witam nie mogę usunąć hijack pum z menu start

[lakilu]

Mam zainfekowany menu start hijack pum ,nie mogę tego dziadostwa usunąć skanowałem malwarebytesem nie znajduje nic ,antywirus panda też czysto znajduje rogue killer zainfekowane klucze rejestru ale nieusówa;
RogueKiller V8.8.3 _x64_ [Jan 24 2014] od Tigzy
mail : tigzyRK<at>gmail<dot>com
Dodaj opinię : http://www.adlice.com/forum/
Strona internetowa : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

System Operacyjny : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Uruchomiono z : Tryb normalny
Użytkownik : sp9sdr [Uprawnienia Administratora]
Tryb : Skanuj -- Data : 02/05/2014 19:20:21
| ARK || FAK || MBR |

¤¤¤ Szkodliwe procesy : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [x] -> ZWOLNIONY

¤¤¤ Wpisy w Rejestrze : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> ZNALEZIONO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> ZNALEZIONO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ZNALEZIONO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ZNALEZIONO

¤¤¤ Zaplanowane zadania : 0 ¤¤¤

¤¤¤ Wpisy startowe : 0 ¤¤¤

¤¤¤ przeglądarki internetowe : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Pliki / Foldery: ¤¤¤

¤¤¤ Sterownik : [NIEZAŁADOWANY 0x0] ¤¤¤

¤¤¤ Gałąź rejestru (offline): ¤¤¤

¤¤¤ Infekcja : ¤¤¤

¤¤¤ Plik HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ Sprawdzenie MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD7500BPVT-24HXZT3 +++++
--- User ---
[MBR] 7108e809202a1e6c79dcf02be648e277
[BSP] 2dd386654bcb4d3336b227f8ab3dc79b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 670405 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1373401088 | Size: 29698 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434222592 | Size: 15100 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] ded882b57f0e9088e50888bc632960cf
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1080 | Size: 3821 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] ??danie nie jest obs?ugiwane. )

Zakończono : << RKreport[0]_S_02052014_192021.txt >>

 

[kuttus]

Could you please translate it into English?

 

[lakilu]

Could you please translate it into English?

przeglądarka chrome i ci tłumaczy znajdz mi hijack pum w menu start ,jakie zrobić ci logi? może OTL?

 

[kuttus]

I am not sure which Language you are using. I am sorry. Please replay in English.

 

[lakilu]

I am not sure which Language you are using. I am sorry. Please replay in English.

JEST TO JEZYK polski

 

[kuttus]

STEP 1: Run a scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

------------------------------------------------------------------------------------------------------------------------------

 

[lakilu]

STEP 1: Run a scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

------------------------------------------------------------------------------------------------------------------------------

 

[lakilu]

Skan z FABAR

STEP 1: Run a scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

------------------------------------------------------------------------------------------------------------------------------

 

[lakilu]

Skan z FABAR

Skanowałem antywirusem pandą i malwarebytes one niepokazują infekcji jest czysto ale hijack pum w menu start jest
¤¤¤ Wpisy w Rejestrze : 4 ¤¤¤
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ZNALEZIONO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ZNALEZIONO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> ZNALEZIONO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> ZNALEZIONO

 

[kuttus]

STEP 1: Run a scan with AdwCleaner

1. Download AdwCleaner from the below link.
   ADWCLEANER DOWNLAOD LINK (This link will automatically download Security Check on your computer)
   
2. Close all open programs and internet browsers.
3. Double click on adwcleaner.exe to run the tool.
4. Click on Scan,then confirm each time with Ok.
5. After the Scan is Over press on Clean ,then confirm each time with Ok.
6. Your computer will be rebooted automatically. A text file will open after the restart.
7. Please post the contents of that logfile with your next reply.
8. You can find the logfile at C:\AdwCleaner[S1].txt as well.

------------------------------------------------------------------------------------------------------------------------------

STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

---

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

---

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

---

 

[lakilu]

STEP 1: Run a scan with AdwCleaner

1. Download AdwCleaner from the below link.
   ADWCLEANER DOWNLAOD LINK (This link will automatically download Security Check on your computer)
   
2. Close all open programs and internet browsers.
3. Double click on adwcleaner.exe to run the tool.
4. Click on Scan,then confirm each time with Ok.
5. After the Scan is Over press on Clean ,then confirm each time with Ok.
6. Your computer will be rebooted automatically. A text file will open after the restart.
7. Please post the contents of that logfile with your next reply.
8. You can find the logfile at C:\AdwCleaner[S1].txt as well.

------------------------------------------------------------------------------------------------------------------------------

STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

---

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

---

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• When it prompts you to try their 30-day trail, click decline
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

---

---

---

---

Skan AdwCleaner

 

[kuttus]

Please run the following utility so that I can get a log of your system...
STEP 1 : Run a scan with Combofix

Please read and follow very carefully the below instructions​

Download ComboFix from one of the following locations:

COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------------

How to run the Combofix scan :

1. Double click on ComboFix.exe & follow the prompts.
2. Accept the disclaimer and allow to update if it asks
3. When finished, it shall produce a log for you.
4. Please include the C:\ComboFix.txt in your next reply.

Additional notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

 

[lakilu]

Chciałbym zapytać czy combofix jest w ty przypadku konieczny ?bo ja się go trochu obawiam

 

[kuttus]

No need to worry. Please proceed.

 

[lakilu]

Wynik combofix
To jest wynik jusz po skanowaniu combofixem ,Log RogueKiller;
Czyli malware [infekcja nadal jest]

 

[kuttus]

STEP 1 : Run a scan with Kaspersky TDSSKiller

1. Download Kaspersky TDSKiller from the below link.
   KASPERKSY TDSSKILLER DOWNLOAD LINK (This link will automatically download Kaspersky TDSSKiller on your computer)
2. Double-click on TDSSKiller.exe to run the application.
   
   
3. Click Change parameters
   
   
4. Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
   
   
5. Click on the Start Scan button to begin the scan and wait for it to finish.
   NOTE: Do not use the computer during the scan!
6. During the scan it will look similar to the image below:
   
   
7. When it finishes, you will either see a report that no threats were found like below:
   
   
   
   If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
8. If any infection or suspected items are found, you will see a window similar to below:
   
   
   • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
   • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
   • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
     Make sure that Cure is selected. VERY IMPORTANT! - If Cure is not available, please choose Skip instead. DO NOT choose Delete unless instructed to do so.
9. Click Continue to apply selected actions.
10. A reboot may be required to complete disinfection. A window like the below will appear:
    
    
    
    Reboot immediately if TDSSKiller states that one is needed.
11. Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_2.12.2012_14.17.04_log.txt which is based on the program version # and date and time run.
12. Attach this log to your next reply.

 

[lakilu]

Log TDSSKiller;

 

[kuttus]

All logs seems good to me. How's your computer working now?

 

[lakilu]

Dobrze komputer chodzi tylko mnie denerwują te logi RogueKiler bo znajduje pum hijack ,ale czy to infekcja to sam niewiem

 

[kuttus]

Please run roguekiller once more and send me a new Log file.