Modu vyuzivajuci skype

[romanisko]

Zdravim,
ked som zobudzal pocitac zrazu sa cudne spraval, len cierna obrazovka na ktorej fungoval len kurzor. Ked som pocitac natvrdo restartoval pri starte skypu ziadal program "rlvknlg.exe" o pristup do skype. Subjektivne pocitac viac huci. Pri hodinach mam novu ikonu "RelevantKnowledge" po kliknuti to otvara stranku "my.RelevantKnowledge.com".

Mam Windows 8.1 a Compofix mi hlasi ze nepodporuje windows 2000. Log z Rsit sa nesmetil tak prikladam spolu s FRST logom v prilohe.

[Márty84]

Zdravim

Uvolnete nejake misto na disku, system se dusi.

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[romanisko]

Skor ako si stihol odpisat som uz pustil MBAM a da vsetko do karanteny Nasledne som restartoval pc a pustil AdwCleaner a tiez som dal vsetko odstranit. Logy prikladam

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12.2.2015
Scan Time: 9:12:23
Logfile: mallwarebytes anti-malware.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.12.02
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Palko

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 346501
Time Elapsed: 10 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.RelevantKnowledge, C:\Program Files (x86)\RelevantKnowledge\rlservice.exe, 2504, , [94fe56c73d4da88e9358a729c0457d83]
PUP.Optional.RelevantKnowledge, C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe, 8220, , [1b77879656349c9aad3ed000a06541bf]
PUP.Optional.RelevantKnowledge, C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe, 8992, , [0e84f726800a3cfae80319b7d03512ee]

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.RelevantKnowledge, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RelevantKnowledge, , [94fe56c73d4da88e9358a729c0457d83],
PUP.Optional.RelevantKnowledge, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831}, , [1b77879656349c9aad3ed000a06541bf],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge, , [811146d74c3ef2446fc0a2a647bc857b],
PUP.Optional.MarketScore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge, , [8f030f0e4545a393fc5584c705feef11],

Files: 16
PUP.Optional.RelevantKnowledge, C:\Program Files (x86)\RelevantKnowledge\rlservice.exe, , [94fe56c73d4da88e9358a729c0457d83],
PUP.Optional.RelevantKnowledge, C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe, , [1b77879656349c9aad3ed000a06541bf],
PUP.Optional.RelevantKnowledge, C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe, , [0e84f726800a3cfae80319b7d03512ee],
PUP.Optional.RelevantKnowledge, C:\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe, , [652d30edcfbb95a1bc2f4a86df26da26],
PUP.Optional.RelevantKnowledge, C:\Program Files (x86)\RelevantKnowledge\rlls.dll, , [d7bb3fdefe8c221485660ac6768f669a],
PUP.Optional.RelevantKnowledge, C:\Program Files (x86)\RelevantKnowledge\rlls64.dll, , [efa340dd494176c064879b353dc84eb2],
PUP.Optional.RelevantKnowledge, C:\Windows\System32\rlls64.dll, , [0f838598b7d303333dae7c54b74e40c0],
PUP.Optional.RelevantKnowledge, C:\Windows\SysWOW64\rlls.dll, , [751d5fbe94f67fb7e605e8e8d92c22de],
PUP.Optional.RelevantKnowledge, C:\Users\Palko\AppData\Local\Temp\CSMB12A.tmp, , [fa983ce1bad0cb6b948917aed82db54b],
PUP.Optional.AZLyrics.A, C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, , [177b0518a8e293a3eabb75202cd737c9],
PUP.Optional.AZLyrics.A, C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, , [860cd449d8b24bebe4c174219271f010],
Trojan.Agent, C:\Windows\SysWOW64\rlls.dll, , [aee4d14c90fa3303bc29101623e1718f],
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\ncncf.dat, , [811146d74c3ef2446fc0a2a647bc857b],
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\readme.txt, , [811146d74c3ef2446fc0a2a647bc857b],
PUP.Optional.MarketScore, C:\Program Files (x86)\RelevantKnowledge\rloci.bin, , [811146d74c3ef2446fc0a2a647bc857b],
PUP.Optional.MarketScore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\RelevantKnowledge.lnk, , [8f030f0e4545a393fc5584c705feef11],

Physical Sectors: 0
(No malicious items detected)


(end)



# AdwCleaner v4.110 - Logfile created 12/02/2015 at 09:56:36
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Palko - PALKO-840
# Running from : C:\Users\Palko\Downloads\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Folder Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc
Folder Found : C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Found : C:\Users\Palko\AppData\Local\PackageAware
Folder Found : C:\Users\Palko\AppData\Roaming\pdfforge

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1.1 (x86 sk)


-\\ Google Chrome v40.0.2214.111

[C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxps://software.ecmwf.int/wiki/dosearchsite.action?queryString={searchTerms}
[C:\Users\Palko\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

-\\ Opera v27.0.1689.69

*************************

AdwCleaner[R0].txt - [2921 bytes] - [12/02/2015 09:39:26]
AdwCleaner[R1].txt - [3022 bytes] - [12/02/2015 09:56:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3081 bytes] ##########

[Márty84]

OK. Ale kontrola MBAM nebyla nastavena tak, jak jsem chtel. Tohle byl jen sken hrozeb (Threat Scan). Ja bych rad vlastni sken (Custom Scan), idealne vsech disku.
Tak to spustte jeste jednou, at prohleda cely pocitac. Podle vysledku testu zvolim dalsi postup



29.3. pro neaktivitu http://forum.viry.cz/viewtopic.php?f=12&t=123975