Re: pomalý ntb, podivné chování
Napsal: 28 črc 2015 21:29
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 28.7.2015
Čas skenování: 12:00
Protokol:
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.07.28.02
Databáze rootkitů: v2015.07.22.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: okay
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 385953
Uplynulý čas: 10 hod, 24 min, 49 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 9
Trojan.Agent.CK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7A0E1FD9-2A5D-D2D7-D5FA-CD5659540668}_is1, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{78808D46-C2C1-013B-E303-22EC6E2B7BCD}_is1, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F794C028-A6D5-DF91-EA41-2BA1D047477A}_is1, , [9e845196f5952c0ae8f00b7106fe35cb],
PUP.Optional.MediaViewer.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewerV1alpha2054, , [fd2553944d3d6accd37263ecf70c629e],
PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha2426, , [f13154930b7f6dc9805b66e848bb6997],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1, , [d34f46a16a200036bf2ad4c8be46827e],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1home668, , [eb37b6316a2065d1d7130e719272ea16],
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\WOW6432NODE\WebexpEnhancedV1, , [a87ad51267233afcdc6731218182a15f],
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-1536827011-1506584884-3019231061-1000\SOFTWARE\torchimeshmoviestoolbar, , [7aa8ab3c602a8bab38f2a8ad8f744bb5],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 8
PUP.Optional.SweetIM.C, C:\Users\okay\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}, , [a37feafdb6d437ffe8e21bf80ef5eb15],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, , [78aa8f587d0d80b6d89f28106a99e11f],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr, , [f52d82653a50999d517ffc715ca8ef11],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\bitstreams, , [22002dbaeaa01f174ceb1bc0f111cf31],
PUP.Optional.Datamngr.A, C:\Users\okay\AppData\LocalLow\DataMngr, , [061c05e26525c37380149a4431d110f0],
PUP.Optional.CrossRider.A, C:\Users\okay\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgonpmchaeokedifbjenbcnjcdefdceg, , [111166817713c571f98db030e61cbb45],
Soubory: 37
Riskware.BitcoinMiner, C:\Users\Public\Public\minerd.exe, , [d44efaed5436c3736b2b5bb232cf5da3],
PUP.Proxy.BCM, C:\Users\Public\Public\mining_proxy.exe, , [41e19a4da2e8f541dd2c7d9b7e82ca36],
PUP.Optional.Somoto.A, C:\Users\okay\AppData\Local\Application Data\Bundled software uninstaller\bi_client.exe, , [33ef2bbc2c5e34021864db17d22e738d],
PUP.Optional.SweetIM, C:\Windows\Installer\31aa23b.msi, , [59c9499ea5e58caa73e02f3458adb848],
PUP.Optional.SweetIM, C:\Windows\Installer\31aa240.msi, , [8b975a8de4a6df57084bf96abd48cc34],
PUP.Optional.SweetIM.C, C:\Users\okay\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx, , [a37feafdb6d437ffe8e21bf80ef5eb15],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, , [78aa8f587d0d80b6d89f28106a99e11f],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, , [78aa8f587d0d80b6d89f28106a99e11f],
Trojan.Script, C:\Windows\SysWOW64\msjtbb.vbe, , [130f8760aae070c6fe02d87d26ddd52b],
Trojan.Script, C:\Windows\SysWOW64\msjtdp.vbe, , [071ba93e088265d120e02a2baa59a858],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg, , [f52d82653a50999d517ffc715ca8ef11],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, , [f52d82653a50999d517ffc715ca8ef11],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-1536827011-1506584884-3019231061-1000.cfg, , [f52d82653a50999d517ffc715ca8ef11],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins000.dat, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\Minecraft 1.5.2 plna hra.exe, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins000.exe, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins001.dat, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins001.exe, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins002.dat, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins002.exe, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\diablo130302.cl, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\diakgcn121016.cl, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\libcurl-4.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\libeay32.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\libidn-11.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\librtmp.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\libssh2.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\mnckamxo.exe, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\phatk121016.cl, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\poclbm130302.cl, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\scrypt130511.cl, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\ssleay32.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\zlib1.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [22002dbaeaa01f174ceb1bc0f111cf31],
PUP.Optional.Datamngr.A, C:\Users\okay\AppData\LocalLow\DataMngr\{2ad95a4b-54b3-4570-bc8b-e85db90c1775}64, , [061c05e26525c37380149a4431d110f0],
PUP.Optional.Datamngr.A, C:\Users\okay\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, , [061c05e26525c37380149a4431d110f0],
PUP.Optional.EnhancedSearch, C:\Users\okay\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Dobré: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Špatné: ("session":{"restore_on_startup":4,"startup_urls":["http://www.msn.com/?pc=UP97&ocid=UP97DH ... E543E5C6F4"]},"sync":{"remaining_rollback_tries":0}}), ,[d64c994e1f6bc274444d99dff21323dd]
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
www.malwarebytes.org
Datum skenování: 28.7.2015
Čas skenování: 12:00
Protokol:
Správce: Ano
Verze: 2.1.8.1057
Databáze malwaru: v2015.07.28.02
Databáze rootkitů: v2015.07.22.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: okay
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 385953
Uplynulý čas: 10 hod, 24 min, 49 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 9
Trojan.Agent.CK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7A0E1FD9-2A5D-D2D7-D5FA-CD5659540668}_is1, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{78808D46-C2C1-013B-E303-22EC6E2B7BCD}_is1, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F794C028-A6D5-DF91-EA41-2BA1D047477A}_is1, , [9e845196f5952c0ae8f00b7106fe35cb],
PUP.Optional.MediaViewer.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewerV1alpha2054, , [fd2553944d3d6accd37263ecf70c629e],
PUP.Optional.MediaView.A, HKLM\SOFTWARE\WOW6432NODE\MediaViewV1alpha2426, , [f13154930b7f6dc9805b66e848bb6997],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1, , [d34f46a16a200036bf2ad4c8be46827e],
PUP.Optional.MediaWatch.A, HKLM\SOFTWARE\WOW6432NODE\MediaWatchV1home668, , [eb37b6316a2065d1d7130e719272ea16],
PUP.Optional.WebExpEnhanced.A, HKLM\SOFTWARE\WOW6432NODE\WebexpEnhancedV1, , [a87ad51267233afcdc6731218182a15f],
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-1536827011-1506584884-3019231061-1000\SOFTWARE\torchimeshmoviestoolbar, , [7aa8ab3c602a8bab38f2a8ad8f744bb5],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 8
PUP.Optional.SweetIM.C, C:\Users\okay\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}, , [a37feafdb6d437ffe8e21bf80ef5eb15],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, , [78aa8f587d0d80b6d89f28106a99e11f],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr, , [f52d82653a50999d517ffc715ca8ef11],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\bitstreams, , [22002dbaeaa01f174ceb1bc0f111cf31],
PUP.Optional.Datamngr.A, C:\Users\okay\AppData\LocalLow\DataMngr, , [061c05e26525c37380149a4431d110f0],
PUP.Optional.CrossRider.A, C:\Users\okay\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgonpmchaeokedifbjenbcnjcdefdceg, , [111166817713c571f98db030e61cbb45],
Soubory: 37
Riskware.BitcoinMiner, C:\Users\Public\Public\minerd.exe, , [d44efaed5436c3736b2b5bb232cf5da3],
PUP.Proxy.BCM, C:\Users\Public\Public\mining_proxy.exe, , [41e19a4da2e8f541dd2c7d9b7e82ca36],
PUP.Optional.Somoto.A, C:\Users\okay\AppData\Local\Application Data\Bundled software uninstaller\bi_client.exe, , [33ef2bbc2c5e34021864db17d22e738d],
PUP.Optional.SweetIM, C:\Windows\Installer\31aa23b.msi, , [59c9499ea5e58caa73e02f3458adb848],
PUP.Optional.SweetIM, C:\Windows\Installer\31aa240.msi, , [8b975a8de4a6df57084bf96abd48cc34],
PUP.Optional.SweetIM.C, C:\Users\okay\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx, , [a37feafdb6d437ffe8e21bf80ef5eb15],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, , [78aa8f587d0d80b6d89f28106a99e11f],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, , [78aa8f587d0d80b6d89f28106a99e11f],
Trojan.Script, C:\Windows\SysWOW64\msjtbb.vbe, , [130f8760aae070c6fe02d87d26ddd52b],
Trojan.Script, C:\Windows\SysWOW64\msjtdp.vbe, , [071ba93e088265d120e02a2baa59a858],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\coordinator.cfg, , [f52d82653a50999d517ffc715ca8ef11],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, , [f52d82653a50999d517ffc715ca8ef11],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-1536827011-1506584884-3019231061-1000.cfg, , [f52d82653a50999d517ffc715ca8ef11],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins000.dat, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\Minecraft 1.5.2 plna hra.exe, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins000.exe, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins001.dat, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins001.exe, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins002.dat, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.CK, C:\Program Files (x86)\Minecraft 1.5.2 plna hra\unins002.exe, , [9e845196f5952c0ae8f00b7106fe35cb],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\diablo130302.cl, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\diakgcn121016.cl, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\libcurl-4.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\libeay32.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\libidn-11.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\librtmp.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\libssh2.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\mnckamxo.exe, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\phatk121016.cl, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\poclbm130302.cl, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\scrypt130511.cl, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\ssleay32.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\zlib1.dll, , [22002dbaeaa01f174ceb1bc0f111cf31],
Trojan.Agent.BCM, C:\Windows\inf\mnckamxo\bitstreams\fpgaminer_top_fixed7_197MHz.ncd, , [22002dbaeaa01f174ceb1bc0f111cf31],
PUP.Optional.Datamngr.A, C:\Users\okay\AppData\LocalLow\DataMngr\{2ad95a4b-54b3-4570-bc8b-e85db90c1775}64, , [061c05e26525c37380149a4431d110f0],
PUP.Optional.Datamngr.A, C:\Users\okay\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}64, , [061c05e26525c37380149a4431d110f0],
PUP.Optional.EnhancedSearch, C:\Users\okay\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Dobré: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Špatné: ("session":{"restore_on_startup":4,"startup_urls":["http://www.msn.com/?pc=UP97&ocid=UP97DH ... E543E5C6F4"]},"sync":{"remaining_rollback_tries":0}}), ,[d64c994e1f6bc274444d99dff21323dd]
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)