Kontrola logu

[lin]

Prosím o kontrolu logu


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:01:43, on 7.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2EP9.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\romaniuz\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10646A& ... 81-223&t=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\romaniuz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: register.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 7542 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:01:43, on 7.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\EA GAMES\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2EP9.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\romaniuz\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10646A& ... 81-223&t=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\romaniuz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: register.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 7542 bytes

[Reklama]

[lin]

AdwCleaner

# AdwCleaner v3.303 - Report created 07/08/2014 at 16:12:48
# Updated 06/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : romaniuz - ROMANIUZ-PC
# Running from : C:\Users\romaniuz\Downloads\adwcleaner_3.303.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\DataMngr
Folder Found : C:\Users\romaniuz\AppData\Roaming\freegames111
Folder Found : C:\Users\romaniuz\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\romaniuz\AppData\Roaming\speedtest4354

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C45EC9F0-8333-465D-9728-074BD41985C9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [freegames4357@bestoffers]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.search.ask.com/?o=APN10646A& ... 81-223&t=4

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\romaniuz\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://www.sweetpacks-search.com/?barid=&src=10&
Found [Startup_urls] : hxxp://search.babylon.com/?affID=112555 ... e400a94cd5
Found [Startup_urls] : hxxp://www.search.ask.com/?o=APN10646A& ... 81-223&t=4
Found [Extension] : jljheddigenhleadfofeccneimcmlefp

*************************

AdwCleaner[R0].txt - [2333 octets] - [07/08/2014 16:12:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2393 octets] ##########

[lin]

Anti-malware

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7.8.2014
Scan Time: 16:17:30
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.07.04
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: romaniuz

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279439
Time Elapsed: 9 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.SpeedTest.A, HKU\S-1-5-21-2694158742-93401858-1303569948-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}, , [a41c5f64accf72c4a2e0e582d32ff40c],
PUP.Optional.FreeGames.A, HKU\S-1-5-21-2694158742-93401858-1303569948-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C45EC9F0-8333-465D-9728-074BD41985C9}, , [f9c74f74a8d3f93d1b3eb3b4857d1be5],
PUP.Optional.SpeedTest.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jljheddigenhleadfofeccneimcmlefp, , [318f2e95b9c276c04cde956d887bf30d],

Registry Values: 1
PUP.Optional.SpeedTest, HKU\S-1-5-21-2694158742-93401858-1303569948-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|speedtest4354@BestOffers, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, , [0bb5ffc422598aace3739c3b10f250b0]

Registry Data: 0
(No malicious items detected)

Folders: 10
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\speedtest4354, , [229e3e85205be353a161941fd52db848],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\freegames111, , [eed26c57e893e254b37a872c28daf709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin, , [536d774c6813a3937a368346fc0635cb],

Files: 75
Trojan.BProtector, C:\Users\romaniuz\AppData\Roaming\freegames111\install_helper.exe, , [50703e85433870c61c17a6e5e321c53b],
Trojan.BProtector, C:\Users\romaniuz\AppData\Roaming\speedtest4354\install_helper.exe, , [a61a467d3e3d979f12212f5ca2628779],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, , [5a663f84f78478be37babc6437c9fd03],
Trojan.Zbot, C:\Users\romaniuz\Downloads\Photo-018.JPEG_www.facebook.com.exe, , [269ae1e2a9d22d097ee5580bad547d83],
PUP.Optional.OpenCandy, C:\Users\romaniuz\Downloads\DTLite4491-0356.exe, , [724e2f941269d462f773509a8a7ab54b],
PUP.Optional.InstallBrain.A, C:\Users\romaniuz\Downloads\CodecPerformerSetup (1).exe, , [ecd4c4ffd9a257df181385c714edc53b],
PUP.Optional.InstallBrain.A, C:\Users\romaniuz\Downloads\CodecPerformerSetup.exe, , [aa160eb52d4eda5cf13a034931d029d7],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\speedtest4354\install_helper.exe, , [229e3e85205be353a161941fd52db848],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\speedtest4354\speedtest4354.crx, , [229e3e85205be353a161941fd52db848],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\speedtest4354\speedtest4354.xpi, , [229e3e85205be353a161941fd52db848],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\freegames111\DeskTopIcon.ico, , [eed26c57e893e254b37a872c28daf709],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\freegames111\freegames111.crx, , [eed26c57e893e254b37a872c28daf709],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\freegames111\freegames111.xpi, , [eed26c57e893e254b37a872c28daf709],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\freegames111\install_helper.exe, , [eed26c57e893e254b37a872c28daf709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome.manifest, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\icon.png, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\install.rdf, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\background.html, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.js, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.xml, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\config.js, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\content.js, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.js, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.png, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.xul, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.ico, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.png, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.ico, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.png, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.ico, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.png, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.ico, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.png, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.ico, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.png, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.ico, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.png, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.ico, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.png, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\jquery-1.9.1.min.js, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\options.xul, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\rjs.js, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\settings.json, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\subscriptloader.js, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin\framework.css, , [6f513d86d7a49a9c6648c2074cb6966a],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome.manifest, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\icon.png, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\install.rdf, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\background.html, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\button.js, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\button.xml, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\config.js, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\content.js, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.js, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.png, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.xul, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon128.ico, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon128.png, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon16.ico, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon16.png, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon18.ico, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon18.png, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon24.ico, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon24.png, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon32.ico, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon32.png, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon48.ico, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon48.png, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\jquery-1.9.1.min.js, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\options.xul, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\rjs.js, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\settings.json, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\subscriptloader.js, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin\framework.css, , [536d774c6813a3937a368346fc0635cb],
PUP.Optional.ASK.A, C:\Users\romaniuz\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.sweetpacks-search.com/?barid=&src=10&", "http://www.google.com", "http://search.babylon.com/?affID=112555&tt=2912_6&babsrc=HP_ss&mntrId=1a2874a60000000000007ae400a94cd5", "http://www.search.ask.com/?o=APN10646A&gct=hp&d=102-113&v=n10781-223&t=4" ],), ,[87394b78d3a88fa783eeb64017ed768a]

Physical Sectors: 0
(No malicious items detected)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[lin]

AdwCleaner bohužel přestane vždy pracovat.

Junkware

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by romaniuz on źt 07.08.2014 at 19:53:45,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services







~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 07.08.2014 at 19:58:38,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 7.8.2014
Scan Time: 19:59:35
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.07.07
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: romaniuz

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279757
Time Elapsed: 9 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
PUP.Optional.SpeedTest, HKU\S-1-5-21-2694158742-93401858-1303569948-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|speedtest4354@BestOffers, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, Quarantined, [6c573b883f3c9a9c3d6211c645bd867a]

Registry Data: 0
(No malicious items detected)

Folders: 8
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],

Files: 65
Trojan.Zbot, C:\Users\romaniuz\Downloads\Photo-018.JPEG_www.facebook.com.exe, Quarantined, [378c0eb59fdcdb5b6401f271ee13ce32],
PUP.Optional.OpenCandy, C:\Users\romaniuz\Downloads\DTLite4491-0356.exe, Quarantined, [c9fa596aec8f063035876486778d946c],
PUP.Optional.InstallBrain.A, C:\Users\romaniuz\Downloads\CodecPerformerSetup (1).exe, Quarantined, [dce7e1e22952df57d657db71936ee51b],
PUP.Optional.InstallBrain.A, C:\Users\romaniuz\Downloads\CodecPerformerSetup.exe, Quarantined, [873cfcc7c3b8bb7bc766a5a7827f2fd1],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome.manifest, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\icon.png, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\install.rdf, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\background.html, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.js, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\button.xml, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\config.js, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\content.js, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.js, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.png, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\framework.xul, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.ico, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon128.png, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.ico, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon16.png, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.ico, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon18.png, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.ico, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon24.png, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.ico, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon32.png, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.ico, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon48.png, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.ico, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\icon64.png, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\jquery-1.9.1.min.js, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\options.xul, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\rjs.js, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\settings.json, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\content\subscriptloader.js, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.SpeedTest.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers\chrome\skin\framework.css, Quarantined, [13b0a71cdc9f96a08a401bae20e2f709],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome.manifest, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\icon.png, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\install.rdf, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\background.html, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\button.js, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\button.xml, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\config.js, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\content.js, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.js, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.png, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\framework.xul, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon128.ico, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon128.png, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon16.ico, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon16.png, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon18.ico, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon18.png, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon24.ico, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon24.png, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon32.ico, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon32.png, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon48.ico, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\icon48.png, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\jquery-1.9.1.min.js, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\options.xul, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\rjs.js, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\settings.json, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\content\subscriptloader.js, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.FreeGames.A, C:\Users\romaniuz\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers\chrome\skin\framework.css, Quarantined, [1da623a095e6fc3aa22aa8217e8442be],
PUP.Optional.ASK.A, C:\Users\romaniuz\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.sweetpacks-search.com/?barid=&src=10&", "http://www.google.com", "http://search.babylon.com/?affID=112555&tt=2912_6&babsrc=HP_ss&mntrId=1a2874a60000000000007ae400a94cd5", "http://www.search.ask.com/?o=APN10646A&gct=hp&d=102-113&v=n10781-223&t=4" ],), Replaced,[c5fe1ba8d4a789ad7455c53155af12ee]

Physical Sectors: 0
(No malicious items detected)


(end)

RogueKiller

RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : romaniuz [Práva správce]
Mód : Kontrola -- Datum : 08/07/2014 20:16:09

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 10 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2694158742-93401858-1303569948-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2694158742-93401858-1303569948-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2694158742-93401858-1303569948-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2694158742-93401858-1303569948-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2694158742-93401858-1303569948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NALEZENO
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2694158742-93401858-1303569948-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 1 ¤¤¤
[Suspicious.Startup][soubor] register.exe -- C:\Users\romaniuz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\register.exe -> NALEZENO

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: NAHRÁNO) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\dtsoftbus01.sys)

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E380 ATA Device +++++
--- User ---
[MBR] df590391d67cd74863d965e72c081c77
[BSP] 629d683a3a3e73d19afa57374dc182cd : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18888 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 38684672 | Size: 350 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 39401472 | Size: 437700 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 935811072 | Size: 20000 MB
User = LL1 ... OK
User = LL2 ... OK

[jaro3]

a adwcleaner po výmazu?


Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.