Nelze spustit centrum zabezpečení windows

[doxorianus]

Zdravím,
Dostal se mi do ntb nějaký malware/vir ((Bloodhound.Malautoit, Trojan.Gen.2, Hacktool, DarkComet RAT/DC Keylogger), který jsem odstranil přes antivir Norton. Nyní se zdá být vše OK, ale nemohu spustit centrum zabezpečení Windows.

Můžete mi s tím pomoci?



Předem díky

[doxorianus]

Přikládám log z RSIT

[vyosek]

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Aplikujte MBAM dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928

[doxorianus]

Zde je log z Adwcleaner

# AdwCleaner v4.106 - Report created 03/01/2015 at 19:14:59
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Roman
# Running from : C:\Users\Roman\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Roman\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Roman\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.best-deals-products.com_0.localstorage-journal
File Deleted : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.best-deals-products.com_0.localstorage-journal
File Deleted : C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.best-deals-products.com_0.localstorage

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [3470 octets] - [03/01/2015 19:13:24]
AdwCleaner[S0].txt - [3374 octets] - [03/01/2015 19:14:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3434 octets] ##########

[vyosek]

Pokracujte MBAMem...

[doxorianus]

Log z MBAM...

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 3. 1. 2015
Čas skenování: 19:25:08
Protokol: logMBAM.txt
Správce: Ano

Verze: 2.00.4.1028
Databáze malwaru: v2015.01.03.08
Databáze rootkitů: v2014.12.30.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Sebeobrany: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Roman

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 575784
Uplynulý čas: 1 hod, 21 min, 36 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Žádné zákerné zjištěny položek)

Moduly: 0
(Žádné zákerné zjištěny položek)

Klíče registru: 1
Malware.Trace, HKU\S-1-5-21-1870482190-437759098-2633475463-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [58acbf34395095a10274cf7a7c88e11f],

Hodnoty registru: 0
(Žádné zákerné zjištěny položek)

Data registru: 2
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Dobré: (0), Špatné: (1),,[37cd28cb1079f6404d59e69bc243827e]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Dobré: (0), Špatné: (1),,[f311797ad5b49b9bc9dff58cf21312ee]

Složky: 0
(Žádné zákerné zjištěny položek)

Soubory: 1
PUP.Optional.OpenCandy, C:\Download\DTLite4491-0356.exe, , [5ba940b3ddacd85ecb43e3cae71ea55b],

Fyzické sektory: 0
(Žádné zákerné zjištěny položek)


(end)

[vyosek]

Nalezy smazte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[doxorianus]

Log ze Zoek:


Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Roman on so 03. 01. 2015 at 20:59:24,90.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Roman\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

3. 1. 2015 21:00:18 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\New Folder deleted successfully
C:\Users\Roman\AppData\Roaming\Opera Software deleted successfully
C:\Users\Roman\AppData\Local\GHISLER deleted successfully
C:\Users\Roman\AppData\Local\Opera Software deleted successfully
C:\Users\Roman\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\windows\sysWoW64\config\systemprofile\.android deleted
C:\Users\Public\Pokki deleted
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PC App Store.lnk deleted
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deleted
C:\PROGRA~3\Pokki deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\Roman\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn" [03. 01. 2015 20:59]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx[20. 09. 2014 09:52]

Norton Identity Safe - Roman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif

==== Chromium Fix ======================

C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.best-deals-products.com_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{15A4924A-1085-4F68-915D-6BCAA304DE92} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Internet Explorer\SearchScopes\{15A4924A-1085-4F68-915D-6BCAA304DE92} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Roman\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Roman\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Roman\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Roman\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Roman\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=9654 folders=234 571785596 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Roman\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Roman\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on so 03. 01. 2015 at 21:13:28,60 ======================

[vyosek]

Stahnete Service Repair http://kb.eset.com/library/ESET/KB%20Te ... Repair.exe

• Ulozte nejlepe na Plochu
• Spustte a potvrdte Yes abyste potvrdil reinstalaci sluzeb
• Nasledne kliknutim na Yes potvrdte restart PC
• Na Plose vznikne slozka CC Support, najdete tam log SvcRepair.txt - mel by byt CC Support\Logs\SvcRepair.txt - vlozte mi jej sem

[doxorianus]

Log:

Log Opened: 2015-01-03 @ 22:15:54
22:15:54 - -----------------
22:15:54 - | Begin Logging |
22:15:54 - -----------------
22:15:54 - Fix started on a WIN_8 X64 computer
22:15:54 - Prep in progress. Please Wait.
22:15:54 - Prep complete
22:15:54 - Repairing Services Now. Please wait...
22:15:55 - Services Repair Complete.
22:16:00 - Reboot Initiated

[vyosek]

Jak se chova ntb??

Dejte log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

[doxorianus]

Ntb se chová normálně, centrum zabezpečení stále nejde spustit.

Logy v příloze

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
  HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Run: [uTorrent] => C:\Apps\uTorrent\utorrent.exe [1942864 2014-09-01] (BitTorrent Inc.)
  HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
  HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
  HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
  HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Policies\system: [EnableLUA] 0
  HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Winlogon: [Shell] C:\windows\explorer.exe [2501368 2014-10-29] (Microsoft Corporation) <==== ATTENTION 
  
  HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
  HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  
  CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
  CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
  
  R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [965776 2014-10-26] (@ByELDI) [File not signed]
  
  C:\Program Files\KMSpico
  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
  2015-01-03 22:45 - 2015-01-03 22:45 - 00023494 _____ () C:\Users\Roman\Desktop\FRST.txt
  2015-01-03 22:37 - 2015-01-03 22:37 - 00112640 _____ (forum.viry.cz) C:\Users\Roman\Desktop\frstlauncher[2].exe
  2015-01-03 22:15 - 2015-01-03 22:15 - 04009167 _____ () C:\Users\Roman\Desktop\ServicesRepair.exe
  2015-01-03 22:15 - 2015-01-03 22:15 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
  2015-01-03 21:10 - 2015-01-03 20:59 - 00024064 _____ () C:\windows\zoek-delete.exe
  2015-01-03 21:00 - 2015-01-03 21:13 - 00007135 _____ () C:\zoek-results.log
  2015-01-03 20:59 - 2015-01-03 21:09 - 00000000 ____D () C:\zoek_backup
  2015-01-03 19:13 - 2015-01-03 19:15 - 00000000 ____D () C:\AdwCleaner
  2015-01-03 18:31 - 2015-01-03 18:31 - 02173952 _____ () C:\Users\Roman\Desktop\adwcleaner_4.106.exe
  2015-01-03 18:18 - 2015-01-03 18:18 - 00042104 _____ () C:\Users\Roman\Desktop\log.zip
  2015-01-03 17:05 - 2015-01-03 17:06 - 00000000 ____D () C:\rsit
  2015-01-03 17:05 - 2015-01-03 17:06 - 00000000 ____D () C:\Program Files\trend micro
  
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

- - -

Zkuste pouzit tento FixIt http://go.microsoft.com/?linkid=9827637

[doxorianus]

fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03
Ran by Roman at 2015-01-03 23:06:47 Run:1
Running from C:\Users\Roman\Desktop
Loaded Profile: Roman (Available profiles: Roman)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Run: [uTorrent] => C:\Apps\uTorrent\utorrent.exe [1942864 2014-09-01] (BitTorrent Inc.)
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\...\Winlogon: [Shell] C:\windows\explorer.exe [2501368 2014-10-29] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [965776 2014-10-26] (@ByELDI) [File not signed]

C:\Program Files\KMSpico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-01-03 22:45 - 2015-01-03 22:45 - 00023494 _____ () C:\Users\Roman\Desktop\FRST.txt
2015-01-03 22:37 - 2015-01-03 22:37 - 00112640 _____ (forum.viry.cz) C:\Users\Roman\Desktop\frstlauncher[2].exe
2015-01-03 22:15 - 2015-01-03 22:15 - 04009167 _____ () C:\Users\Roman\Desktop\ServicesRepair.exe
2015-01-03 22:15 - 2015-01-03 22:15 - 00000000 ____D () C:\Users\Public\Desktop\CC Support
2015-01-03 21:10 - 2015-01-03 20:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-01-03 21:00 - 2015-01-03 21:13 - 00007135 _____ () C:\zoek-results.log
2015-01-03 20:59 - 2015-01-03 21:09 - 00000000 ____D () C:\zoek_backup
2015-01-03 19:13 - 2015-01-03 19:15 - 00000000 ____D () C:\AdwCleaner
2015-01-03 18:31 - 2015-01-03 18:31 - 02173952 _____ () C:\Users\Roman\Desktop\adwcleaner_4.106.exe
2015-01-03 18:18 - 2015-01-03 18:18 - 00042104 _____ () C:\Users\Roman\Desktop\log.zip
2015-01-03 17:05 - 2015-01-03 17:06 - 00000000 ____D () C:\rsit
2015-01-03 17:05 - 2015-01-03 17:06 - 00000000 ____D () C:\Program Files\trend micro

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GShortCut => value deleted successfully.
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value deleted successfully.
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => value deleted successfully.
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Service 16 => value deleted successfully.
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\EnableLUA => value deleted successfully.
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-1870482190-437759098-2633475463-1001\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
Service KMSELDI => Service deleted successfully.
C:\Program Files\KMSpico => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico => Moved successfully.
C:\Users\Roman\Desktop\FRST.txt => Moved successfully.
C:\Users\Roman\Desktop\frstlauncher[2].exe => Moved successfully.
C:\Users\Roman\Desktop\ServicesRepair.exe => Moved successfully.
C:\Users\Public\Desktop\CC Support => Moved successfully.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Roman\Desktop\adwcleaner_4.106.exe => Moved successfully.
C:\Users\Roman\Desktop\log.zip => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 53.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog 23:07:10 ====

[doxorianus]

Fixit aplikován - oprava provedena - centrum zabezpečení je spuštěno