Prosím o kontrolu logu

[Peelie]

V správcovi úloh mi beží veľa nejakých čínskych procesov.


Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2015-06-17 14:49:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 30 GB (28%) free of 110 GB
Total RAM: 8154 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:50:16, on 17. 6. 2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTray.exe
C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\plugins\QMNetMon\QQPCNetFlow.exe
C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCRealTimeSpeedup.exe
C:\PROGRAM FILES (X86)\RISING\RAV\RSTRAY.EXE
C:\Program Files\trend micro\Martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts ... XXZ2AKY9N1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=dsp ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=dsp ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=91284697_hao_pg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts ... XXZ2AKY9N1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=91284697_hao_pg
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BDHOOK - {15DEE173-1BE9-4424-81E0-58A87076E9B1} - C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\websafe\WebMonBHO.dll
O2 - BHO: WebGuard BHO Class - {1B2639A9-EE25-4AE7-A2E3-B308F08125C4} - C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\WebGuardBHO.dll
O2 - BHO: QPMIEHelper - {50F4150A-48B2-417A-BE4C-C83F580FB904} - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll (file missing)
O2 - BHO: LuckyTab Class - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - C:\Program Files (x86)\MiuiTab\SupTab.dll (file missing)
O2 - BHO: AFFAC708-93F0-E899-48CB-0B6F848DF109 Class - {AFFAC708-93F0-E899-48CB-0B6F848DF109} - C:\Program Files (x86)\BaiduAddr\{AFFAC708-93F0-E899-48CB-0B6F848DF109}\AddressBar.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Rs] C:\Program Files (x86)\Rs\Rs.exe
O4 - HKLM\..\Run: [RSDTRAY] "C:\Program Files (x86)\Rising\RSD\popwndexe.exe"
O4 - HKLM\..\Run: [baidusdTray] "C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe" -stmd=3
O4 - HKLM\..\Run: [ QQPCTray] "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTray.exe" /regrun
O4 - HKLM\..\Run: [RavTRAY] "C:\Program Files (x86)\Rising\RAV\rstray.exe" -system
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Q_Magazine_-_June_2015.pdf.lnk = C:\ProgramData\{15368ad3-cd1b-67a2-1536-68ad3cd12b4f}\Q_Magazine_-_June_2015.pdf.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: kuwo - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0C} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: BaiduHips - ????????(??)???? - C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
O23 - Service: BDKVRTP Service (BDKVRTP) - ????????(??)???? - C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Rsd Service (RsMgrSvc) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
O23 - Service: Rav Service (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files (x86)\Rising\RAV\ravmond.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8319 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe"
"C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe" -r
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCRtp.exe" -r
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTray.exe" /elevated /regrun
"C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe" -stmd=3
"C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdUProxy64.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\plugins\QMNetMon\QQPCNetFlow.exe" /regrun /elevated
"C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCRealTimeSpeedup.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Rising\RAV\ravmond.exe"
"C:\PROGRAM FILES (X86)\RISING\RAV\RSTRAY.EXE"

taskeng.exe {52C7C255-AF0B-483C-8DB8-81190B9706A2}
"C:\Users\Martin\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Bidaily Synchronize Task[973b].job - c:\programdata\{634e2d5b-2ed3-75ac-634e-e2d5b2edb56c}\download.exe --startup=1 --single

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}]
电脑管家网页防火墙 - C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TSWebMon64.dat [2015-06-16 414560]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}]
WebMonBHO - C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\websafe\WebMonBHO.dll [2015-06-08 490376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B2639A9-EE25-4AE7-A2E3-B308F08125C4}]
WebGuardBHO - C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\WebGuardBHO.dll [2015-06-16 490376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}]
Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
LuckyTab Class - C:\Program Files (x86)\MiuiTab\SupTab.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFFAC708-93F0-E899-48CB-0B6F848DF109}]
AFFAC708-93F0-E899-48CB-0B6F848DF109 Class - C:\Program Files (x86)\BaiduAddr\{AFFAC708-93F0-E899-48CB-0B6F848DF109}\AddressBar.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"=C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2015-06-10 2020920]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-11-20 767176]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"Rs"=C:\Program Files (x86)\Rs\Rs.exe []
"RSDTRAY"=C:\Program Files (x86)\Rising\RSD\popwndexe.exe [2012-09-25 126808]
"baidusdTray"=C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdTray.exe [2015-06-08 2526216]
" QQPCTray"=C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTray.exe [2015-06-16 355296]
"RavTRAY"=C:\Program Files (x86)\Rising\RAV\rstray.exe [2015-06-16 111000]

C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Q_Magazine_-_June_2015.pdf.lnk - C:\ProgramData\{15368ad3-cd1b-67a2-1536-68ad3cd12b4f}\Q_Magazine_-_June_2015.pdf.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\QQPCRTP]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-06-17 14:50:06 ----D---- C:\Program Files\trend micro
2015-06-17 14:49:58 ----D---- C:\rsit
2015-06-17 14:43:26 ----D---- C:\ProgramData\TXQMPC
2015-06-17 14:33:01 ----D---- C:\AdwCleaner
2015-06-16 19:31:16 ----N---- C:\Windows\SYSWOW64\vpatch.dll
2015-06-16 19:31:15 ----RD---- C:\RavBin
2015-06-16 19:31:03 ----A---- C:\Windows\SYSWOW64\BsMain.ini
2015-06-16 19:31:01 ----N---- C:\Windows\SYSWOW64\ravext.dll
2015-06-16 19:31:01 ----N---- C:\Windows\system32\ravext64.dll
2015-06-16 19:31:00 ----N---- C:\Windows\SYSWOW64\bsmain.exe
2015-06-16 19:31:00 ----N---- C:\Windows\system32\drivers\hvm.sys
2015-06-16 18:39:32 ----A---- C:\Windows\SYSWOW64\drivers\TS888x64.sys
2015-06-16 18:39:29 ----D---- C:\Program Files\Common Files\Tencent
2015-06-16 18:39:00 ----D---- C:\Program Files (x86)\Definitions
2015-06-16 18:20:09 ----A---- C:\Windows\system32\drivers\TSSKX64.sys
2015-06-16 18:02:09 ----A---- C:\Windows\system32\drivers\TAOKernel64.sys
2015-06-16 18:02:09 ----A---- C:\Windows\system32\drivers\TAOAccelerator64.sys
2015-06-16 18:02:07 ----A---- C:\Windows\system32\drivers\tfsfltX64.sys
2015-06-16 17:58:06 ----D---- C:\Program Files (x86)\Tencent
2015-06-16 17:58:01 ----D---- C:\Users\Martin\AppData\Roaming\Tencent
2015-06-16 17:58:01 ----D---- C:\ProgramData\Tencent
2015-06-16 17:56:36 ----A---- C:\Windows\system32\drivers\BDMWrench_x64.sys
2015-06-16 17:56:36 ----A---- C:\Windows\system32\drivers\BDDefense.sys
2015-06-16 17:56:35 ----A---- C:\Windows\system32\drivers\bd0003.sys
2015-06-16 17:56:34 ----A---- C:\Windows\system32\drivers\BDArKit.SYS
2015-06-16 17:56:33 ----A---- C:\Windows\system32\drivers\bd0002.sys
2015-06-16 17:56:30 ----D---- C:\Users\Martin\AppData\Roaming\Baidu
2015-06-16 17:56:25 ----D---- C:\ProgramData\Baidu
2015-06-16 17:56:25 ----D---- C:\Program Files (x86)\Baidu
2015-06-16 17:54:36 ----RSH---- C:\rising.ini
2015-06-16 17:54:35 ----N---- C:\Windows\system32\drivers\sysmon.sys
2015-06-16 17:54:35 ----N---- C:\Windows\system32\drivers\rsutils.sys
2015-06-16 17:54:35 ----N---- C:\Windows\system32\drivers\rsndisp.sys
2015-06-16 17:54:17 ----D---- C:\ProgramData\Rising
2015-06-16 17:54:17 ----D---- C:\Program Files (x86)\Rising
2015-06-16 17:54:08 ----D---- C:\Program Files (x86)\Rs
2015-06-16 17:53:56 ----A---- C:\Windows\prleth.sys
2015-06-16 17:53:56 ----A---- C:\Windows\hgfs.sys
2015-06-16 17:53:26 ----D---- C:\Program Files (x86)\CutterGeneration
2015-06-16 17:53:02 ----D---- C:\ProgramData\367494974035915134
2015-06-16 16:37:33 ----D---- C:\Users\Martin\AppData\Roaming\Isoplex
2015-06-01 12:27:31 ----D---- C:\Program Files (x86)\One Number
2015-06-01 12:06:59 ----D---- C:\Program Files (x86)\TampaTrim
2015-05-20 21:36:35 ----D---- C:\Users\Martin\AppData\Roaming\AMD
2015-05-20 21:36:09 ----D---- C:\Users\Martin\AppData\Roaming\Skype
2015-05-20 21:35:46 ----D---- C:\ProgramData\Skype
2015-05-20 21:34:59 ----D---- C:\Users\Martin\AppData\Roaming\RHEng
2015-05-20 21:34:45 ----D---- C:\Users\Martin\AppData\Roaming\DivX
2015-05-20 21:32:59 ----D---- C:\ProgramData\DivX

======List of files/folders modified in the last 1 month======

2015-06-17 14:50:12 ----D---- C:\Windows\Temp
2015-06-17 14:50:06 ----RD---- C:\Program Files
2015-06-17 14:43:26 ----HD---- C:\ProgramData
2015-06-17 14:39:45 ----RD---- C:\Program Files (x86)
2015-06-17 14:39:45 ----D---- C:\Program Files (x86)\Common Files
2015-06-17 14:29:42 ----D---- C:\Windows\system32\Tasks
2015-06-16 19:31:16 ----D---- C:\Windows\SysWOW64
2015-06-16 19:31:01 ----D---- C:\Windows\System32
2015-06-16 19:31:00 ----D---- C:\Windows\system32\drivers
2015-06-16 18:47:00 ----SHD---- C:\Windows\Installer
2015-06-16 18:45:18 ----SHD---- C:\Config.Msi
2015-06-16 18:45:17 ----D---- C:\Windows\SYSWOW64\drivers
2015-06-16 18:44:55 ----D---- C:\Windows\inf
2015-06-16 18:44:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-06-16 18:39:29 ----D---- C:\Program Files\Common Files
2015-06-16 18:38:07 ----D---- C:\Windows
2015-06-16 18:36:46 ----SD---- C:\Users\Martin\AppData\Roaming\Microsoft
2015-06-16 18:36:03 ----SHD---- C:\System Volume Information
2015-06-16 18:20:07 ----D---- C:\Windows\Tasks
2015-06-16 18:08:32 ----D---- C:\Windows\system32\config
2015-06-16 18:02:02 ----RSD---- C:\Windows\Fonts
2015-06-16 17:58:15 ----D---- C:\Windows\winsxs
2015-06-15 20:22:46 ----D---- C:\Users\Martin\AppData\Roaming\Spotify
2015-06-11 11:27:42 ----D---- C:\Program Files (x86)\Opera
2015-06-10 19:46:31 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-06-02 18:21:05 ----A---- C:\Windows\Sandboxie.ini
2015-06-02 11:42:34 ----D---- C:\Windows\system32\catroot2
2015-05-31 10:48:15 ----A---- C:\Windows\WORDPAD.INI
2015-05-26 16:55:13 ----D---- C:\Windows\SoftwareDistribution
2015-05-26 16:49:23 ----D---- C:\Windows\Options
2015-05-26 16:48:12 ----D---- C:\Users\Martin\AppData\Roaming\FunUninstall
2015-05-25 11:23:54 ----D---- C:\Program Files (x86)\Google
2015-05-19 21:05:59 ----D---- C:\Users\Martin\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-04-22 213888]
R0 sysmon;sysmon; C:\Windows\system32\DRIVERS\sysmon.sys [2015-06-16 119256]
R1 bd0001;bd0001; C:\Windows\system32\DRIVERS\bd0001.sys [2015-06-08 202704]
R1 bd0002;bd0002; C:\Windows\system32\DRIVERS\bd0002.sys [2015-06-08 198600]
R1 BDDefense;BDDefense; C:\Windows\system32\drivers\BDDefense.sys [2015-06-08 103752]
R1 HyperVM;HyperVM; \??\C:\Windows\system32\drivers\hvm.sys [2015-06-16 41784]
R1 rsutils;rsutils; C:\Windows\system32\DRIVERS\rsutils.sys [2015-06-16 71760]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-04-22 60416]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-11-21 18959360]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-11-21 589312]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2014-06-21 94720]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-03 31232]
R3 TSSKX64;TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [2015-06-16 38200]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-04-22 18432]
R4 bd0003;bd0003; C:\Windows\system32\DRIVERS\bd0003.sys [2015-06-08 69448]
R4 BDArKit;BAIDU Ark Kit Service; \??\C:\Windows\System32\Drivers\BDArKit.SYS [2015-06-08 152392]
R4 BDMWrench_x64;BDMWrench_x64; C:\Windows\system32\DRIVERS\BDMWrench_x64.sys [2015-06-08 62280]
R4 QMUdisk;QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMUdisk64.sys [2015-06-16 62264]
R4 QQSysMonX64;QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQSysMonX64.sys [2015-06-16 129336]
R4 TAOKernelDriver;Tencent Auto Optimize Platform.; C:\Windows\System32\Drivers\TAOKernel64.sys [2015-06-16 174392]
R4 TFsFlt;TFsFlt; C:\Windows\system32\Drivers\TFsFltX64.sys [2015-06-16 87864]
R4 TSCPM;TSCPM; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\tscpm64.sys [2015-06-16 42296]
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 TAOAccelerator;Tencent TAOAccelerator driver.; \??\C:\Windows\system32\Drivers\TAOAccelerator64.sys [2015-06-16 99640]
S4 TSSysKit;TSSysKit; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TSSysKit64.sys [2015-06-16 87352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BaiduHips;BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [2015-06-08 64008]
R2 BDKVRTP;BDKVRTP Service; C:\Program Files (x86)\Baidu\BaiduSd\4.0.0.6697\BaiduSdSvc.exe [2015-06-08 805896]
R2 RsMgrSvc;Rsd Service; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [2015-06-16 184088]
R2 RsRavMon;Rav Service; C:\Program Files (x86)\Rising\RAV\ravmond.exe [2014-05-15 277552]
R4 QQPCRtp;QQPCMgr RTP Service; C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCRTP.exe [2015-06-16 297608]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-11-21 244736]
S2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [2014-11-20 344064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-06 267440]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-02-08 569024]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]

-----------------EOF-----------------

[vyosek]

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[Peelie]

Rising antivirus software kill virus sucsessfully trojan.
Žiaľ ak dám spustiť adwcleaner,tak sa nespustí,ale tak v pravom rohu sa objaví modrý obdlžnik a okrem iného je tam uvedené


Rising antivirus software

kill virus sucsessfully trojan.

[vyosek]

mrcha to brani

Zkuste restart PC, mackat F8, zvolit nouzovy rezim s praci v siti a tam jej spustit...

[Peelie]

Nie je iná možnosť,aby som nemusel dať nudzový režim?

[vyosek]

Tak zkusime, ale tohle je odolna mrcha

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbar
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

[Peelie]

Pomocou nejakej utility,čo som našiel pomocou googlu som odstránil ten falošný antivir a podarilo sa mi konečne spustiť adwcleaner.Posielam log po prečistení.
# AdwCleaner v4.206 - Log vytvorený 17/06/2015 at 15:55:26
# Aktualizované 01/06/2015 by Xplode
# Databáza : 2015-06-17.1 [Server]
# Operačný systém : Windows 7 Home Premium Service Pack 1 (x64)
# Uživateľské meno : Martin - MARTIN-PC
# Spustené z : C:\Users\Martin\Downloads\adwcleaner_4.206.exe
# Nastavenia : Čistenie

***** [ Služby ] *****

[#] Služba Zmazané : bd0003
[#] Služba Zmazané : BDMWrench_x64
Služba Zmazané : TSDefenseBt

***** [ Súbory / Priečinky ] *****

Priečinok Zmazané : C:\ProgramData\tencent
Priečinok Zmazané : C:\ProgramData\TXQMPC
Priečinok Zmazané : C:\Program Files (x86)\tencent
Priečinok Zmazané : C:\Program Files (x86)\Common Files\tencent
Priečinok Zmazané : C:\Program Files\Common Files\tencent
Priečinok Zmazané : C:\Users\Martin\AppData\Roaming\RHEng
Priečinok Zmazané : C:\Users\Martin\AppData\Roaming\tencent
Súbor Zmazané : C:\prefs.js
Súbor Zmazané : C:\Windows\System32\drivers\BDDefense.sys
Súbor Zmazané : C:\Windows\System32\drivers\bd0001.sys
Súbor Zmazané : C:\Windows\System32\drivers\bd0002.sys
Súbor Zmazané : C:\Windows\System32\drivers\bd0003.sys
Súbor Zmazané : C:\Windows\System32\drivers\BDArKit.SYS
Súbor Zmazané : C:\Windows\System32\drivers\BDMWrench_x64.sys
Súbor Zmazané : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\????.lnk
Súbor Zmazané : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????\????\????.lnk

***** [ Naplánované úlohy ] *****

Úloha Zmazané : amiupdaterExd
Úloha Zmazané : amiupdaterExi

***** [ Zástupcovia ] *****


***** [ Registre ] *****

Kľúč registra Zmazané : HKLM\SOFTWARE\Google\Chrome\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm
Kľúč registra Zmazané : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\BDShellExt.DLL
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Kľúč registra Zmazané : HKLM\SOFTWARE\CLASSES\METNSD
Kľúč registra Zmazané : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Kľúč registra Zmazané : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Kľúč registra Zmazané : HKLM\SOFTWARE\0b3583f5-fdc0-b1bc-9ffa-878f8469bc8f
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3621a1ae}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{c3f53c6}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{15DEE173-1BE9-4424-81E0-58A87076E9B1}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{00890530-6A9F-4BE2-B1BB-73F01E2BB986}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}
Kľúč registra Zmazané : HKLM\SOFTWARE\Classes\TypeLib\{C584409B-751E-4C22-902C-DB987E6189BC}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15DEE173-1BE9-4424-81E0-58A87076E9B1}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Classes\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}
Kľúč registra Zmazané : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Dáta Obnovené : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C2B6FCDF-505F-4E61-9F64-71C746BBBF55}
Kľúč registra Zmazané : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Kľúč registra Zmazané : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Kľúč registra Zmazané : HKCU\Software\APN PIP
Kľúč registra Zmazané : HKCU\Software\AskPartnerNetwork
Kľúč registra Zmazané : HKCU\Software\simplytech
Kľúč registra Zmazané : HKCU\Software\TNT2
Kľúč registra Zmazané : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Kľúč registra Zmazané : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Kľúč registra Zmazané : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Kľúč registra Zmazané : HKLM\SOFTWARE\AskPartnerNetwork
Kľúč registra Zmazané : HKLM\SOFTWARE\SupDp
Kľúč registra Zmazané : HKLM\SOFTWARE\SupTab
Kľúč registra Zmazané : HKLM\SOFTWARE\supWindowsMangerProtect
Kľúč registra Zmazané : HKLM\SOFTWARE\IHProtect
Kľúč registra Zmazané : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Kľúč registra Zmazané : HKLM\SOFTWARE\oursurfingSoftware
Kľúč registra Zmazané : HKLM\SOFTWARE\searchult
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Kľúč registra Zmazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Kľúč registra Zmazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

***** [ Webové prehliadače ] *****

-\\ Internet Explorer v9.0.8112.16421

Nastavenie Obnovené : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Nastavenie Obnovené : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Nastavenie Obnovené : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavenie Obnovené : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavenie Obnovené : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Nastavenie Obnovené : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

[ef26py92.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.order.1", "WebSearch");
[ef26py92.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.defaultenginename", "WebSearch");
[ef26py92.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.selectedEngine", "WebSearch");
[ef26py92.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.order.1,S", "WebSearch");
[ef26py92.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.defaultenginename,S", "WebSearch");
[ef26py92.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.selectedEngine,S", "WebSearch");
[ef26py92.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.order.1,S", "WebSearch");
[ef26py92.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.defaultenginename,S", "WebSearch");
[ef26py92.default\prefs.js] - Riadok Zmazané : user_pref("browser.search.selectedEngine,S", "WebSearch");

-\\ Google Chrome v

[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Zmazané [Search Provider] : hxxp://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24389&r=2015/05/22&hid=13996776668944965095&lg=EN&cc=SK&unqvl=88
[C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Zmazané [Default_Search_Provider_Data] :

-\\ Opera v30.0.1835.59


*************************

AdwCleaner[R5].txt - [23408 bajtov] - [17/06/2015 14:33:05]
AdwCleaner[R6].txt - [21355 bajtov] - [17/06/2015 15:54:48]
AdwCleaner[S4].txt - [1820 bajtov] - [17/06/2015 14:34:38]
AdwCleaner[S5].txt - [10638 bajtov] - [17/06/2015 15:55:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [10699 bajtov] ##########

[vyosek]

Co to bylo za utilitu?? Udelame dohodu - bud budete pouzivat a aplikovat moje nastroje a nebo si hledat a zkouset svoje, oboji zaroven nejde, ju...

Aplikujte nyni ten MBAR jeste

[Peelie]

Sorry,polepším sa. Scan na malwarebytes už ide 20 minút, teraz scanuje registre akosi dlho tak neviem,či ešte pracuje.

[Peelie]

Tak je to tu
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.06.17.03
rootkit: v2015.06.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: MARTIN-PC [administrator]

17. 6. 2015 16:46:00
mbar-log-2015-06-17 (16-46-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 345534
Time elapsed: 20 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[vyosek]

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[Peelie]

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Martin on st 17. 06. 2015 at 17:26:49,35.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Martin\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

17. 6. 2015 17:28:12 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Definitions deleted successfully
C:\PROGRA~2\Lavasoft deleted successfully
C:\PROGRA~2\Rs deleted successfully
C:\PROGRA~2\SoundFrost deleted successfully
C:\PROGRA~2\TampaTrim deleted successfully
C:\Program Files\ATI Technologies deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\RegRun deleted successfully
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully
C:\Users\Martin\AppData\Roaming\CloudMedia deleted successfully
C:\Users\Martin\AppData\Roaming\DataRepair deleted successfully
C:\Users\Martin\AppData\Roaming\FTWeak deleted successfully
C:\Users\Martin\AppData\Roaming\FunUninstall deleted successfully
C:\Users\Martin\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFFAC708-93F0-E899-48CB-0B6F848DF109} deleted successfully
HKEY_USERS\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFFAC708-93F0-E899-48CB-0B6F848DF109} deleted successfully
HKEY_USERS\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5D5DBD-C857-4377-A755-06E50B4AC2B0} deleted successfully
HKEY_USERS\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} deleted successfully
HKEY_USERS\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{639B74F1-0594-432C-97C8-68C8C17A1E1D} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AFFAC708-93F0-E899-48CB-0B6F848DF109} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFFAC708-93F0-E899-48CB-0B6F848DF109} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\prefs.js:

Added to C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Definitions not found
C:\PROGRA~2\Lavasoft not found
C:\PROGRA~2\Rs not found
C:\PROGRA~2\SoundFrost not found
C:\PROGRA~2\TampaTrim not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found
C:\PROGRA~2\CutterGeneration deleted
C:\PROGRA~2\Google Translate deleted
C:\PROGRA~2\One Number deleted
C:\windows\SysNative\Tasks\Bidaily Synchronize Task[973b] deleted
C:\PROGRA~3\367494974035915134 deleted
C:\Users\Martin\AppData\Local\31268 deleted
C:\PROGRA~3\DivX deleted
C:\Users\Martin\AppData\Roaming\ProductData deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Martin\AppData\Local\adawarebp deleted
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\extensions\staged deleted
C:\Users\Martin\AppData\Local\MSGBOX.EXE deleted
C:\Users\Martin\AppData\Local\Tempdivx645f.exe deleted
C:\Users\Martin\AppData\Local\Tempdivxd060.exe deleted
"C:\Users\Martin\AppData\Local\Tempdivx2b87" deleted
"C:\Users\Martin\AppData\Local\Tempdivx53a1" deleted
"C:\Users\Martin\AppData\Local\Tempdivx5c55" deleted
"C:\Users\Martin\AppData\Local\Tempdivx72a8" deleted
"C:\Users\Martin\AppData\Local\Tempdivxabb0" deleted
"C:\Users\Martin\AppData\Local\Tempdivxafdd" deleted
"C:\Users\Martin\AppData\Local\Tempdivxd8be" deleted
"C:\Users\Martin\AppData\Local\Tempdivxda27" deleted
"C:\Users\Martin\AppData\Local\Tempdivxe3bd" deleted
"C:\Users\Martin\AppData\Local\Tempdivxfc0b" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Proxy Settings ======================

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default
user_pref("network.proxy.autoconfig_url", "resource://jid1-zv8ehywtdnutwq-at-jetpack/unblock-youku/data/proxy.pac");
user_pref("network.proxy.type", 2);

==== Firefox Extensions ======================

ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default
- Unblock Youku - %ProfilePath%\extensions\jid1-zV8eHYwTDNUtwQ@jetpack.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================


Bookmark Manager - Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik

==== Chromium Startpages ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Web Data.ReadOnly was reset successfully
C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Martin\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=62 folders=37 26917369 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Martin\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Martin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on st 17. 06. 2015 at 17:42:37,14 ======================

[vyosek]

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

[Peelie]

Stiahol som ten FRST,preniesol ho na plochu a po kliknutí na FRST Launcher mi napísalo Vami stažený ....exe se nenachází na ploše dejte ho tam,a pak spusťte znovu, ale ja ten exe súbor vidím uvedený ako stiahnutý.Keď sa dostanem do adresára tam už je,ale len FRST64 bez toho exe.

[vyosek]

Tak spustte jen samotny FRST, bez Launcheru