Jump to content

Check my notebook


Guest
 Share

Recommended Posts

I recived some email about bitcoins I use bitcons but looks weird

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by kasper at 10:33:29 on 2013-12-27
Microsoft Windows 7 Professional   6.1.7601.1.1250.420.1029.18.2388.1593 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Java\jre7\bin\javaw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Facebook Update] "c:\users\kasper\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [LiveSupport] "c:\program files\livesupport\LiveSupport.exe" /noshow /log
uRun: [wallet-dat] "c:\users\kasper\appdata\roaming\wallet-dat.vbs"
uRun: [shopTransferTo] "c:\program files\java\jre7\bin\javaw.exe" -jar "c:\users\kasper\appdata\roaming\transferto\craigslist.QzD"
mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe" 60
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [intelTBRunOnce] wscript.exe //b //nologo "c:\program files\intel\turboboost\RunTBGadgetOnce.vbs"
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{867CB9CE-AF6B-4016-AAF6-46311B50FBED} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{867CB9CE-AF6B-4016-AAF6-46311B50FBED}\4505D2C494E4B4F5543464246434 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\nvinit.dll  
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kasper\appdata\roaming\mozilla\firefox\profiles\rlcxmozo.default\
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\kasper\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-10-28 20:55; yioalo@gzxjyuo.com; c:\users\kasper\appdata\roaming\mozilla\firefox\profiles\rlcxmozo.default\extensions\yioalo@gzxjyuo.com
FF - ExtSQL: 2013-10-28 20:55; 27jx9ncx@uo-.co.uk; c:\users\kasper\appdata\roaming\mozilla\firefox\profiles\rlcxmozo.default\extensions\27jx9ncx@uo-.co.uk
FF - ExtSQL: 2013-12-21 20:38; aao7vhpx@ufp-ed.com; c:\users\kasper\appdata\roaming\mozilla\firefox\profiles\rlcxmozo.default\extensions\aao7vhpx@ufp-ed.com
FF - ExtSQL: 2013-12-21 20:38; 4elyia@gqtbyakkr.net; c:\users\kasper\appdata\roaming\mozilla\firefox\profiles\rlcxmozo.default\extensions\4elyia@gqtbyakkr.net
FF - ExtSQL: 2013-12-21 20:38; 1b@grnphjps.edu; c:\users\kasper\appdata\roaming\mozilla\firefox\profiles\rlcxmozo.default\extensions\1b@grnphjps.edu
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2013-8-8 24936]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2012-3-23 355920]
R2 IAStorDataMgrSvc;Úložná technologie Intel® Rapid;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2013-8-8 13592]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104768]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [2009-8-6 5120]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-8-9 5087584]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2012-1-20 16128]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [2011-11-4 60968]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [2011-11-4 17960]
R3 bScsiMSx;bScsiMSx;c:\windows\system32\drivers\bScsiMSx.sys [2011-9-2 43560]
R3 bScsiSDx;bScsiSDx;c:\windows\system32\drivers\bScsiSDx.sys [2012-5-3 47104]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-12-6 280576]
R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2012-1-18 370728]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-7-17 55104]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2012-2-14 21520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-11 108032]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr73.sys [2011-10-5 564800]
S3 StorSvc;Služba úložiště;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-8-8 52224]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\intel\turboboost\TurboBoost.exe [2012-1-20 122368]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-9-7 1343400]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-12-26 22:42:52 -------- d-sh--r- c:\users\kasper\.FanqCLNLxN
2013-12-26 22:42:51 -------- d-sh--r- c:\users\kasper\appdata\roaming\TransferTo
2013-12-26 20:24:05 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7a871ecd-8a43-4a8e-8380-30a77b5d9bbc}\offreg.dll
2013-12-26 20:23:12 7760024 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7a871ecd-8a43-4a8e-8380-30a77b5d9bbc}\mpengine.dll
2013-12-25 14:18:15 7760024 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-22 00:36:25 -------- d-----w- c:\users\kasper\appdata\roaming\PowerISO
2013-12-18 17:32:06 -------- d-----w- c:\users\kasper\appdata\roaming\Opera Software
2013-12-11 17:39:33 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2013-12-11 17:39:33 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 17:02:20 -------- d-----w- c:\programdata\QuickSet
2013-12-11 17:02:11 -------- d-----w- c:\programdata\YoutubeAdblocker
2013-12-11 17:02:11 -------- d-----w- c:\program files\YoutubeAdblocker
2013-12-11 17:02:02 -------- d-----w- c:\programdata\surf anD Keep
2013-12-11 17:02:02 -------- d-----w- c:\program files\surf anD Keep
2013-12-11 06:30:09 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 06:30:08 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 06:30:07 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 06:30:07 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 06:30:07 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 06:30:07 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 06:30:07 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 06:30:05 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 06:29:59 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 06:29:58 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 06:29:58 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-06 12:54:54 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a5c99b7d-5307-4eff-a7b0-38327cc93c4d}\gapaengine.dll
2013-11-28 18:31:52 -------- d-----w- c:\program files\Lame For Audacity
2013-11-28 15:48:16 -------- d-----w- c:\program files\Audacity
.
==================== Find3M  ====================
.
2013-12-11 19:38:25 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 19:38:25 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-08 05:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58:50 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58:07 305152 ----a-w- c:\windows\system32\gdi32.dll
.
============= FINISH: 10:34:52,49 ===============
 
 

attach.txt

Link to post
Share on other sites

Hello kasper! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Here information about your problem:

http://www.webcoursesbangkok.com/blog/bitcoin-hacked/

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
In your next reply, post the following log files:
  • Malwarebytes' Anti-Malware log
  • ComboFix log
Link to post
Share on other sites

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org
 
Verze: v2013.12.27.05
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
kasper :: KASPER-PC [administrátor]
 
Ochrana: Povolena
 
27.12.2013 17:32:06
mbam-log-2013-12-27 (17-32-06).txt
 
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 232049
Uplynulý čas: 9 minut, 35 sekund
 
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
 
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
 
Nalezené klíče v registru: 6
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Přesun do karantény a smazání se zdařilo.
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> Přesun do karantény a smazání se zdařilo.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Přesun do karantény a smazání se zdařilo.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Přesun do karantény a smazání se zdařilo.
 
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
 
Nalezené datové položky v registru: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Špatný: (http://websearch.searchguru.info/?pid=727&r=2013/12/11&hid=8696427369059781593&lg=EN&cc=CZ&unqvl=43) Dobrý: (http://www.google.com) -> Přesun do karantény a opravení se zdařilo.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Špatný: (http://websearch.searchguru.info/?pid=727&r=2013/12/11&hid=8696427369059781593&lg=EN&cc=CZ&unqvl=43) Dobrý: (http://www.google.com) -> Přesun do karantény a opravení se zdařilo.
 
Nalezené složky: 2
C:\Users\kasper\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Přesun do karantény a smazání se zdařilo.
C:\ProgramData\SearchNewTab (PUP.Optional.SearchNewTab) -> Přesun do karantény a smazání se zdařilo.
 
Nalezené soubory: 22
C:\ProgramData\InstallMate\{12C0BE91-688E-4A01-A8EA-20ACC9239C67}\Custom.dll (PUP.Optional.InstalleRex) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Desktop\Patch_reg-poweriso.5.x.rar (RiskWare.Tool.CK) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\AppData\Local\Temp\LuckyLeap.exe (PUP.Optional.LuckyLeap.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\AppData\Local\Temp\setup.exe (PUP.Optional.Babylon.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\AppData\Local\Temp\C4E0586D-BAB0-7891-A18E-1786AC803B37\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\AppData\Local\Temp\C4E0586D-BAB0-7891-A18E-1786AC803B37\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\AppData\Local\Temp\{12C0BE91-688E-4A01-A8EA-20ACC9239C67}\Addons\newtab_setup.exe (PUP.Optional.BundleLoader.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\AppData\Local\Temp\{12C0BE91-688E-4A01-A8EA-20ACC9239C67}\Addons\web_assistant_v2.exe (PUP.Optional.SProtect.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\C5CUY0LS\psupport_install[1].exe (PUP.Optional.SProtect.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\IJO04BTF\DefaultTabSetup[1].exe (PUP.Optional.DefaultTab.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\IJO04BTF\ezdownloader[1].exe (PUP.Optional.EZDownloader.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\IJO04BTF\LuckyLeap2[1].exe (PUP.Optional.LuckyLeap.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\TZXMWOF6\MixiSmart2[1].exe (PUP.Optional.Babylon.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\TZXMWOF6\OptimizerPro[1].exe (PUP.Optional.OptimizerPro.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\TZXMWOF6\search_defender_alternate_166[1].exe (PUP.Optional.SProtect.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\TZXMWOF6\Setup[1].exe (PUP.Optional.LuckyLeap.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\ZMQBA447\agent2[1].exe (PUP.Optional.MultiPlug.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\ZMQBA447\ezdownloader[1].exe (PUP.Optional.EZDownloader.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\ZMQBA447\psupport_install[1].exe (PUP.Optional.SProtect.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\Local Settings\Temporary Internet Files\Content.IE5\ZMQBA447\search_defender_alternate_166[1].exe (PUP.Optional.SProtect.A) -> Přesun do karantény a smazání se zdařilo.
C:\Users\kasper\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Přesun do karantény a smazání se zdařilo.
 
(konec)
 
ComboFix 13-12-26.01 - kasper 27.12.2013  17:53:49.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1250.420.1029.18.2388.1307 [GMT 1:00]
Spuštěný z: c:\users\kasper\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DownlOad keoEPer
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\1b@grnphjps.edu
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\1b@grnphjps.edu\bootstrap.js
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\1b@grnphjps.edu\content\bg.js
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\1b@grnphjps.edu\chrome.manifest
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\1b@grnphjps.edu\install.rdf
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\27jx9ncx@uo-.co.uk
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\27jx9ncx@uo-.co.uk\bootstrap.js
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\27jx9ncx@uo-.co.uk\content\bg.js
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\27jx9ncx@uo-.co.uk\chrome.manifest
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\27jx9ncx@uo-.co.uk\install.rdf
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\4elyia@gqtbyakkr.net
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\4elyia@gqtbyakkr.net\bootstrap.js
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\4elyia@gqtbyakkr.net\content\bg.js
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\4elyia@gqtbyakkr.net\chrome.manifest
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\4elyia@gqtbyakkr.net\install.rdf
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\aao7vhpx@ufp-ed.com
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\aao7vhpx@ufp-ed.com\bootstrap.js
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\aao7vhpx@ufp-ed.com\content\bg.js
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\aao7vhpx@ufp-ed.com\chrome.manifest
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\aao7vhpx@ufp-ed.com\install.rdf
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\yioalo@gzxjyuo.com
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\yioalo@gzxjyuo.com\bootstrap.js
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\yioalo@gzxjyuo.com\content\bg.js
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\yioalo@gzxjyuo.com\chrome.manifest
c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\yioalo@gzxjyuo.com\install.rdf
.
.
(((((((((((((((((((((((((   Soubory vytvořené od 2013-11-27 do 2013-12-27  )))))))))))))))))))))))))))))))
.
.
2013-12-27 17:00 . 2013-12-27 17:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-27 17:00 . 2013-12-27 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-27 16:31 . 2013-12-27 16:31 -------- d-----w- c:\users\kasper\AppData\Roaming\Malwarebytes
2013-12-27 16:30 . 2013-12-27 16:30 -------- d-----w- c:\programdata\Malwarebytes
2013-12-27 09:34 . 2013-12-27 09:34 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A871ECD-8A43-4A8E-8380-30A77B5D9BBC}\MpKslf136eeb3.sys
2013-12-26 22:42 . 2013-12-26 22:43 -------- d-sh--r- c:\users\kasper\.FanqCLNLxN
2013-12-26 22:42 . 2013-12-26 22:42 -------- d-sh--r- c:\users\kasper\AppData\Roaming\TransferTo
2013-12-26 20:24 . 2013-12-27 16:46 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A871ECD-8A43-4A8E-8380-30A77B5D9BBC}\offreg.dll
2013-12-26 20:23 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A871ECD-8A43-4A8E-8380-30A77B5D9BBC}\mpengine.dll
2013-12-25 14:18 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-22 00:36 . 2013-12-22 00:36 -------- d-----w- c:\users\kasper\AppData\Roaming\PowerISO
2013-12-18 17:32 . 2013-12-18 17:32 -------- d-----w- c:\users\kasper\AppData\Roaming\Opera Software
2013-12-18 17:32 . 2013-12-18 17:32 -------- d-----w- c:\program files\Opera
2013-12-13 15:49 . 2013-12-13 15:50 -------- d-----w- c:\users\kasper\AppData\Roaming\vlc
2013-12-11 17:39 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 17:39 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 17:02 . 2013-12-11 17:03 -------- d-----w- c:\programdata\QuickSet
2013-12-11 17:02 . 2013-12-11 17:45 -------- d-----w- c:\programdata\YoutubeAdblocker
2013-12-11 17:02 . 2013-12-11 17:07 -------- d-----w- c:\program files\YoutubeAdblocker
2013-12-11 17:02 . 2013-12-11 17:45 -------- d-----w- c:\programdata\surf anD Keep
2013-12-11 17:02 . 2013-12-11 17:07 -------- d-----w- c:\program files\surf anD Keep
2013-12-11 06:30 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-11 06:30 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-11 06:30 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-11 06:30 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 06:30 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 06:30 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 06:30 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 06:30 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-11 06:29 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 06:29 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 06:29 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-06 12:54 . 2013-10-18 05:58 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5C99B7D-5307-4EFF-A7B0-38327CC93C4D}\gapaengine.dll
2013-11-28 18:31 . 2013-11-28 18:31 -------- d-----w- c:\program files\Lame For Audacity
2013-11-28 15:48 . 2013-12-02 13:15 -------- d-----w- c:\users\kasper\AppData\Roaming\Audacity
2013-11-28 15:48 . 2013-11-28 15:48 -------- d-----w- c:\program files\Audacity
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 19:38 . 2013-08-08 16:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 19:38 . 2013-08-08 16:02 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 10:21 . 2013-08-08 11:36 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 16:24 . 2013-11-12 16:24 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-12 16:24 . 2013-11-12 16:24 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-12 16:24 . 2013-11-12 16:24 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-12 16:24 . 2013-11-12 16:24 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-12 16:24 . 2013-11-12 16:24 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-12 16:24 . 2013-11-12 16:24 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-12 16:24 . 2013-11-12 16:24 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-12 16:24 . 2013-11-12 16:24 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-12 16:24 . 2013-11-12 16:24 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-12 16:24 . 2013-11-12 16:24 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 16:24 . 2013-11-12 16:24 337408 ----a-w- c:\windows\system32\html.iec
2013-11-12 16:24 . 2013-11-12 16:24 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-12 16:24 . 2013-11-12 16:24 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-12 16:24 . 2013-11-12 16:24 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-12 16:24 . 2013-11-12 16:24 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-12 16:24 . 2013-11-12 16:24 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-12 16:24 . 2013-11-12 16:24 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-12 16:24 . 2013-11-12 16:24 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-12 16:24 . 2013-11-12 16:24 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-12 16:24 . 2013-11-12 16:24 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-10-18 05:58 . 2013-08-22 16:06 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:03 . 2013-11-13 07:00 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 07:00 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-13 07:00 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-08 05:50 . 2013-10-21 06:15 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-05 19:57 . 2013-11-13 07:00 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58 . 2013-11-13 07:00 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 07:00 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56 . 2013-11-13 07:00 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58 . 2013-11-13 07:00 305152 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-18 20587168]
"Facebook Update"="c:\users\kasper\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-08-17 138096]
"ShopTransferTo"="c:\program files\Java\jre7\bin\javaw.exe" [2013-10-08 175016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-08-08 10889832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-08 144152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-08 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-08 188184]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 141824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-08-08 2325776]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2013-08-08 1105488]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-08-08 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [2011-10-05 564800]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 104768]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-10-23 280288]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-01-20 122368]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-07 1343400]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-08-08 24936]
S1 MpKslf136eeb3;MpKslf136eeb3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7A871ECD-8A43-4A8E-8380-30A77B5D9BBC}\MpKslf136eeb3.sys [2013-12-27 40392]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2013-08-08 355920]
S2 IAStorDataMgrSvc;Úložná technologie Intel® Rapid;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-10-01 5087584]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2012-01-20 16128]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-11-04 60968]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-11-04 17960]
S3 bScsiMSx;bScsiMSx;c:\windows\system32\DRIVERS\bScsiMSx.sys [2011-09-02 43560]
S3 bScsiSDx;bScsiSDx;c:\windows\system32\DRIVERS\bScsiSDx.sys [2012-05-03 47104]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-08-08 280576]
S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2012-01-18 370728]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-17 55104]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2013-08-08 21520]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08 19:38]
.
2013-12-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1252211279-2280835216-2774946493-1000Core.job
- c:\users\kasper\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-17 20:36]
.
2013-12-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1252211279-2280835216-2774946493-1000UA.job
- c:\users\kasper\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-17 20:36]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - ExtSQL: 2013-10-28 20:55; yioalo@gzxjyuo.com; c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\yioalo@gzxjyuo.com
FF - ExtSQL: 2013-10-28 20:55; 27jx9ncx@uo-.co.uk; c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\27jx9ncx@uo-.co.uk
FF - ExtSQL: 2013-12-21 20:38; aao7vhpx@ufp-ed.com; c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\aao7vhpx@ufp-ed.com
FF - ExtSQL: 2013-12-21 20:38; 4elyia@gqtbyakkr.net; c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\4elyia@gqtbyakkr.net
FF - ExtSQL: 2013-12-21 20:38; 1b@grnphjps.edu; c:\users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\extensions\1b@grnphjps.edu
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{405DFEAE-1D2F-4649-BE08-C92313C3E1CE} - (no file)
HKCU-Run-LiveSupport - c:\program files\LiveSupport\LiveSupport.exe
HKCU-Run-wallet-dat - c:\users\kasper\AppData\Roaming\wallet-dat.vbs
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-12-27  18:02:19
ComboFix-quarantined-files.txt  2013-12-27 17:02
.
Před spuštěním: Volných bajtů: 661 267 734 528
Po spuštění: Volných bajtů: 663 465 070 592
.
- - End Of File - - 803C86ED42012EA74A377F5580AD5BC8
A36C5E4F47E84449FF07ED3517B43A31
 

 

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x86
Ran by kasper on ne 29.12.2013 at 20:42:10,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c670dcae-e392-aa32-6f42-143c7fc4bdfd}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\kasper\AppData\Roaming\mozilla\firefox\profiles\rlcxmozo.default\user.js
Successfully deleted: [File] C:\Users\kasper\AppData\Roaming\mozilla\firefox\profiles\rlcxmozo.default\searchplugins\websearch.xml
Successfully deleted the following from C:\Users\kasper\AppData\Roaming\mozilla\firefox\profiles\rlcxmozo.default\prefs.js
 
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("extensions.3O3gDn3WCpA.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};try{new function(){if(null==document.getElementById
user_pref("extensions.Ae1hCzn.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){
user_pref("extensions.J1OJYM.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r
user_pref("extensions.cmhRLrkUp.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1
user_pref("extensions.khjQ.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};(function(){if(window.self==window.top&&!document.getEleme
Emptied folder: C:\Users\kasper\AppData\Roaming\mozilla\firefox\profiles\rlcxmozo.default\minidumps [39 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 29.12.2013 at 20:43:50,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.016 - Report created 29/12/2013 at 20:45:32
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : kasper - KASPER-PC
# Running from : C:\Users\kasper\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\surf anD Keep
Folder Deleted : C:\Program Files\YoutubeAdblocker
Folder Deleted : C:\Program Files\surf anD Keep
Folder Deleted : C:\Users\kasper\AppData\Roaming\SkypEmoticons
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (cs)
 
[ File : C:\Users\kasper\AppData\Roaming\Mozilla\Firefox\Profiles\rlcxmozo.default\prefs.js ]
 
Line Deleted : user_pref("extensions.3O3gDn3WCpA.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn44[...]
Line Deleted : user_pref("extensions.Ae1hCzn.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);var d[...]
Line Deleted : user_pref("extensions.J1OJYM.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){w[...]
Line Deleted : user_pref("extensions.cmhRLrkUp.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++[...]
Line Deleted : user_pref("extensions.khjQ.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};(function(){if(window.self==window.top&&!document.getElementById('shk85shssma')){va[...]
 
*************************
 
AdwCleaner[R0].txt - [2580 octets] - [29/12/2013 20:45:10]
AdwCleaner[s0].txt - [2547 octets] - [29/12/2013 20:45:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2607 octets] ##########
 

 

Link to post
Share on other sites

Well done! :)

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner .

Step 4

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.