TorLocker 2.0

[Aljushka]

no jo, je mu 11 let a já mám momentálně na starosti malou 11-měsíční dcerku, tak kolikrát nemám čas hlídat vše co jsi do ntb stáhne a spustí - tohle mu bude ale obrovské ponaučení.


jinak odinstalovat ASC ani S&D nelze - vypisuje to: soubor je poškozen a že produkt nelze odinstalovat.
takže zkusím to aspoň to ostatní a pak napíšu.

[motji]

Nevadí, pokračujte dál co jsem napsala. Budu tu tak do 23.hodin a pak ráno mrknu.
Co jsem viděla, máte spoustu her a k tomu nelegálně stažených...pokud je to jediný pc a používáte ho i k internetovéímu bankovnictví a pod, určitě synovi domluvte

[Aljushka]

tady Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by ALA at 2014-10-28 23:29:01 Run:1
Running from C:\Users\ALA\Desktop
Loaded Profile: ALA (Available profiles: ALA)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [MSStp] => C:\Windows\inf\msstp.vbe
HKLM-x32\...\Run: [mncwmojSrv] => C:\Windows\system32\mncwmoj.vbe
HKLM\...\Policies\Explorer\Run: [2934679997] => C:\ProgramData\mscim.exe [623104 2014-10-27] ( (EFD Software))
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\Run: [2934679997] => C:\Users\ALA\AppData\Roaming\mscim.exe
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\Run: [50fce1d8cc92b5f2d3d5e28e9bce7d08] => C:\Users\ALA\AppData\Local\Temp\50fce1d8cc92b5f2d3d5e28e9bce7d08.exe [299919 2014-10-27] (Novostrim, Inc.) <===== ATTENTION
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\ALA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDD.vbs ()
Startup: C:\Users\ALA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winxp.vbs ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10653A& ... -15857&t=4
URLSearchHook: HKCU - (No Name) - {55E19115-8EF8-465C-90AC-DEACC491B0CC} - No File
SearchScopes: HKLM-x32 - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=wfxt2&s={ ... }&src=chrm
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2351701
SearchScopes: HKCU - {07E1A5F7-4853-465A-BF84-299A6E798F98} URL = http://rover.ebay.com/rover/1/710-71511 ... earchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... cale=en_EU
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60327
SearchScopes: HKCU - {23A078D7-C722-48DC-94A5-DF4CC8ACB3BE} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {50149EB7-8536-4BFB-AB9F-047BB6D4ECBA} URL = http://www.amazon.co.uk/gp/search?ie=UT ... nkCode=ur2
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2351701
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - No Name - {55E19115-8EF8-465C-90AC-DEACC491B0CC} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
2014-10-28 09:29 - 2014-10-28 09:34 - 00000000 ____D () C:\Users\ALA\AppData\Roaming\tor
2014-10-27 20:08 - 2014-10-27 20:08 - 00000000 ____D () C:\Users\ALA\AppData\Roaming\ExampleFolder
2014-10-27 17:58 - 2014-10-27 17:58 - 00934912 _____ (EFD Software) C:\Users\ALA\AppData\Roaming\suntor.exe
2014-10-27 17:58 - 2014-10-27 17:58 - 00000050 _____ () C:\Users\ALA\AppData\Roaming\suntor.bat
C:\Program Files (x86)\Cube World + Crack [CZ]
C:\Windows\SysWOW64\acumncwmoj.exe
C:\Windows\SysWOW64\lcpmncwmoj.exe
C:\Users\ALA\AppData\Local\Temp\50fce1d8cc92b5f2d3d5e28e9bce7d08.exe
C:\ProgramData\mscim.exe
C:\Users\ALA\AppData\Local\Temp\KB00503602.exe
C:\Users\ALA\AppData\Local\Temp\KB279657501.exe
C:\Users\ALA\AppData\Local\Temp\KB279658171.exe
C:\Users\ALA\AppData\Local\Temp\KB279659123.exe
C:\Users\ALA\AppData\Local\Temp\KB287190196.exe
C:\Users\ALA\AppData\Local\Temp\KB287495896.exe
C:\Users\ALA\AppData\Local\Temp\KB287796931.exe
C:\Users\ALA\AppData\Local\Temp\retds1.exe
C:\Users\ALA\AppData\Local\Temp\reuqie.scr
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MSStp => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mncwmojSrv => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\2934679997 => value deleted successfully.
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2934679997 => Value not found.
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\Software\Microsoft\Windows\CurrentVersion\Run\\50fce1d8cc92b5f2d3d5e28e9bce7d08 => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
C:\Users\ALA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDD.vbs => Moved successfully.
C:\Users\ALA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winxp.vbs => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{55E19115-8EF8-465C-90AC-DEACC491B0CC} => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07E1A5F7-4853-465A-BF84-299A6E798F98}" => Key deleted successfully.
"HKCR\CLSID\{07E1A5F7-4853-465A-BF84-299A6E798F98}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
"HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" => Key deleted successfully.
"HKCR\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23A078D7-C722-48DC-94A5-DF4CC8ACB3BE}" => Key deleted successfully.
"HKCR\CLSID\{23A078D7-C722-48DC-94A5-DF4CC8ACB3BE}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50149EB7-8536-4BFB-AB9F-047BB6D4ECBA}" => Key deleted successfully.
"HKCR\CLSID\{50149EB7-8536-4BFB-AB9F-047BB6D4ECBA}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}" => Key deleted successfully.
"HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.
"HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{55E19115-8EF8-465C-90AC-DEACC491B0CC} => value deleted successfully.
"HKCR\CLSID\{55E19115-8EF8-465C-90AC-DEACC491B0CC}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => value deleted successfully.
"HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.
"HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}" => Key not found.
C:\Users\ALA\AppData\Roaming\tor => Moved successfully.

"C:\Users\ALA\AppData\Roaming\ExampleFolder" directory move:

C:\Users\ALA\AppData\Roaming\ExampleFolder\Example.bat => Moved successfully.
C:\Users\ALA\AppData\Roaming\ExampleFolder\Example.exe => Moved successfully.
Could not move "C:\Users\ALA\AppData\Roaming\ExampleFolder" directory. => Scheduled to move on reboot.

C:\Users\ALA\AppData\Roaming\suntor.exe => Moved successfully.
C:\Users\ALA\AppData\Roaming\suntor.bat => Moved successfully.
C:\Program Files (x86)\Cube World + Crack [CZ] => Moved successfully.
C:\Windows\SysWOW64\acumncwmoj.exe => Moved successfully.
C:\Windows\SysWOW64\lcpmncwmoj.exe => Moved successfully.
"C:\Users\ALA\AppData\Local\Temp\50fce1d8cc92b5f2d3d5e28e9bce7d08.exe" => File/Directory not found.
C:\ProgramData\mscim.exe => Moved successfully.
"C:\Users\ALA\AppData\Local\Temp\KB00503602.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB279657501.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB279658171.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB279659123.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB287190196.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB287495896.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB287796931.exe" => File/Directory not found.
C:\Users\ALA\AppData\Local\Temp\retds1.exe => Moved successfully.
C:\Users\ALA\AppData\Local\Temp\reuqie.scr => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-28 23:33:17)<=

C:\Users\ALA\AppData\Roaming\ExampleFolder => Is moved successfully.

==== End of Fixlog ====

[motji]

Pokračujeme

Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

[Aljushka]

Výpis z JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by ALA on st 29. 10. 2014 at 9:10:17,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\ALA\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\ALA\appdata\local\imesh"
Successfully deleted: [Folder] "C:\Users\ALA\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\ALA\appdata\locallow\facemoods.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\crawler"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 29. 10. 2014 at 9:13:44,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Aljushka]

Log z AdwCleaner:

# AdwCleaner v4.002 - Report created 29/10/2014 at 09:20:02
# DB v
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ALA - ALA-TOSH
# Running from : C:\Users\ALA\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [709 octets] - [29/10/2014 09:16:53]
AdwCleaner[S0].txt - [624 octets] - [29/10/2014 09:20:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [683 octets] ##########

[motji]

Ten ADW cleaner vypadá ideálně , jak to vypadá s pc?
Zoek bude trvat trošku déle, nelekněte se

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

A ještě použijte malwarebytes, log pak poprosím vložte zde
http://forum.viry.cz/viewtopic.php?f=29&t=137928

A po celé této očistě mi pošlete nový log z FRstu a nahlašte stav pc

[Aljushka]

stav PC: už aspoň nevyskakuje pořád to okno s tou hláškou a dá se normálně v ntb dělat. Jen na ploše je místo pozadí pořád tohle:

stav pc [800x600].png (216.57 KiB) Zobrazeno 2149 x

jdu pokračovat v tom čištění.

[Aljushka]

když dám spustit zoek.exe, tak mi to vyhodí okno s hláškou, že systém windows se vypne za necelou minutu.
ntb se restartuje a nic.

[motji]

Poprosím o nový log z Frstu a udělejte zatím malwarebytes.

[motji]

Otestujte ještě na www.virustotal.com

Kód: Vybrat vše

C:\Windows\SysWOW64\dcgmncwmoj.exe

-dejte reanalyze

[Aljushka]

Otestujte ještě na http://www.virustotal.com

Kód: Vybrat vše

C:\Windows\SysWOW64\dcgmncwmoj.exe

-dejte reanalyze

otestováno - pořád to nevypadá dobře

Skopčený výsledek jen těch antivirů, co ho objevili:

Antivirus Result Update
AVG Skodna.BitCoinMiner.FN 20141029
AVware Trojan.Win32.CoinMiner.ba (v) 20141029
Ad-Aware Application.Bitcoinminer.DX 20141029
AegisLab W32.Virut 20141029
Agnitum Trojan.Graftor!Dym6n9oHHfo 20141028
AhnLab-V3 Trojan/Win32.BitMiner 20141029
Avast Win32:PUP-gen [PUP] 20141029
Avira SPR/BitCoinMiner.BT 20141029
Baidu-International Hacktool.Win32.BitCoinMiner.BBF 20141027
BitDefender Application.Bitcoinminer.DX 20141029
Bkav W32.Clod10e.Trojan.a78a 20141027
Comodo TrojWare.Win32.UMal.~A 20141029
Cyren W32/Trojan.GVQN-4393 20141029
DrWeb Tool.BtcMine.155 20141029
ESET-NOD32 a variant of Win32/BitCoinMiner.BY 20141029
F-Secure Application.Bitcoinminer.DX 20141029
GData Application.Bitcoinminer.DX 20141029
Ikarus Win32.SuspectCrc 20141029
K7AntiVirus Trojan ( 0044c9a01 ) 20141028
K7GW Trojan ( 0044c9a01 ) 20141029
Kingsoft Win32.Troj.Generic.a.(kcloud) 20141029
Malwarebytes Trojan.BitMiner 20141029
McAfee RDN/Generic PUP.x!blp 20141029
McAfee-GW-Edition BehavesLike.Win32.Obfuscated.dh 20141028
MicroWorld-eScan Application.Bitcoinminer.DX 20141029
NANO-Antivirus Riskware.Win32.BtcMine.cxpnxr 20141029
Norman BitCoinMiner.AZL 20141029
Symantec SecurityRisk.BL 20141029
VIPRE Trojan.Win32.CoinMiner.ba (v) 20141029
ViRobot Trojan.Win32.S.BitMiner.972814 20141029

[motji]

Já jsme si to myslela, už jsem ho mazala, ale je zpět
Co ten malwarebytes?

[Aljushka]

Já jsme si to myslela, už jsem ho mazala, ale je zpět
Co ten malwarebytes?

Malwarebytes pořád skenuje... asi to tak brzo nebude.

[motji]

Znovu ulozte do poznámkového bloku:

Kód: Vybrat vše

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\MountPoints2: {143d5d34-0bdd-11df-9f69-806e6f6e6963} - E:\AUTORUN.exe
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\MountPoints2: {262ea2c0-02cc-11e1-bbdd-806e6f6e6963} - F:\Setup.exe
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\MountPoints2: {343fd7f6-d04b-11df-94af-c7b98ae35ca0} - F:\autorun.exe
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\MountPoints2: {53cbc8b1-485b-11df-a14c-002622fcf678} - F:\USBAutoRun.exe
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\MountPoints2: {a40e874d-75ae-11e1-ac4c-002622fcf678} - I:\LGAutoRun.exe
DPF: HKLM {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} 
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (SocialPlus!) - C:\Users\ALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eidogommnbbcgnhfjkcgjnlonijjhmjl [2010-06-30]
CHR Extension: (Peněženka Google) - C:\Users\ALA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
C:\Users\ALA\Downloads\X-Ray-Scanner.apk
 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cube World + Crack [CZ]

-uložte vedle Frstu jako fixlist.txt. Spusťte Frst a klikněte na Fix.

Po restartu nahlašte stav pc.