Zavirovaný PC a flashky

[wosicz]

Dobrý den,
děckám se povedlo stáhnout do kompu jakýsi hnus (vícero, něco už jsem promazal) a k tomu to ještě nechali rozlíst se po flashkách, naštěstí ostatní pc v domácnosti s tím nepřišly do styku. Tady je log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:37:29, on 5.7.2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19401)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\wscript.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ividi.org/?src=tbhp&id=ac ... 9&affilt=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13927
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CostMin - {94EB70E2-6354-86EF-F995-2666FEB90BF6} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jaroslav\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Windows] C:\Users\Public\Public\run.vbs
O4 - HKCU\..\Run: [tmp1286] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\tmp1286.tmp.vbs"
O4 - HKCU\..\Run: [tmpF72A] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\tmpF72A.tmp.vbs"
O4 - HKCU\..\Run: [bygnssroft] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\bygnssroft.vbs"
O4 - HKCU\..\Run: [tmpD563] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\tmpD563.tmp.vbs"
O4 - HKCU\..\Run: [ojxerkoomt] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\ojxerkoomt.vbs"
O4 - HKCU\..\Run: [swjykewdjn] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\swjykewdjn.vbs"
O4 - HKCU\..\Run: [cqxqjtcyil] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\cqxqjtcyil.vbs"
O4 - HKCU\..\Run: [mifwnxrkkw] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\mifwnxrkkw.vbs"
O4 - HKCU\..\Run: [ninas] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\ninas.vbs"
O4 - HKCU\..\Run: [maya2] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\maya2.vbs"
O4 - HKCU\..\Run: [zineb] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\zineb.vbs"
O4 - HKCU\..\Run: [zypkinsgzm] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\zypkinsgzm.vbs"
O4 - HKCU\..\Run: [tmpC1C1] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\tmpC1C1.tmp.vbs"
O4 - HKCU\..\Run: [fatii] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\fatii.vbs"
O4 - HKCU\..\Run: [Hack] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\Hack.vbs"
O4 - HKCU\..\Run: [tmpB549] wscript.exe //B "C:\Users\Jaroslav\AppData\Roaming\tmpB549.tmp.vbs"
O4 - Startup: bygnssroft.vbs
O4 - Startup: cqxqjtcyil.vbs
O4 - Startup: ojxerkoomt.vbs
O4 - Startup: swjykewdjn.vbs
O4 - Startup: tmp1286.tmp.vbs
O4 - Startup: tmpB549.tmp.vbs
O4 - Startup: tmpD563.tmp.vbs
O4 - Startup: tmpF72A.tmp.vbs
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "D:\fiddler2\Fiddler.exe" (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll c:\progra~1\suppor~1\suppor~1.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9309 bytes

[cernohous13]

Vítám tě u nás

Spusť program D:\HijackThis.exe
klik "Do a system scan only"
dej fajfku do čtverečků před řádky:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13927
O4 - HKCU\..\Run: [Windows] C:\Users\Public\Public\run.vbs
O4 - HKCU\..\Run: [tmp1286] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\tmp1286.tmp.vbs"
O4 - HKCU\..\Run: [tmpF72A] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\tmpF72A.tmp.vbs"
O4 - HKCU\..\Run: [bygnssroft] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\bygnssroft.vbs"
O4 - HKCU\..\Run: [tmpD563] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\tmpD563.tmp.vbs"
O4 - HKCU\..\Run: [ojxerkoomt] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\ojxerkoomt.vbs"
O4 - HKCU\..\Run: [swjykewdjn] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\swjykewdjn.vbs"
O4 - HKCU\..\Run: [cqxqjtcyil] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\cqxqjtcyil.vbs"
O4 - HKCU\..\Run: [mifwnxrkkw] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\mifwnxrkkw.vbs"
O4 - HKCU\..\Run: [ninas] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\ninas.vbs"
O4 - HKCU\..\Run: [maya2] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\maya2.vbs"
O4 - HKCU\..\Run: [zineb] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\zineb.vbs"
O4 - HKCU\..\Run: [zypkinsgzm] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\zypkinsgzm.vbs"
O4 - HKCU\..\Run: [tmpC1C1] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\tmpC1C1.tmp.vbs"
O4 - HKCU\..\Run: [fatii] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\fatii.vbs"
O4 - HKCU\..\Run: [Hack] wscript.exe //B "C:\Users\Jaroslav\AppData\Local\Temp\Hack.vbs"
O4 - HKCU\..\Run: [tmpB549] wscript.exe //B "C:\Users\Jaroslav\AppData\Roaming\tmpB549.tmp.vbs"
O4 - Startup: bygnssroft.vbs
O4 - Startup: cqxqjtcyil.vbs
O4 - Startup: ojxerkoomt.vbs
O4 - Startup: swjykewdjn.vbs
O4 - Startup: tmp1286.tmp.vbs
O4 - Startup: tmpB549.tmp.vbs
O4 - Startup: tmpD563.tmp.vbs
O4 - Startup: tmpF72A.tmp.vbs

"Fix checked" -> OK

po restartu mi dej RSIT log podle návodu http://forum.viry.cz/viewtopic.php?f=13&t=130786

[wosicz]

Ty vbs se okamžitě vrací zpět. AVG mi to neúnavně hlásí co pár sekund.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jaroslav at 2014-07-05 12:31:27
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 47 GB (19%) free of 245 GB
Total RAM: 3518 MB (46% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AVG_SYS_TASK_0614a.job
C:\Windows\tasks\AVG_SYS_TASK_0614a_DELETE.job
C:\Windows\tasks\BlockAndSurf Update.job
C:\Windows\tasks\BlockAndSurf_wd.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegistryBooster.job
C:\Windows\tasks\User_Feed_Synchronization-{49A7E43B-9A23-4068-B1F9-40921DB3FE45}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-09-03 68480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94EB70E2-6354-86EF-F995-2666FEB90BF6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
10

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"VMonitorVMUVC"=C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [2008-08-29 143360]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-09-09 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-09-09 178712]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-09-09 154136]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-29 4317184]
"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2014-06-17 5179408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"ASRockIES"= []
"zASRockInstantBoot"= []
"Steam"=C:\Program Files\Steam\steam.exe [2014-06-30 1753280]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2014-05-08 21444224]
"Clownfish"= []
"AVG-Secure-Search-Update_0614a"=C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe [2014-06-19 2726936]
"bygnssroft"=wscript.exe //B C:\Users\Jaroslav\AppData\Local\Temp\bygnssroft.vbs []
"tmpF72A"=wscript.exe //B C:\Users\Jaroslav\AppData\Local\Temp\tmpF72A.tmp.vbs []
"swjykewdjn"=wscript.exe //B C:\Users\Jaroslav\AppData\Local\Temp\swjykewdjn.vbs []
"cqxqjtcyil"=wscript.exe //B C:\Users\Jaroslav\AppData\Local\Temp\cqxqjtcyil.vbs []
"ojxerkoomt"=wscript.exe //B C:\Users\Jaroslav\AppData\Local\Temp\ojxerkoomt.vbs []
"tmp1286"=wscript.exe //B C:\Users\Jaroslav\AppData\Local\Temp\tmp1286.tmp.vbs []
"tmpD563"=wscript.exe //B C:\Users\Jaroslav\AppData\Local\Temp\tmpD563.tmp.vbs []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files\Ask.com\Updater\Updater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
bygnssroft.vbs
cqxqjtcyil.vbs
ojxerkoomt.vbs
swjykewdjn.vbs
tmp1286.tmp.vbs
tmpD563.tmp.vbs
tmpF72A.tmp.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll c:\progra~1\suppor~1\suppor~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-09-02 221184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07ee5ac0-54e9-11e1-8f34-806e6f6e6963}]
shell\AutoRun\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{610af009-c222-11df-b0f5-002421aade90}]
shell\AutoRun\command - J:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{803aecc5-ec9a-11e2-8d65-806e6f6e6963}]
shell\AutoRun\command - E:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b924d119-2e47-11e3-a0c8-bc5ff4032359}]
shell\AutoRun\command - J:\RunGame.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd14658f-11e3-11e0-943d-002421aade90}]
shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e51e307e-a88e-11df-9e47-002421aade90}]
shell\AutoRun\command - J:\LGAutoRun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-07-05 12:31:27 ----D---- C:\rsit
2014-07-05 12:31:27 ----D---- C:\Program Files\trend micro
2014-07-05 09:40:06 ----D---- C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a
2014-07-05 09:39:52 ----D---- C:\ProgramData\Avg_Update_0614a
2014-07-05 07:12:26 ----A---- C:\Users\Jaroslav\AppData\Roaming\tmpB549.tmp.vbs
2014-07-02 18:58:27 ----D---- C:\Users\Jaroslav\AppData\Roaming\AVG2014
2014-07-02 18:57:46 ----D---- C:\Users\Jaroslav\AppData\Roaming\TuneUp Software
2014-07-02 18:55:08 ----HD---- C:\$AVG
2014-07-02 18:55:08 ----D---- C:\ProgramData\AVG2014
2014-07-02 18:53:59 ----D---- C:\Program Files\AVG
2014-07-02 18:52:45 ----HD---- C:\ProgramData\Common Files
2014-07-02 18:52:45 ----D---- C:\ProgramData\MFAData
2014-06-29 13:07:20 ----A---- C:\ProgramData\startup.exe.tmp
2014-06-28 13:05:24 ----D---- C:\ProgramData\Isolated Storage
2014-06-28 09:40:11 ----D---- C:\Windows\system32\RTCOM
2014-06-27 20:50:18 ----A---- C:\Windows\system32\RtNicProp32.dll
2014-06-27 18:03:17 ----D---- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2014-06-22 17:32:11 ----A---- C:\ProgramData\chromee.exe.tmp
2014-06-22 14:55:56 ----A---- C:\ProgramData\steam.exe.tmp

======List of files/folders modified in the last 1 months======

2014-07-05 12:31:27 ----RD---- C:\Program Files
2014-07-05 12:31:27 ----D---- C:\Windows\Prefetch
2014-07-05 12:31:23 ----D---- C:\Windows\Temp
2014-07-05 09:40:05 ----D---- C:\Windows\Tasks
2014-07-05 09:40:03 ----D---- C:\Windows\system32\Tasks
2014-07-05 09:39:52 ----HD---- C:\ProgramData
2014-07-05 09:12:51 ----D---- C:\Program Files\Common Files\Steam
2014-07-05 09:11:41 ----D---- C:\Program Files\Steam
2014-07-05 07:12:30 ----D---- C:\Users\Jaroslav\AppData\Roaming\DAEMON Tools Lite
2014-07-05 07:12:07 ----D---- C:\Windows
2014-07-05 07:06:53 ----SHD---- C:\Windows\Installer
2014-07-05 07:06:28 ----SHD---- C:\System Volume Information
2014-07-05 06:20:49 ----D---- C:\Windows\system32\drivers
2014-07-05 06:20:42 ----D---- C:\Windows\inf
2014-07-03 21:45:21 ----D---- C:\ProgramData\Wincert
2014-07-03 21:45:06 ----D---- C:\ProgramData\CostMin
2014-07-03 21:43:35 ----D---- C:\Program Files\InstallConverter bundle uninstaller
2014-07-03 21:42:43 ----D---- C:\Program Files\hosts
2014-07-03 20:46:46 ----D---- C:\Games
2014-07-02 21:25:07 ----D---- C:\Windows\System32
2014-07-02 21:25:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-28 09:40:02 ----D---- C:\Windows\system32\catroot2
2014-06-27 20:50:43 ----D---- C:\Users\Jaroslav\AppData\Roaming\Skype
2014-06-27 20:50:35 ----D---- C:\Windows\system32\catroot
2014-06-27 20:50:17 ----HD---- C:\Program Files\InstallShield Installation Information
2014-06-27 19:43:16 ----D---- C:\Program Files\Common Files
2014-06-27 19:42:43 ----D---- C:\Program Files\Electronic Arts
2014-06-27 19:41:41 ----D---- C:\Program Files\Activision
2014-06-27 19:13:48 ----HD---- C:\Program Files\Temp
2014-06-27 19:13:43 ----D---- C:\Program Files\Realtek
2014-06-27 19:13:38 ----A---- C:\Windows\DIFxAPI.dll
2014-06-27 18:07:50 ----D---- C:\ProgramData\AVAST Software
2014-06-27 18:05:20 ----D---- C:\Program Files\PCDApp
2014-06-23 17:36:29 ----D---- C:\Users\Jaroslav\AppData\Roaming\vlc
2014-06-23 15:54:53 ----D---- C:\Program Files\SoftwareUpdater
2014-06-23 13:58:38 ----D---- C:\Users\Jaroslav\AppData\Roaming\File Scout
2014-06-23 12:57:54 ----D---- C:\Program Files\Supporter
2014-06-23 12:52:55 ----D---- C:\Program Files\BlockAndSurf-soft
2014-06-23 12:32:43 ----SD---- C:\Windows\system32\Microsoft
2014-06-23 06:39:03 ----D---- C:\Users\Jaroslav\AppData\Roaming\.minecraft
2014-06-22 21:19:39 ----D---- C:\Program Files\Common Files\InstallShield
2014-06-22 20:16:30 ----D---- C:\ProgramData\Razer
2014-06-22 20:14:52 ----A---- C:\Windows\disney.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 13832]
R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2014-06-17 121624]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2014-06-17 199960]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-16 242240]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\Windows\system32\DRIVERS\AegisP.sys [2009-10-10 20747]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-03-17 140288]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 acsiyz62;acsiyz62; C:\Windows\system32\drivers\acsiyz62.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6032.sys [2008-04-15 224384]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-09-02 2472448]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\rt73.sys [2006-03-08 255232]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 VMUVC;Vimicro Camera Service VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [2010-04-29 254720]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC; C:\Windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-03 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2014-06-27 3241488]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2014-06-17 289328]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2014-06-30 542400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-11 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-11 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[cernohous13]

Stáhni a nainstaluj MBAM zde http://www.bleepingcomputer.com/downloa ... i-malware/ verzi 1.75
Spustit -> na 3.záložce "Aktualizace" -> Kontrola aktualizací (možná bude provedeno automaticky)
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

[wosicz]

Tak mám vymalováno a už jsem tu Ten MBAM se mi při aktualizaci převede už na novější verzi 2.xxx. Co s tím? Když jsem to stopnul, tak mi zůstala ta 1.75, ale s databází 457 dní starou.

[cernohous13]

Při stahování aktualizace ti vyskočí hláška o instalaci nové verze - dáš "Storno"
verze 2.0 si s XP nerozumí

[wosicz]

Tady jsou Visty. A jak dám aktualizovat tu 1.75, tak se mi okamžitě začne stahovat už ta dvojková verze, takže buď a nebo.

[cernohous13]

Ha, na Vistách to bude ok s 2.0 - instaluj

[wosicz]

Trakže jsem se dopracoval k tomuto:

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 6.7.2014
Čas skenování: 6:26:38
Protokol: MBAM_1.txt
Správce: Ano

Verze: 2.00.2.1012
Databáze malwaru: v2014.07.06.03
Databáze rootkitů: v2014.07.03.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Self-protection: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: Jaroslav

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 272811
Uplynulý čas: 10 min, 4 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 61
PUP.Optional.iVIDI.A, HKLM\SOFTWARE\CLASSES\APPID\{685F23D9-FCFD-475C-B56A-362645945C5A}, , [0843019b91eac6707784d17f2bd77c84],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [72d9f9a3b3c80531629193f2d230d729],
PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [c982306c7308b185ff806ce022e0d52b],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}, , [c982306c7308b185ff806ce022e0d52b],
PUP.Optional.HomePageProtector.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [3a117b2185f66cca7a3a9db2bd458b75],
PUP.Optional.HomePageProtector.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{336D0C35-8A85-403A-B9D2-65C292C39087}, , [3a117b2185f66cca7a3a9db2bd458b75],
PUP.Optional.Incredibar, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}, , [96b598048deee551d64b1870b0529b65],
PUP.Optional.Incredibar, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}, , [96b598048deee551d64b1870b0529b65],
PUP.Optional.Datamngr.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}, , [80cb6a3290eb8fa7cb49283143bfbb45],
PUP.Optional.Datamngr.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}, , [80cb6a3290eb8fa7cb49283143bfbb45],
PUP.Optional.SweetPacks, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [86c5e3b9ea91d95d61fb12416d95718f],
PUP.Optional.SweetPacks, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, , [86c5e3b9ea91d95d61fb12416d95718f],
PUP.Optional.Datamngr.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F34C9277-6577-4DFF-B2D7-7D58092F272F}, , [6cdf6a326d0ef640be575dfc768c7789],
PUP.Optional.Datamngr.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F34C9277-6577-4DFF-B2D7-7D58092F272F}, , [6cdf6a326d0ef640be575dfc768c7789],
PUP.Optional.Datamngr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F34C9277-6577-4DFF-B2D7-7D58092F272F}, , [6cdf6a326d0ef640be575dfc768c7789],
PUP.Optional.Incredibar, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F9639E4A-801B-4843-AEE3-03D9DA199E77}, , [2724bbe14833b87ed84a3e4a49b9e917],
PUP.Optional.Incredibar, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F9639E4A-801B-4843-AEE3-03D9DA199E77}, , [2724bbe14833b87ed84a3e4a49b9e917],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [f25933692655181ea105d37a42c0758b],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, , [f25933692655181ea105d37a42c0758b],
PUP.Optional.GreatSaver.A, HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}, , [93b8c1db403bd85e34885ff2a45e817f],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\AmiBs.Installer.1, , [80cb2e6ea9d2d165151980d3986a5ea2],
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Delta Chrome Toolbar, , [430823795b20b086e720f31afa0a2ad6],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, , [9caff2aa106bba7c01a305b619e9f808],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\AmiBs.Installer, , [8bc0e8b4c9b292a4d00546957e84a35d],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CostMin.CostMin, , [c2897d1f84f73afc3d08894ecc36bf41],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CostMin.CostMin.2.2, , [7dcee2bae8930f270e372ea95ca68b75],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035382.BHO, , [f45763393348ea4ca12f5a959b68f40c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035382.BHO.1, , [0b409b01d9a23ff7379909e6e71cd42c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035382.Sandbox, , [66e555476d0eb77f02ceef007e85a858],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035382.Sandbox.1, , [9ead3d5ff08bf541438d5a9526dd1ee2],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cflheckfmhopnialghigdlggahiomebp, , [1e2da0fc1f5c033303a5e8cd6d9559a7],
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, , [bc8f34684734b5812cf5715580827b85],
PUP.Optional.Delta.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\eooncjejnppfjjklapaamhcdmjbilmde, , [ee5d6e2e5c1fbd7938b32bc331d243bd],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\giacfgjdclhnmkacnfbaljbmpnelflol, , [a0ab2a729dde2115dd4f0bce669c09f7],
PUP.Optional.OKitSpace.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hifnddafpdkmjljallgdlkjiiieidmec, , [53f8cdcfb3c8ed493f467b5f5da5d52b],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jcdgjdiieiljkfkdcloehkohchhpekkn, , [82c9910b5526e4521876c4f258aa5da3],
PUP.Optional.Hosts.A, HKLM\SOFTWARE\HOSTS\INSTALLER, , [2a21108caecd62d45d449a3b3dc5d12f],
PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5F189DF5-2D05-472B-9091-84D9848AE48B}{40030ae4}, , [91ba742893e8ee48fdf71b98ca38c43c],
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\SOFTWAREUPDATER, , [c784b2eafa81a492bd8542ae38cb2ed2],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM, , [2a2118843f3ca195e9ebe20dee15837d],
PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\VITTALIA\AxtanInstaller, , [e06bceceaad1d066085e36a0fc06d729],
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, , [a6a5c2da0675f04623fe586e7a886799],
PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, , [5bf0227a4a31e155d8bd9959c73cea16],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, , [f75484186e0d4cea11b3dd11e51eeb15],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [c388950780fbda5c2c9788661ae9cd33],
PUP.Optional.Ividi.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, , [5cef7d1f93e8a4926fc11abfad55e818],
PUP.Optional.Ividi.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI.org, , [0f3cadef37448da9ae8304d550b2d42c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [5dee029a116a3afc84cc748ffa0afd03],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, , [e665207c6516f73f0e3cede661a123dd],
PUP.Optional.Babylon.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [272414887ffca78f4682fef1c83bb050],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Alex, , [71da4f4d7b001a1c17e15f760af8cf31],
PUP.Optional.BProtector.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, , [c487d1cb0f6c9b9bb861a250956e946c],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [a1aaefadf78475c1e0c6c20549b947b9],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [1b30e3b985f693a3efe4c52ab84b3bc5],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}, , [3912b9e3f5867eb8c7300c8e37cb44bc],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}, , [3912b9e3f5867eb8c7300c8e37cb44bc],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{231047C5-F7E9-45BE-9EFD-6E9BB6D59A9F}, , [3912b9e3f5867eb8c7300c8e37cb44bc],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{82443621-A29A-473E-8335-F5C958A7A4CA}, , [3912b9e3f5867eb8c7300c8e37cb44bc],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\IEhelperActiveX.IEhelperLabel.1, , [3912b9e3f5867eb8c7300c8e37cb44bc],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\CLASSES\IEhelperActiveX.IEhelperLabel, , [3912b9e3f5867eb8c7300c8e37cb44bc],
PUP.Optional.Ividi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\iVIDI Plugin, , [3912b9e3f5867eb8c7300c8e37cb44bc],

Hodnoty registru: 12
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, , [3a117b2185f66cca7a3a9db2bd458b75]
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, , [3a117b2185f66cca7a3a9db2bd458b75]
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [2328306c3d3ea09643711d3207fbd32d],
PUP.Optional.HomePageProtector.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [4506edafa2d9fc3a278d67e853afe41c],
PUP.Optional.Hosts.A, HKLM\SOFTWARE\HOSTS\INSTALLER|BundledIe, 1, , [2a21108caecd62d45d449a3b3dc5d12f]
PUP.Optional.Supporter.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll c:\progra~1\suppor~1\suppor~1.dll, , [fe4d3f5d215a1125c61fb5fe9b67c63a]
PUP.Optional.SoftwareUpdater.A, HKLM\SOFTWARE\SOFTWAREUPDATER|partner_keyword, EAZELEN, , [c784b2eafa81a492bd8542ae38cb2ed2]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\SWEETIM|simapp_id, {ACB7A8E9-3261-11E2-AA83-002421AADE90}, , [2a2118843f3ca195e9ebe20dee15837d]
PUP.BProtector, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, http://www.delta-search.com/?affID=1194 ... 5ff4032359, , [55f6f4a8057662d4982dab432dd6bc44]
PUP.BProtector, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [c982f3a994e7ed49b70fb73750b34fb1]
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{B9CAB6E3-383E-2705-9275-E9FFFCD2C970}, C:\Program Files\BlockAndSurf-soft\161.xpi, , [6cdfacf01764092dc224f6c757abb14f]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {ACB7A8E9-3261-11E2-AA83-002421AADE90}, , [1b30e3b985f693a3efe4c52ab84b3bc5]

Data registru: 1
PUP.Optional.Ividi.A, HKU\S-1-5-21-2740782119-3764180284-3873852215-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.ividi.org/?src=tbhp&id=ac ... 9&affilt=3, Dobré: (http://www.google.com), Špatné: (http://search.ividi.org/?src=tbhp&id=ac ... 9&affilt=3),,[400b63391566999d5e4b7e0cd1330000]

Složky: 11
PUP.Optional.Hosts.A, C:\Program Files\hosts, , [0e3da8f46a1176c063961eb738caf709],
PUP.Optional.SoftwareUpdater.A, C:\Program Files\SoftwareUpdater, , [55f6abf1314a51e562db9f4d9a69aa56],
Trojan.BitcoinMiner, C:\Users\Public\Public, , [c685bbe13e3ddb5bdab6ea18689c6d93],
PUP.Optional.Delta.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\Shared, , [430823795b20b086e720f31afa0a2ad6],
PUP.Optional.FileScout.A, C:\Users\Jaroslav\AppData\Roaming\File Scout, , [8bc0ddbfb1ca21152309fc9d5fa3857b],
PUP.Optional.Ividi.A, C:\Program Files\iVIDI.org plugin, , [3912b9e3f5867eb8c7300c8e37cb44bc],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\bitstreams, , [12399903b8c34de91a4ff2a920e2cc34],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft, , [e9624a521962b18568333c6460a2817f],
PUP.Optional.CostMin.A, C:\ProgramData\CostMin, , [3714cfcdbac1a88e4df4faad17eb946c],
PUP.Optional.BabSolution.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\CR, , [5af11488c6b52e08151578390cf636ca],

Soubory: 70
PUP.Optional.Bitcoin, C:\Windows\System32\acumnctnds.exe, , [4704e3b9bbc00e2894171e7db44d13ed],
PUP.Optional.Bitcoin, C:\Windows\System32\acumncvits.exe, , [f655debef487ad897c2fbeddfb0641bf],
PUP.Adbundler, C:\Users\Jaroslav\Downloads\GotClip_Setup.exe, , [5bf0faa2adce04323db645484bb59c64],
PUP.Proxy.BCM, C:\Users\Public\Public\mining_proxy.exe, , [80cbf2aa97e4092d2cf075a1916fcd33],
PUP.Optional.MindSpark.A, C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_zwinky.dl.tb.ask.com_0.localstorage-journal, , [0744b1eb0774cf67daeaedc7e71b19e7],
PUP.Optional.Babylon.A, C:\Windows\System32\Tasks\EPUpdater, , [77d4b9e37efdae88ff8dc7ee758d45bb],
PUP.Optional.BlockAndSurf.A, C:\Windows\System32\Tasks\BlockAndSurf Update, , [004b4d4f0972ad892ed7ecca09f9ea16],
PUP.Optional.Superfish.A, C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [96b5c5d78cef52e4d4a4d6eab151f30d],
PUP.Optional.BlockAndSurf.A, C:\Windows\Tasks\BlockAndSurf Update.job, , [d6757923433821157549bd0dc63caf51],
PUP.Optional.BlockAndSurf.A, C:\Windows\Tasks\BlockAndSurf_wd.job, , [12391c80b9c2f343685600ca61a1fc04],
Trojan.Agent, C:\ProgramData\steam.exe.tmp, , [62e998043447aa8c35779e3421e123dd],
PUP.Optional.Hosts.A, C:\Program Files\hosts\background.html, , [0e3da8f46a1176c063961eb738caf709],
PUP.Optional.Hosts.A, C:\Program Files\hosts\hosts-bg.exe, , [0e3da8f46a1176c063961eb738caf709],
PUP.Optional.Hosts.A, C:\Program Files\hosts\hosts-buttonutil.dll, , [0e3da8f46a1176c063961eb738caf709],
PUP.Optional.Hosts.A, C:\Program Files\hosts\hosts-buttonutil.exe, , [0e3da8f46a1176c063961eb738caf709],
PUP.Optional.Hosts.A, C:\Program Files\hosts\hosts-buttonutil64.dll, , [0e3da8f46a1176c063961eb738caf709],
PUP.Optional.Hosts.A, C:\Program Files\hosts\hosts-buttonutil64.exe, , [0e3da8f46a1176c063961eb738caf709],
PUP.Optional.Hosts.A, C:\Program Files\hosts\hosts-helper.exe, , [0e3da8f46a1176c063961eb738caf709],
PUP.Optional.Hosts.A, C:\Program Files\hosts\hosts.ico, , [0e3da8f46a1176c063961eb738caf709],
PUP.Optional.Hosts.A, C:\Program Files\hosts\Installer.log, , [0e3da8f46a1176c063961eb738caf709],
PUP.Optional.SoftwareUpdater.A, C:\Program Files\SoftwareUpdater\KeyGen.dll, , [55f6abf1314a51e562db9f4d9a69aa56],
PUP.Optional.SoftwareUpdater.A, C:\Program Files\SoftwareUpdater\AppsUpdater.exe.config, , [55f6abf1314a51e562db9f4d9a69aa56],
PUP.Optional.SoftwareUpdater.A, C:\Program Files\SoftwareUpdater\config.xml, , [55f6abf1314a51e562db9f4d9a69aa56],
PUP.Optional.SoftwareUpdater.A, C:\Program Files\SoftwareUpdater\Interop.Shell32.dll, , [55f6abf1314a51e562db9f4d9a69aa56],
PUP.Optional.SoftwareUpdater.A, C:\Program Files\SoftwareUpdater\translations.xml, , [55f6abf1314a51e562db9f4d9a69aa56],
Backdoor.Agent.TRJE, C:\ProgramData\chromee.exe.tmp, , [84c74e4eb1ca2a0c11b79168b64dcc34],
Trojan.BitcoinMiner, C:\Users\Public\Public\run.vbs, , [c685bbe13e3ddb5bdab6ea18689c6d93],
Trojan.BitcoinMiner, C:\Users\Public\Public\game.bat, , [c685bbe13e3ddb5bdab6ea18689c6d93],
Trojan.BitcoinMiner, C:\Users\Public\Public\game.vbs, , [c685bbe13e3ddb5bdab6ea18689c6d93],
Trojan.BitcoinMiner, C:\Users\Public\Public\libcurl.dll, , [c685bbe13e3ddb5bdab6ea18689c6d93],
Trojan.BitcoinMiner, C:\Users\Public\Public\mining_proxy.exe, , [c685bbe13e3ddb5bdab6ea18689c6d93],
Trojan.BitcoinMiner, C:\Users\Public\Public\pthreadGC2.dll, , [c685bbe13e3ddb5bdab6ea18689c6d93],
Trojan.BitcoinMiner, C:\Users\Public\Public\run.bat, , [c685bbe13e3ddb5bdab6ea18689c6d93],
Trojan.BitcoinMiner, C:\Users\Public\Public\zlib1.dll, , [c685bbe13e3ddb5bdab6ea18689c6d93],
PUP.Optional.Delta.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\Shared\Delta.ico, , [430823795b20b086e720f31afa0a2ad6],
PUP.Optional.Delta.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\Shared\BabMaint.exe, , [430823795b20b086e720f31afa0a2ad6],
PUP.Optional.Delta.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\Shared\BUSolution.dll, , [430823795b20b086e720f31afa0a2ad6],
PUP.Optional.Delta.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\Shared\BUSUninstall.exe, , [430823795b20b086e720f31afa0a2ad6],
PUP.Optional.Delta.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\Shared\chu.js, , [430823795b20b086e720f31afa0a2ad6],
PUP.Optional.Delta.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\Shared\GUninstaller.exe, , [430823795b20b086e720f31afa0a2ad6],
PUP.Optional.Delta.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\Shared\SetupParams.ini, , [430823795b20b086e720f31afa0a2ad6],
PUP.Optional.Delta.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\Shared\sqlite3.dll, , [430823795b20b086e720f31afa0a2ad6],
PUP.Optional.FileScout.A, C:\Users\Jaroslav\AppData\Roaming\File Scout\uninst.exe, , [8bc0ddbfb1ca21152309fc9d5fa3857b],
PUP.Optional.Ividi.A, C:\Program Files\iVIDI.org plugin\IEhelperActiveX.dll, , [3912b9e3f5867eb8c7300c8e37cb44bc],
PUP.Optional.Ividi.A, C:\Program Files\iVIDI.org plugin\ividiplg.crx, , [3912b9e3f5867eb8c7300c8e37cb44bc],
PUP.Optional.Ividi.A, C:\Program Files\iVIDI.org plugin\uninst.exe, , [3912b9e3f5867eb8c7300c8e37cb44bc],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\diablo130302.cl, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\diakgcn121016.cl, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\libcurl-4.dll, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\libeay32.dll, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\libidn-11.dll, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\librtmp.dll, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\libssh2.dll, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\phatk121016.cl, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\poclbm130302.cl, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\scrypt130511.cl, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\ssleay32.dll, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\zlib1.dll, , [12399903b8c34de91a4ff2a920e2cc34],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [12399903b8c34de91a4ff2a920e2cc34],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft\161.crx, , [e9624a521962b18568333c6460a2817f],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft\161.dat, , [e9624a521962b18568333c6460a2817f],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft\161.xpi, , [e9624a521962b18568333c6460a2817f],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft\a.db, , [e9624a521962b18568333c6460a2817f],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft\b.db, , [e9624a521962b18568333c6460a2817f],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft\BlockAndSurfiQ161.bin, , [e9624a521962b18568333c6460a2817f],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft\BlockAndSurfiQ161.ini, , [e9624a521962b18568333c6460a2817f],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft\BlockAndSurft55.exe, , [e9624a521962b18568333c6460a2817f],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft\Sqlite3.dll, , [e9624a521962b18568333c6460a2817f],
PUP.Optional.CostMin.A, C:\ProgramData\CostMin\IJPjdmbG.dat, , [3714cfcdbac1a88e4df4faad17eb946c],
PUP.Optional.BabSolution.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\CR\Delta.crx, , [5af11488c6b52e08151578390cf636ca],

Fyzické sektory: 0
(No malicious items detected)


(end)

[cernohous13]

Nech vše odstranit a po restartu udělej novou kontrolu

[wosicz]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 6.7.2014
Čas skenování: 6:55:29
Protokol: MBAM_2.txt
Správce: Ano

Verze: 2.00.2.1012
Databáze malwaru: v2014.07.06.03
Databáze rootkitů: v2014.07.03.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Self-protection: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: Jaroslav

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 272256
Uplynulý čas: 8 min, 21 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 0
(No malicious items detected)

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 7
PUP.Optional.FileScout.A, C:\Users\Jaroslav\AppData\Roaming\File Scout, , [df6cf9a34c2f2214e04c0792a55d51af],
PUP.Optional.Ividi.A, C:\Program Files\iVIDI.org plugin, , [7ecdf3a9cab1191d7c7bc1d954ae3dc3],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl, , [4cff1b8183f86cca6bfe405ba1612ad6],
Trojan.Agent.BCM, C:\Windows\inf\mncabxfl\bitstreams, , [4cff1b8183f86cca6bfe405ba1612ad6],
PUP.Optional.BlockAndSurf.A, C:\Program Files\BlockAndSurf-soft, , [09422577a7d4c76fb8e3bee2946e57a9],
PUP.Optional.CostMin.A, C:\ProgramData\CostMin, , [64e76f2dabd05adcf54c6f38936fe020],
PUP.Optional.BabSolution.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\CR, , [43089507e19a8caa62c8f2bffe049868],

Soubory: 0
(No malicious items detected)

Fyzické sektory: 0
(No malicious items detected)


(end)

[cernohous13]

Vzdoruje
opakuj výmaz a kontrolu

[wosicz]

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 6.7.2014
Čas skenování: 7:29:00
Protokol: MBAM_3.txt
Správce: Ano

Verze: 2.00.2.1012
Databáze malwaru: v2014.07.06.03
Databáze rootkitů: v2014.07.03.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Self-protection: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: Jaroslav

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 272017
Uplynulý čas: 9 min, 20 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Varovat
PUM: Zapnuto

Procesy: 0
(No malicious items detected)

Moduly: 0
(No malicious items detected)

Klíče registru: 0
(No malicious items detected)

Hodnoty registru: 0
(No malicious items detected)

Data registru: 0
(No malicious items detected)

Složky: 1
PUP.Optional.BabSolution.A, C:\Users\Jaroslav\AppData\Roaming\BabSolution\CR, , [54f7f8a4f88394a22cfe377ad032f40c],

Soubory: 0
(No malicious items detected)

Fyzické sektory: 0
(No malicious items detected)


(end)

[cernohous13]

Stahni Avenger zde:
http://swandog46.geekstogo.com/avenger.exe
Spusť a všude souhlas „Yes“
Hlavní okno
http://2i.cz/b9b1b69c4f
dole dej fajfku do obou čtverečků

Do pole „Input script here“ zkopíruj zelený text scriptu -> „Execute“ -> „Yes“
Bude restart a je potřeba vyčkat na otevření Notepadu a jeho obsah sem vložit. (C:\avenger.txt)

Script

Kód: Vybrat vše

Folders to delete:
C:\Users\Jaroslav\AppData\Roaming\BabSolution

[wosicz]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Users\Jaroslav\AppData\Roaming\BabSolution" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.