VIRY.CZ

no jo, je mu 11 let a já mám momentálně na starosti malou 11-měsíční dcerku, tak kolikrát nemám čas hlídat vše co jsi do ntb stáhne a spustí - tohle mu bude ale obrovské ponaučení.


jinak odinstalovat ASC ani S&D nelze - vypisuje to: soubor je poškozen a že produkt nelze odinstalovat.
takže zkusím to aspoň to ostatní a pak napíšu.

Nevadí, pokračujte dál co jsem napsala. Budu tu tak do 23.hodin a pak ráno mrknu.
Co jsem viděla, máte spoustu her a k tomu nelegálně stažených...pokud je to jediný pc a používáte ho i k internetovéímu bankovnictví a pod, určitě synovi domluvte

tady Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by ALA at 2014-10-28 23:29:01 Run:1
Running from C:\Users\ALA\Desktop
Loaded Profile: ALA (Available profiles: ALA)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [MSStp] => C:\Windows\inf\msstp.vbe
HKLM-x32\...\Run: [mncwmojSrv] => C:\Windows\system32\mncwmoj.vbe
HKLM\...\Policies\Explorer\Run: [2934679997] => C:\ProgramData\mscim.exe [623104 2014-10-27] ( (EFD Software))
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\Run: [2934679997] => C:\Users\ALA\AppData\Roaming\mscim.exe
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\...\Run: [50fce1d8cc92b5f2d3d5e28e9bce7d08] => C:\Users\ALA\AppData\Local\Temp\50fce1d8cc92b5f2d3d5e28e9bce7d08.exe [299919 2014-10-27] (Novostrim, Inc.) <===== ATTENTION
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\ALA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDD.vbs ()
Startup: C:\Users\ALA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winxp.vbs ()
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10653A& ... -15857&t=4
URLSearchHook: HKCU - (No Name) - {55E19115-8EF8-465C-90AC-DEACC491B0CC} - No File
SearchScopes: HKLM-x32 - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=wfxt2&s={ ... }&src=chrm
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2351701
SearchScopes: HKCU - {07E1A5F7-4853-465A-BF84-299A6E798F98} URL = http://rover.ebay.com/rover/1/710-71511 ... earchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?clien ... cale=en_EU
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tbid=60327
SearchScopes: HKCU - {23A078D7-C722-48DC-94A5-DF4CC8ACB3BE} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {50149EB7-8536-4BFB-AB9F-047BB6D4ECBA} URL = http://www.amazon.co.uk/gp/search?ie=UT ... nkCode=ur2
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = http://dts.search.ask.com/sr?src=ieb&gc ... earchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2351701
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
Toolbar: HKCU - No Name - {55E19115-8EF8-465C-90AC-DEACC491B0CC} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
2014-10-28 09:29 - 2014-10-28 09:34 - 00000000 ____D () C:\Users\ALA\AppData\Roaming\tor
2014-10-27 20:08 - 2014-10-27 20:08 - 00000000 ____D () C:\Users\ALA\AppData\Roaming\ExampleFolder
2014-10-27 17:58 - 2014-10-27 17:58 - 00934912 _____ (EFD Software) C:\Users\ALA\AppData\Roaming\suntor.exe
2014-10-27 17:58 - 2014-10-27 17:58 - 00000050 _____ () C:\Users\ALA\AppData\Roaming\suntor.bat
C:\Program Files (x86)\Cube World + Crack [CZ]
C:\Windows\SysWOW64\acumncwmoj.exe
C:\Windows\SysWOW64\lcpmncwmoj.exe
C:\Users\ALA\AppData\Local\Temp\50fce1d8cc92b5f2d3d5e28e9bce7d08.exe
C:\ProgramData\mscim.exe
C:\Users\ALA\AppData\Local\Temp\KB00503602.exe
C:\Users\ALA\AppData\Local\Temp\KB279657501.exe
C:\Users\ALA\AppData\Local\Temp\KB279658171.exe
C:\Users\ALA\AppData\Local\Temp\KB279659123.exe
C:\Users\ALA\AppData\Local\Temp\KB287190196.exe
C:\Users\ALA\AppData\Local\Temp\KB287495896.exe
C:\Users\ALA\AppData\Local\Temp\KB287796931.exe
C:\Users\ALA\AppData\Local\Temp\retds1.exe
C:\Users\ALA\AppData\Local\Temp\reuqie.scr
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MSStp => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mncwmojSrv => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\2934679997 => value deleted successfully.
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\Software\Microsoft\Windows\CurrentVersion\Run\\2934679997 => Value not found.
HKU\S-1-5-21-3143607116-3805704415-591616805-1000\Software\Microsoft\Windows\CurrentVersion\Run\\50fce1d8cc92b5f2d3d5e28e9bce7d08 => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value deleted successfully.
C:\Users\ALA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDD.vbs => Moved successfully.
C:\Users\ALA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winxp.vbs => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{55E19115-8EF8-465C-90AC-DEACC491B0CC} => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07E1A5F7-4853-465A-BF84-299A6E798F98}" => Key deleted successfully.
"HKCR\CLSID\{07E1A5F7-4853-465A-BF84-299A6E798F98}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
"HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" => Key deleted successfully.
"HKCR\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23A078D7-C722-48DC-94A5-DF4CC8ACB3BE}" => Key deleted successfully.
"HKCR\CLSID\{23A078D7-C722-48DC-94A5-DF4CC8ACB3BE}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50149EB7-8536-4BFB-AB9F-047BB6D4ECBA}" => Key deleted successfully.
"HKCR\CLSID\{50149EB7-8536-4BFB-AB9F-047BB6D4ECBA}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}" => Key deleted successfully.
"HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.
"HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{55E19115-8EF8-465C-90AC-DEACC491B0CC} => value deleted successfully.
"HKCR\CLSID\{55E19115-8EF8-465C-90AC-DEACC491B0CC}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => value deleted successfully.
"HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => value deleted successfully.
"HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}" => Key not found.
C:\Users\ALA\AppData\Roaming\tor => Moved successfully.

"C:\Users\ALA\AppData\Roaming\ExampleFolder" directory move:

C:\Users\ALA\AppData\Roaming\ExampleFolder\Example.bat => Moved successfully.
C:\Users\ALA\AppData\Roaming\ExampleFolder\Example.exe => Moved successfully.
Could not move "C:\Users\ALA\AppData\Roaming\ExampleFolder" directory. => Scheduled to move on reboot.

C:\Users\ALA\AppData\Roaming\suntor.exe => Moved successfully.
C:\Users\ALA\AppData\Roaming\suntor.bat => Moved successfully.
C:\Program Files (x86)\Cube World + Crack [CZ] => Moved successfully.
C:\Windows\SysWOW64\acumncwmoj.exe => Moved successfully.
C:\Windows\SysWOW64\lcpmncwmoj.exe => Moved successfully.
"C:\Users\ALA\AppData\Local\Temp\50fce1d8cc92b5f2d3d5e28e9bce7d08.exe" => File/Directory not found.
C:\ProgramData\mscim.exe => Moved successfully.
"C:\Users\ALA\AppData\Local\Temp\KB00503602.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB279657501.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB279658171.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB279659123.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB287190196.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB287495896.exe" => File/Directory not found.
"C:\Users\ALA\AppData\Local\Temp\KB287796931.exe" => File/Directory not found.
C:\Users\ALA\AppData\Local\Temp\retds1.exe => Moved successfully.
C:\Users\ALA\AppData\Local\Temp\reuqie.scr => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-28 23:33:17)<=

C:\Users\ALA\AppData\Roaming\ExampleFolder => Is moved successfully.

==== End of Fixlog ====

Pokračujeme

Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

Výpis z JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by ALA on st 29. 10. 2014 at 9:10:17,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskPartnerCobrandingTool_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\ALA\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\ALA\appdata\local\imesh"
Successfully deleted: [Folder] "C:\Users\ALA\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\ALA\appdata\locallow\facemoods.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\crawler"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 29. 10. 2014 at 9:13:44,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log z AdwCleaner:

# AdwCleaner v4.002 - Report created 29/10/2014 at 09:20:02
# DB v
# Updated 27/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ALA - ALA-TOSH
# Running from : C:\Users\ALA\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [709 octets] - [29/10/2014 09:16:53]
AdwCleaner[S0].txt - [624 octets] - [29/10/2014 09:20:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [683 octets] ##########

Ten ADW cleaner vypadá ideálně , jak to vypadá s pc?
Zoek bude trvat trošku déle, nelekněte se

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

A ještě použijte malwarebytes, log pak poprosím vložte zde
http://forum.viry.cz/viewtopic.php?f=29&t=137928

A po celé této očistě mi pošlete nový log z FRstu a nahlašte stav pc

stav PC: už aspoň nevyskakuje pořád to okno s tou hláškou a dá se normálně v ntb dělat. Jen na ploše je místo pozadí pořád tohle:
jdu pokračovat v tom čištění.

když dám spustit zoek.exe, tak mi to vyhodí okno s hláškou, že systém windows se vypne za necelou minutu.
ntb se restartuje a nic.

Poprosím o nový log z Frstu a udělejte zatím malwarebytes.

Otestujte ještě na www.virustotal.com -dejte reanalyze

motji píše:Otestujte ještě na http://www.virustotal.com

Kód: Vybrat vše

C:\Windows\SysWOW64\dcgmncwmoj.exe

-dejte reanalyze

otestováno - pořád to nevypadá dobře

Skopčený výsledek jen těch antivirů, co ho objevili:

Antivirus Result Update
AVG Skodna.BitCoinMiner.FN 20141029
AVware Trojan.Win32.CoinMiner.ba (v) 20141029
Ad-Aware Application.Bitcoinminer.DX 20141029
AegisLab W32.Virut 20141029
Agnitum Trojan.Graftor!Dym6n9oHHfo 20141028
AhnLab-V3 Trojan/Win32.BitMiner 20141029
Avast Win32:PUP-gen [PUP] 20141029
Avira SPR/BitCoinMiner.BT 20141029
Baidu-International Hacktool.Win32.BitCoinMiner.BBF 20141027
BitDefender Application.Bitcoinminer.DX 20141029
Bkav W32.Clod10e.Trojan.a78a 20141027
Comodo TrojWare.Win32.UMal.~A 20141029
Cyren W32/Trojan.GVQN-4393 20141029
DrWeb Tool.BtcMine.155 20141029
ESET-NOD32 a variant of Win32/BitCoinMiner.BY 20141029
F-Secure Application.Bitcoinminer.DX 20141029
GData Application.Bitcoinminer.DX 20141029
Ikarus Win32.SuspectCrc 20141029
K7AntiVirus Trojan ( 0044c9a01 ) 20141028
K7GW Trojan ( 0044c9a01 ) 20141029
Kingsoft Win32.Troj.Generic.a.(kcloud) 20141029
Malwarebytes Trojan.BitMiner 20141029
McAfee RDN/Generic PUP.x!blp 20141029
McAfee-GW-Edition BehavesLike.Win32.Obfuscated.dh 20141028
MicroWorld-eScan Application.Bitcoinminer.DX 20141029
NANO-Antivirus Riskware.Win32.BtcMine.cxpnxr 20141029
Norman BitCoinMiner.AZL 20141029
Symantec SecurityRisk.BL 20141029
VIPRE Trojan.Win32.CoinMiner.ba (v) 20141029
ViRobot Trojan.Win32.S.BitMiner.972814 20141029

Já jsme si to myslela, už jsem ho mazala, ale je zpět
Co ten malwarebytes?

motji píše:Já jsme si to myslela, už jsem ho mazala, ale je zpět
Co ten malwarebytes?

Malwarebytes pořád skenuje... asi to tak brzo nebude.

Znovu ulozte do poznámkového bloku: -uložte vedle Frstu jako fixlist.txt. Spusťte Frst a klikněte na Fix.

Po restartu nahlašte stav pc.