C:\Windows\system32\PnkBstrA.exe
File Deleted : C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\9wxig5rh.default\invalidprefs.js
File Deleted : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\invalidprefs.js
File Deleted : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\searchplugins\default-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml
File Deleted : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\user.js
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-word_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-word_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\9wxig5rh.default\prefs.js ]
[ File : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\prefs.js ]
Line Deleted : user_pref("browser.search.order.1", "default-search.net");
*************************
AdwCleaner[R0].txt - [6912 octets] - [02/08/2014 11:44:47]
AdwCleaner[R1].txt - [6972 octets] - [03/08/2014 13:50:26]
AdwCleaner[S0].txt - [6350 octets] - [03/08/2014 13:52:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6410 octets] ##########
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Voldacz - VOLDACZ-PC
# Running from : C:\Users\Voldacz\Music\Supr čupr novej ultra seznam hitů\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Service Deleted : SystemkService
[#] Service Deleted : AppleChargerSrv
Service Deleted : PnkBstrA
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\systemk
[!] Folder Deleted : C:\Program Files\Settings Manager
Folder Deleted : C:\Users\Maruška\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Voldacz\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Voldacz\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Voldacz\AppData\Roaming\Settings Manager
File Deleted : C:\END
File Deleted : C:\Windows\system32\AppleChargerSrv.exe
File Deleted : C:\Windows\system32\PnkBstrA.exe
File Deleted : C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\9wxig5rh.default\invalidprefs.js
File Deleted : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\invalidprefs.js
File Deleted : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\searchplugins\default-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml
File Deleted : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\user.js
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-word_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-word_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v31.0 (x86 cs)
[ File : C:\Users\Maruška\AppData\Roaming\Mozilla\Firefox\Profiles\9wxig5rh.default\prefs.js ]
[ File : C:\Users\Voldacz\AppData\Roaming\Mozilla\Firefox\Profiles\frqmct9v.default\prefs.js ]
Line Deleted : user_pref("browser.search.order.1", "default-search.net");
*************************
AdwCleaner[R0].txt - [6912 octets] - [02/08/2014 11:44:47]
AdwCleaner[R1].txt - [6972 octets] - [03/08/2014 13:50:26]
AdwCleaner[S0].txt - [6350 octets] - [03/08/2014 13:52:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6410 octets] ##########
Re: Prosím o kontrolu logu, Procesor na 100%
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by Voldacz on ne 03.08.2014 at 14:02:44,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C9F316E9-9410-41C7-B778-BB8997004850}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Voldacz\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Voldacz\AppData\Roaming\mozilla\firefox\profiles\frqmct9v.default\minidumps [100 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 03.08.2014 at 14:06:23,90
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x86
Ran by Voldacz on ne 03.08.2014 at 14:02:44,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C9F316E9-9410-41C7-B778-BB8997004850}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Voldacz\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Voldacz\AppData\Roaming\mozilla\firefox\profiles\frqmct9v.default\minidumps [100 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 03.08.2014 at 14:06:23,90
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Prosím o kontrolu logu, Procesor na 100%
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 3.8.2014
Scan Time: 14:08:48
Logfile: Ajaj.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.03.01
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x86
File System: NTFS
User: Voldacz
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359799
Time Elapsed: 5 min, 54 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 10
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [210c259d8bf01c1a216662ffb74bd729],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [210c259d8bf01c1a216662ffb74bd729],
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [210c259d8bf01c1a216662ffb74bd729],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [ac81fbc70d6e11259aa5273d9e6451af],
PUP.Optional.SystemK.A, HKLM\SOFTWARE\SystemK, , [24092e94c9b26ec8f774fad6bf4329d7],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK\General, , [3cf162600873072f450d7975857d2dd3],
Malware.Trace, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [7db0b1115724d26457c2f2acbc47ff01],
Malware.Trace, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [9d907d45ef8c02343bdebce207fc0cf4],
PUP.Optional.Maucampo.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\maucampo, , [41ec14ae9edd4de90512a484cf35e51b],
PUP.Optional.SystemK.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, , [9a93b30f502b60d6d69c9a428181857b],
Registry Values: 4
Trojan.Zbot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [9499fec47dfe74c271c79bfb7a87d52b]
Trojan.Zbot, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [9499fec47dfe74c271c79bfb7a87d52b]
Trojan.Zbot, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [9499fec47dfe74c271c79bfb7a87d52b]
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK|browser, ie ff cr, , [1a138f3313685ed85ff4e10d55ade41c]
Registry Data: 2
PUM.Hijack.TaskManager, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[3fee30926d0eaf87ad5f09b24eb66e92]
PUM.Hijack.Regedit, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[d05dc101176456e092187742b54f7e82]
Folders: 2
Stolen.Data, C:\Users\Voldacz\AppData\Roaming\dclogs, , [5ad33092a8d3171febe9f1dbc43ff40c],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk, , [1c114f731f5cb87efa9d397b29d941bf],
Files: 10
Trojan.Zbot, C:\Windows\InstallDir\help.exe, , [9499fec47dfe74c271c79bfb7a87d52b],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncdato.exe, , [99941da50c6fd066e858aefe2ad7cf31],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncetvrmv.exe, , [44e99f23136859dde25e723a877a0cf4],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncdato.exe, , [9d90556d0f6c6fc7e3b32deac53c8977],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncetvrmv.exe, , [fd30fbc7c4b7b680672f8a8d936e19e7],
Trojan.BitMiner, C:\Windows\System32\dcgmncdato.exe, , [f03d289a2853d95d9aa41e9f52afde22],
Trojan.BitMiner, C:\Windows\System32\dcgmncetvrmv.exe, , [97961aa8106bc1754bf34f6ed8299f61],
Stolen.Data, C:\Users\Voldacz\AppData\Roaming\dclogs\2014-08-01-6.dc, , [5ad33092a8d3171febe9f1dbc43ff40c],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [d65705bd49320531d1073dd54db7b947],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\trzBFB5.tmp, , [1c114f731f5cb87efa9d397b29d941bf],
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 3.8.2014
Scan Time: 14:08:48
Logfile: Ajaj.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.03.01
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x86
File System: NTFS
User: Voldacz
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359799
Time Elapsed: 5 min, 54 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 10
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [210c259d8bf01c1a216662ffb74bd729],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [210c259d8bf01c1a216662ffb74bd729],
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, , [210c259d8bf01c1a216662ffb74bd729],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, , [ac81fbc70d6e11259aa5273d9e6451af],
PUP.Optional.SystemK.A, HKLM\SOFTWARE\SystemK, , [24092e94c9b26ec8f774fad6bf4329d7],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK\General, , [3cf162600873072f450d7975857d2dd3],
Malware.Trace, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [7db0b1115724d26457c2f2acbc47ff01],
Malware.Trace, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [9d907d45ef8c02343bdebce207fc0cf4],
PUP.Optional.Maucampo.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\maucampo, , [41ec14ae9edd4de90512a484cf35e51b],
PUP.Optional.SystemK.A, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, , [9a93b30f502b60d6d69c9a428181857b],
Registry Values: 4
Trojan.Zbot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [9499fec47dfe74c271c79bfb7a87d52b]
Trojan.Zbot, HKU\S-1-5-21-2286534032-3982842983-3296952562-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [9499fec47dfe74c271c79bfb7a87d52b]
Trojan.Zbot, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|help, C:\Windows\InstallDir\help.exe, , [9499fec47dfe74c271c79bfb7a87d52b]
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\SYSTEMK|browser, ie ff cr, , [1a138f3313685ed85ff4e10d55ade41c]
Registry Data: 2
PUM.Hijack.TaskManager, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[3fee30926d0eaf87ad5f09b24eb66e92]
PUM.Hijack.Regedit, HKU\S-1-5-21-2286534032-3982842983-3296952562-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[d05dc101176456e092187742b54f7e82]
Folders: 2
Stolen.Data, C:\Users\Voldacz\AppData\Roaming\dclogs, , [5ad33092a8d3171febe9f1dbc43ff40c],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk, , [1c114f731f5cb87efa9d397b29d941bf],
Files: 10
Trojan.Zbot, C:\Windows\InstallDir\help.exe, , [9499fec47dfe74c271c79bfb7a87d52b],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncdato.exe, , [99941da50c6fd066e858aefe2ad7cf31],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncetvrmv.exe, , [44e99f23136859dde25e723a877a0cf4],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncdato.exe, , [9d90556d0f6c6fc7e3b32deac53c8977],
PUP.BitCoinMiner, C:\Windows\System32\lcpmncetvrmv.exe, , [fd30fbc7c4b7b680672f8a8d936e19e7],
Trojan.BitMiner, C:\Windows\System32\dcgmncdato.exe, , [f03d289a2853d95d9aa41e9f52afde22],
Trojan.BitMiner, C:\Windows\System32\dcgmncetvrmv.exe, , [97961aa8106bc1754bf34f6ed8299f61],
Stolen.Data, C:\Users\Voldacz\AppData\Roaming\dclogs\2014-08-01-6.dc, , [5ad33092a8d3171febe9f1dbc43ff40c],
Malware.Trace, C:\Windows\inf\ntvdm.inf, , [d65705bd49320531d1073dd54db7b947],
PUP.Optional.SettingsManager.A, C:\Program Files\Settings Manager\systemk\trzBFB5.tmp, , [1c114f731f5cb87efa9d397b29d941bf],
Physical Sectors: 0
(No malicious items detected)
(end)
Re: Prosím o kontrolu logu, Procesor na 100%
RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : Voldacz [Práva správce]
Mód : Kontrola -- Datum : 08/03/2014 14:22:14
¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Suspicious.Path] vm305_sti.exe -- C:\Windows\vm305_sti.exe[7] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 27 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BigDog305 : C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) -> NALEZENO
[Hj.Name] HKEY_USERS\RK_Administrator.PC-747767835537_ON_D_3F11\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Hj.Name] HKEY_USERS\RK_Administrator_ON_D_558C\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Hj.Name] HKEY_USERS\RK_Admin_ON_D_9937\Software\Microsoft\Windows\CurrentVersion\Run | ctfmon.exe : C:\WINDOWS\system32\ctfmon.exe -> NALEZENO
[Hj.Name] HKEY_USERS\RK_Default User_ON_D_55FB\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Hj.Name] HKEY_USERS\RK_LocalService_ON_D_961A\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Hj.Name] HKEY_USERS\RK_NetworkService_ON_D_28DA\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Hj.Name] HKEY_USERS\RK_Quest_ON_D_CB77\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\ctfmon.exe -> NALEZENO
[Hj.Name] HKEY_USERS\RK_UpdatusUser_ON_D_6CE5\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-2286534032-3982842983-3296952562-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-2286534032-3982842983-3296952562-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NALEZENO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
¤¤¤ naplánované úlohy : 3 ¤¤¤
[Suspicious.Path] \\{1ABF346A-5A5D-46DB-9F00-1FDB9DFC1A89} -- C:\Users\Voldacz\Desktop\League of legends\lol.launcher.exe -> NALEZENO
[Suspicious.Path] \\{44A69BED-D4D0-4C04-896C-521263545F26} -- C:\Users\Voldacz\Desktop\League of legends\RADS\projects\lol_air_client\releases\0.0.1.79\deploy\LolClient.exe -> NALEZENO
[Suspicious.Path] \\{64164410-BB32-4AAD-8A1F-561C8D87B362} -- C:\Users\Voldacz\Desktop\League of legends\RADS\projects\lol_air_client\releases\0.0.1.79\deploy\LolClient.exe -> NALEZENO
¤¤¤ Soubory : 1 ¤¤¤
[Suspicious.Path][soubor] Curse.lnk -- C:\Users\Voldacz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [LNK@] C:\Users\Voldacz\AppData\Roaming\CURSEC~1\Bin\Curse.exe /startup -> NALEZENO
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 1 (Driver: NAHRÁNO) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 91ace19e8423bc71af30a2ff4594ee9a
[BSP] 8900123f61ef48da699732d7f65390fb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 199996 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 409593240 | Size: 276932 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : Voldacz [Práva správce]
Mód : Kontrola -- Datum : 08/03/2014 14:22:14
¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Suspicious.Path] vm305_sti.exe -- C:\Windows\vm305_sti.exe[7] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 27 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BigDog305 : C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) -> NALEZENO
[Hj.Name] HKEY_USERS\RK_Administrator.PC-747767835537_ON_D_3F11\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Hj.Name] HKEY_USERS\RK_Administrator_ON_D_558C\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Hj.Name] HKEY_USERS\RK_Admin_ON_D_9937\Software\Microsoft\Windows\CurrentVersion\Run | ctfmon.exe : C:\WINDOWS\system32\ctfmon.exe -> NALEZENO
[Hj.Name] HKEY_USERS\RK_Default User_ON_D_55FB\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Hj.Name] HKEY_USERS\RK_LocalService_ON_D_961A\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Hj.Name] HKEY_USERS\RK_NetworkService_ON_D_28DA\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Hj.Name] HKEY_USERS\RK_Quest_ON_D_CB77\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\ctfmon.exe -> NALEZENO
[Hj.Name] HKEY_USERS\RK_UpdatusUser_ON_D_6CE5\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> NALEZENO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NALEZENO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-2286534032-3982842983-3296952562-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] HKEY_USERS\S-1-5-21-2286534032-3982842983-3296952562-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NALEZENO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
¤¤¤ naplánované úlohy : 3 ¤¤¤
[Suspicious.Path] \\{1ABF346A-5A5D-46DB-9F00-1FDB9DFC1A89} -- C:\Users\Voldacz\Desktop\League of legends\lol.launcher.exe -> NALEZENO
[Suspicious.Path] \\{44A69BED-D4D0-4C04-896C-521263545F26} -- C:\Users\Voldacz\Desktop\League of legends\RADS\projects\lol_air_client\releases\0.0.1.79\deploy\LolClient.exe -> NALEZENO
[Suspicious.Path] \\{64164410-BB32-4AAD-8A1F-561C8D87B362} -- C:\Users\Voldacz\Desktop\League of legends\RADS\projects\lol_air_client\releases\0.0.1.79\deploy\LolClient.exe -> NALEZENO
¤¤¤ Soubory : 1 ¤¤¤
[Suspicious.Path][soubor] Curse.lnk -- C:\Users\Voldacz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [LNK@] C:\Users\Voldacz\AppData\Roaming\CURSEC~1\Bin\Curse.exe /startup -> NALEZENO
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 1 (Driver: NAHRÁNO) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 91ace19e8423bc71af30a2ff4594ee9a
[BSP] 8900123f61ef48da699732d7f65390fb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 199996 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 409593240 | Size: 276932 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
- jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, Procesor na 100%
. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.
-pokud bude mít log více než 60.000 znaků , rozděl ho a vlož do více příspěvků
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu, Procesor na 100%
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4.8.2014
Scan Time: 13:12:55
Logfile: a.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.04.03
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x86
File System: NTFS
User: Voldacz
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359291
Time Elapsed: 5 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 4.8.2014
Scan Time: 13:12:55
Logfile: a.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.04.03
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x86
File System: NTFS
User: Voldacz
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359291
Time Elapsed: 5 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Re: Prosím o kontrolu logu, Procesor na 100%
RogueKiller V9.2.4.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : Voldacz [Práva správce]
Mód : Odebrat -- Datum : 08/04/2014 13:27:07
¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Suspicious.Path] vm305_sti.exe -- C:\Windows\vm305_sti.exe[7] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 27 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BigDog305 : C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_Administrator.PC-747767835537_ON_D_7FE9\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_Administrator_ON_D_9041\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_Admin_ON_D_3C06\Software\Microsoft\Windows\CurrentVersion\Run | ctfmon.exe : C:\WINDOWS\system32\ctfmon.exe [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_Default User_ON_D_B210\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_LocalService_ON_D_F0B0\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_NetworkService_ON_D_2C97\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_Quest_ON_D_11B7\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\ctfmon.exe [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_UpdatusUser_ON_D_AEF9\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> VYMAZÁNO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NAHRAZENO ()
[PUM.Policies] HKEY_USERS\S-1-5-21-2286534032-3982842983-3296952562-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] HKEY_USERS\S-1-5-21-2286534032-3982842983-3296952562-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NAHRAZENO (1)
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NAHRAZENO (2)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 3 ¤¤¤
[Suspicious.Path] \\{1ABF346A-5A5D-46DB-9F00-1FDB9DFC1A89} -- C:\Users\Voldacz\Desktop\League of legends\lol.launcher.exe -> VYMAZÁNO
[Suspicious.Path] \\{44A69BED-D4D0-4C04-896C-521263545F26} -- C:\Users\Voldacz\Desktop\League of legends\RADS\projects\lol_air_client\releases\0.0.1.79\deploy\LolClient.exe -> VYMAZÁNO
[Suspicious.Path] \\{64164410-BB32-4AAD-8A1F-561C8D87B362} -- C:\Users\Voldacz\Desktop\League of legends\RADS\projects\lol_air_client\releases\0.0.1.79\deploy\LolClient.exe -> VYMAZÁNO
¤¤¤ Soubory : 1 ¤¤¤
[Suspicious.Path][soubor] Curse.lnk -- C:\Users\Voldacz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [LNK@] C:\Users\Voldacz\AppData\Roaming\CURSEC~1\Bin\Curse.exe /startup -> VYMAZÁNO
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 1 (Driver: NAHRÁNO) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)
¤¤¤ Webové prohlížeče : 4 ¤¤¤
[IE:Addon] System : Canon Easy-WebPrint EX [{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}] -> VYMAZÁNO
[FIREFX:Addon] frqmct9v.default : Seznam lištička [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> VYMAZÁNO
[FIREFX:Addon] frqmct9v.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> VYMAZÁNO
[FIREFX:Addon] frqmct9v.default : avast! Online Security [wrc@avast.com] -> VYMAZÁNO
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 91ace19e8423bc71af30a2ff4594ee9a
[BSP] 8900123f61ef48da699732d7f65390fb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 199996 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 409593240 | Size: 276932 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
============================================
RKreport_SCN_08032014_142214.log - RKreport_SCN_08042014_132527.log
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com
Operační systém : Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v : Normální režim
Uživatel : Voldacz [Práva správce]
Mód : Odebrat -- Datum : 08/04/2014 13:27:07
¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Suspicious.Path] vm305_sti.exe -- C:\Windows\vm305_sti.exe[7] -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 27 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BigDog305 : C:\Windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_Administrator.PC-747767835537_ON_D_7FE9\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_Administrator_ON_D_9041\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_Admin_ON_D_3C06\Software\Microsoft\Windows\CurrentVersion\Run | ctfmon.exe : C:\WINDOWS\system32\ctfmon.exe [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_Default User_ON_D_B210\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_LocalService_ON_D_F0B0\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_NetworkService_ON_D_2C97\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_Quest_ON_D_11B7\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\ctfmon.exe [x] -> VYMAZÁNO
[Hj.Name] HKEY_USERS\RK_UpdatusUser_ON_D_AEF9\Software\Microsoft\Windows\CurrentVersion\Run | CTFMON.EXE : C:\WINDOWS\system32\CTFMON.EXE [x] -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> VYMAZÁNO
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> VYMAZÁNO
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3DE26122-6D71-4CE4-9071-1FC7FAD1895F} | DhcpNameServer : 10.0.0.138 -> NAHRAZENO ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6E5D943F-C084-47B9-9E4C-D99C706427CA} | DhcpNameServer : 7.254.254.254 -> NAHRAZENO ()
[PUM.Policies] HKEY_USERS\S-1-5-21-2286534032-3982842983-3296952562-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] HKEY_USERS\S-1-5-21-2286534032-3982842983-3296952562-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NAHRAZENO (1)
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NAHRAZENO (2)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 3 ¤¤¤
[Suspicious.Path] \\{1ABF346A-5A5D-46DB-9F00-1FDB9DFC1A89} -- C:\Users\Voldacz\Desktop\League of legends\lol.launcher.exe -> VYMAZÁNO
[Suspicious.Path] \\{44A69BED-D4D0-4C04-896C-521263545F26} -- C:\Users\Voldacz\Desktop\League of legends\RADS\projects\lol_air_client\releases\0.0.1.79\deploy\LolClient.exe -> VYMAZÁNO
[Suspicious.Path] \\{64164410-BB32-4AAD-8A1F-561C8D87B362} -- C:\Users\Voldacz\Desktop\League of legends\RADS\projects\lol_air_client\releases\0.0.1.79\deploy\LolClient.exe -> VYMAZÁNO
¤¤¤ Soubory : 1 ¤¤¤
[Suspicious.Path][soubor] Curse.lnk -- C:\Users\Voldacz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [LNK@] C:\Users\Voldacz\AppData\Roaming\CURSEC~1\Bin\Curse.exe /startup -> VYMAZÁNO
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 1 (Driver: NAHRÁNO) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP3T0L0-3 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)
¤¤¤ Webové prohlížeče : 4 ¤¤¤
[IE:Addon] System : Canon Easy-WebPrint EX [{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}] -> VYMAZÁNO
[FIREFX:Addon] frqmct9v.default : Seznam lištička [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> VYMAZÁNO
[FIREFX:Addon] frqmct9v.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> VYMAZÁNO
[FIREFX:Addon] frqmct9v.default : avast! Online Security [wrc@avast.com] -> VYMAZÁNO
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 91ace19e8423bc71af30a2ff4594ee9a
[BSP] 8900123f61ef48da699732d7f65390fb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 199996 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 409593240 | Size: 276932 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
============================================
RKreport_SCN_08032014_142214.log - RKreport_SCN_08042014_132527.log
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 108 hostů