Zavirovaný počítač

[miisule]

Dobrý den,
podařilo se mi pořádně zavirovat počítač, je hodně zpomalený, nepustí mě ani do správce úloh, když už mě tam včera pustil, běžel tam nějaký čínský program, kterej nešel vypnout ani odstranit. Navíc mi to zřejmě nainstalovalo i nějakej antivir, kterýho se nemůžu zbavit . Projela jsem to Nodem (našel 99 hrozeb) a adwcleanerem, není to sic tak strašný jako z začátku, ale je na tom pořád špatně.

Doufám, že mi dokážete pomoct a předem děkuju za jakoukoliv radu. Log je příliš dlouhý, takže ho přikládám.

[vyosek]

Zdravim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[miisule]

Zde jsou logy, jak jsem říkala, Adwcleanrem jsem to už projížděla,takže se zdá, že toho teď moc nenašly.

Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/07/2015 06:53:18 PM in x64 mode.
Windows Version: Windows 8.1 Connected

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001


# AdwCleaner v4.207 - Log vytvořen 07/07/2015 v 18:59:05
# Aktualizováno 21/06/2015 by Xplode
# Databáze : 2015-07-05.2 [Server]
# Operační system : Windows 8.1 Connected (x64)
# Uživatelské jméno : Asus - NB
# Spuštěno z : C:\Users\Asus\Desktop\adwcleaner_4.207.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

Soubor Smazáno : C:\Windows\System32\drivers\TFsFltX64.sys

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****


***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.132


*************************

AdwCleaner[R0].txt - [16884 bytů] - [06/07/2015 23:54:51]
AdwCleaner[R1].txt - [16121 bytů] - [07/07/2015 00:21:20]
AdwCleaner[R2].txt - [1432 bytů] - [07/07/2015 17:01:08]
AdwCleaner[R3].txt - [1150 bytů] - [07/07/2015 18:55:31]
AdwCleaner[S0].txt - [1349 bytů] - [07/07/2015 00:01:46]
AdwCleaner[S1].txt - [14419 bytů] - [07/07/2015 00:32:07]
AdwCleaner[S2].txt - [1401 bytů] - [07/07/2015 17:08:09]
AdwCleaner[S3].txt - [1075 bytů] - [07/07/2015 18:59:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1133 bytů] ##########

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  HKLM\...\Run: [gpuminer] => C:\Users\Asus\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
  HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpuminer-gw64.exe
  HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
  HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
  HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
  HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\QQPCTRAY.EXE" /regrun /qqrepair
  HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
  HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\Run: [cz.seznam.software.autoupdate] => "C:\Users\Asus\AppData\Roaming\Seznam.cz\szninstall.exe" -c
  HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\Run: [cz.seznam.software.szndesktop] => "C:\Users\Asus\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe"  -q
  HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [61440 2015-06-20] ()
  HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\Run: [HCDNClient] => "C:\IQIYI Video\Common\QyKernel.exe" -shell_start
  HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\MountPoints2: {2c2cbe03-205c-11e5-825f-d05349beed9a} - "G:\SETUP.EXE" 
  HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\MountPoints2: {cb93872c-20e0-11e5-8261-d05349beed9a} - "F:\SETUP.EXE" 
  HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\MountPoints2: {cb938797-20e0-11e5-8261-d05349beed9a} - "H:\SETUP.EXE" 
  HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\MountPoints2: {cb93a4d9-20e0-11e5-8261-d05349beed9a} - "I:\SETUP.EXE" 
  Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NHL® 09 Registration.lnk [2015-07-03]
  ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\QMGCShellExt64.dll No File
  
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
  HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
  SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\TSWebMon64.dat No File
  
  FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File
  FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
  FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File
  FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
  FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\npQMExtensionsMozilla.dll No File
  FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
  FF Plugin HKU\S-1-5-21-1605116887-4151089956-4083807502-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
  FF Plugin HKU\S-1-5-21-1605116887-4151089956-4083807502-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.)
  
  CHR Extension: (CinemaPlus-4.5vV06.07) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfaohpmjmhdgnjblojekjlnadhehiadj [2015-07-06]
  
  R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-05-21] (Beijing Rising Information Technology Co., Ltd.)
  R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
  R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.)
  R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.)
  S3 IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [X]
  U0 msahci; system32\drivers\msahci.sys
  
  C:\Program Files (x86)\Rising
  C:\IQIYI Video
  C:\Program Files (x86)\baidu
  C:\Program Files (x86)\Tencent
  C:\Users\Asus\AppData\Roaming\cpuminer
  C:\Windows\system32\cpuminer-gw64.exe
  2015-07-07 18:12 - 2015-07-07 18:12 - 00112640 _____ (forum.viry.cz) C:\Users\Asus\Downloads\C073.tmp
  2015-07-07 17:26 - 2015-07-07 17:32 - 00003300 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
  2015-07-07 01:33 - 2015-07-07 01:33 - 11516104 _____ (OPSWAT, Inc.) C:\Users\Asus\Downloads\appremover.exe
  2015-07-07 01:21 - 2015-07-07 01:21 - 00001202 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
  2015-07-07 01:21 - 2015-07-07 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
  2015-07-07 01:21 - 2015-07-07 01:21 - 00000000 ____D C:\ProgramData\IObit
  2015-07-07 01:21 - 2015-07-07 01:21 - 00000000 ____D C:\Program Files (x86)\IObit
  2015-07-07 01:20 - 2015-07-07 01:20 - 01520152 _____ (IObit ) C:\Users\Asus\Downloads\iobit-unlocker-setup-beta.exe
  2015-07-06 23:54 - 2015-07-07 17:08 - 00000000 ____D C:\AdwCleaner
  2015-07-06 23:54 - 2015-07-06 23:54 - 02244096 _____ C:\Users\Asus\Desktop\adwcleaner_4.207.exe
  2015-07-06 23:52 - 2015-07-06 23:53 - 05365760 _____ (Piriform Ltd) C:\Users\Asus\Downloads\ccsetup507.exe
  2015-07-06 23:42 - 2015-07-06 23:42 - 00000000 ____D C:\Qiyi
  2015-07-06 23:41 - 2015-07-06 23:41 - 00001266 _____ C:\Users\Asus\Desktop\全网影视.lnk
  2015-07-06 23:41 - 2015-07-06 23:41 - 00000000 ____D C:\Users\Asus\AppData\Roaming\ppslog
  2015-07-06 23:34 - 2015-07-06 23:34 - 00003114 _____ C:\Windows\System32\Tasks\{CC2251E0-763A-4880-A63F-139740B5C8A6}
  2015-07-06 19:50 - 2015-07-06 19:50 - 01660616 _____ (ESET) C:\Users\Asus\Desktop\eset_smart_security_live_installer_.exe
  2015-07-06 19:39 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
  2015-07-06 19:39 - 2014-01-02 09:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
  2015-07-06 19:39 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
  2015-07-06 19:39 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
  2015-07-06 19:38 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
  2015-07-06 19:38 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
  2015-07-06 19:38 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
  2015-07-06 19:37 - 2015-07-06 20:57 - 00000000 ____D C:\ProgramData\Rising
  2015-07-06 19:37 - 2015-07-06 19:38 - 00000000 ____D C:\Program Files (x86)\Rising
  2015-07-06 19:36 - 2015-07-06 20:02 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
  2015-07-06 19:36 - 2015-07-06 20:00 - 00087864 ____N (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
  2015-07-06 19:13 - 2015-07-06 19:38 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-4.5vV06.07
  2015-07-06 19:03 - 2015-07-06 19:03 - 00000000 ____D C:\ppsfile
  2015-07-06 19:02 - 2015-07-06 20:59 - 00000000 ____D C:\Program Files (x86)\baidu
  2015-07-06 19:02 - 2015-07-06 19:02 - 00000000 ____D C:\Users\Public\QiYi
  2015-07-02 02:39 - 2015-07-07 17:31 - 0000093 _____ () C:\Users\Asus\AppData\Roaming\sp_data.sys
  2015-04-22 11:46 - 2015-04-22 11:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
  2014-10-28 17:00 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
  2014-10-28 17:00 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
  2014-10-28 17:00 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[miisule]

Tak program FRST přestal pracovat

Název události problému: APPCRASH
Název aplikace: FRST64.exe
Verze aplikace: 5.7.2015.1
Časové razítko aplikace: 55994985
Název chybného modulu: FRST64.exe
Verze chybného modulu: 5.7.2015.1
Časové razítko chybného modulu: 55994985
Kód výjimky: c0000005
Posun výjimky: 00000000000247c9
Verze operačního systému: 6.3.9600.2.0.0.768.101
ID národního prostředí: 1029
Další informace 1: 1552
Další informace 2: 155271d7956de7008c0414c45f36e5dd
Další informace 3: 244e
Další informace 4: 244ec9a3935f71a5e8949c899daaaaa4

Přečtěte si prohlášení o zásadách ochrany osobních údajů online:
http://go.microsoft.com/fwlink/?linkid=280262

Pokud není k dispozici Prohlášení o zásadách ochrany osobních údajů online, přečtěte si toto prohlášení offline:
C:\Windows\system32\cs-CZ\erofflps.txt

Při tom mi neustále vyskakovaly hlášky od toho antiviru, zřejmě mu bránil ve smazání.

[vyosek]

Zkuste jej aplikovat v nouzovem rezimu. Ono na W8.1 se maze docela blbe

[miisule]

No mám W8 jen pár dní (jsem holt šikovná, že jsem ho hned zavirovala ) a nějak nemůžu přijít na to, jak se do nouzového režimu dostat, F8 nefunguje.

[vyosek]

Postup zde http://windows.microsoft.com/cs-cz/wind ... -safe-mode

[miisule]

Už jsem na to přišla, děkuji, zde je log:

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Asus at 2015-07-07 20:09:28 Run:2
Running from C:\Users\Asus\Desktop
Loaded Profiles: Asus (Available Profiles: Asus)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [gpuminer] => C:\Users\Asus\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpuminer-gw64.exe
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [RavTRAY] => C:\Program Files (x86)\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\QQPCTRAY.EXE" /regrun /qqrepair
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\Run: [cz.seznam.software.autoupdate] => "C:\Users\Asus\AppData\Roaming\Seznam.cz\szninstall.exe" -c
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\Run: [cz.seznam.software.szndesktop] => "C:\Users\Asus\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe [61440 2015-06-20] ()
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\Run: [HCDNClient] => "C:\IQIYI Video\Common\QyKernel.exe" -shell_start
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\MountPoints2: {2c2cbe03-205c-11e5-825f-d05349beed9a} - "G:\SETUP.EXE"
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\MountPoints2: {cb93872c-20e0-11e5-8261-d05349beed9a} - "F:\SETUP.EXE"
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\MountPoints2: {cb938797-20e0-11e5-8261-d05349beed9a} - "H:\SETUP.EXE"
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\...\MountPoints2: {cb93a4d9-20e0-11e5-8261-d05349beed9a} - "I:\SETUP.EXE"
Startup: C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NHL® 09 Registration.lnk [2015-07-03]
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\QMGCShellExt64.dll No File

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ????????? -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\TSWebMon64.dat No File

FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll No File
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16443.223\npQMExtensionsMozilla.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Plugin HKU\S-1-5-21-1605116887-4151089956-4083807502-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin HKU\S-1-5-21-1605116887-4151089956-4083807502-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.)

CHR Extension: (CinemaPlus-4.5vV06.07) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfaohpmjmhdgnjblojekjlnadhehiadj [2015-07-06]

R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [184088 2015-05-21] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.)
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119256 2015-04-30] (Beijing Rising Information Technology Co., Ltd.)
S3 IObitUnlocker; \??\C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [X]
U0 msahci; system32\drivers\msahci.sys

C:\Program Files (x86)\Rising
C:\IQIYI Video
C:\Program Files (x86)\baidu
C:\Program Files (x86)\Tencent
C:\Users\Asus\AppData\Roaming\cpuminer
C:\Windows\system32\cpuminer-gw64.exe
2015-07-07 18:12 - 2015-07-07 18:12 - 00112640 _____ (forum.viry.cz) C:\Users\Asus\Downloads\C073.tmp
2015-07-07 17:26 - 2015-07-07 17:32 - 00003300 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-07-07 01:33 - 2015-07-07 01:33 - 11516104 _____ (OPSWAT, Inc.) C:\Users\Asus\Downloads\appremover.exe
2015-07-07 01:21 - 2015-07-07 01:21 - 00001202 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2015-07-07 01:21 - 2015-07-07 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2015-07-07 01:21 - 2015-07-07 01:21 - 00000000 ____D C:\ProgramData\IObit
2015-07-07 01:21 - 2015-07-07 01:21 - 00000000 ____D C:\Program Files (x86)\IObit
2015-07-07 01:20 - 2015-07-07 01:20 - 01520152 _____ (IObit ) C:\Users\Asus\Downloads\iobit-unlocker-setup-beta.exe
2015-07-06 23:54 - 2015-07-07 17:08 - 00000000 ____D C:\AdwCleaner
2015-07-06 23:54 - 2015-07-06 23:54 - 02244096 _____ C:\Users\Asus\Desktop\adwcleaner_4.207.exe
2015-07-06 23:52 - 2015-07-06 23:53 - 05365760 _____ (Piriform Ltd) C:\Users\Asus\Downloads\ccsetup507.exe
2015-07-06 23:42 - 2015-07-06 23:42 - 00000000 ____D C:\Qiyi
2015-07-06 23:41 - 2015-07-06 23:41 - 00001266 _____ C:\Users\Asus\Desktop\????.lnk
2015-07-06 23:41 - 2015-07-06 23:41 - 00000000 ____D C:\Users\Asus\AppData\Roaming\ppslog
2015-07-06 23:34 - 2015-07-06 23:34 - 00003114 _____ C:\Windows\System32\Tasks\{CC2251E0-763A-4880-A63F-139740B5C8A6}
2015-07-06 19:50 - 2015-07-06 19:50 - 01660616 _____ (ESET) C:\Users\Asus\Desktop\eset_smart_security_live_installer_.exe
2015-07-06 19:39 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-07-06 19:39 - 2014-01-02 09:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
2015-07-06 19:39 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-07-06 19:39 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-07-06 19:38 - 2015-04-30 03:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-07-06 19:38 - 2015-04-09 07:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-07-06 19:38 - 2012-02-29 09:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-07-06 19:37 - 2015-07-06 20:57 - 00000000 ____D C:\ProgramData\Rising
2015-07-06 19:37 - 2015-07-06 19:38 - 00000000 ____D C:\Program Files (x86)\Rising
2015-07-06 19:36 - 2015-07-06 20:02 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????
2015-07-06 19:36 - 2015-07-06 20:00 - 00087864 ____N (????) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-07-06 19:13 - 2015-07-06 19:38 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-4.5vV06.07
2015-07-06 19:03 - 2015-07-06 19:03 - 00000000 ____D C:\ppsfile
2015-07-06 19:02 - 2015-07-06 20:59 - 00000000 ____D C:\Program Files (x86)\baidu
2015-07-06 19:02 - 2015-07-06 19:02 - 00000000 ____D C:\Users\Public\QiYi
2015-07-02 02:39 - 2015-07-07 17:31 - 0000093 _____ () C:\Users\Asus\AppData\Roaming\sp_data.sys
2015-04-22 11:46 - 2015-04-22 11:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-28 17:00 - 2012-09-07 13:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-28 17:00 - 2009-07-22 12:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-10-28 17:00 - 2012-09-07 13:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gpuminer => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpuminer => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RSDTRAY => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RavTRAY => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ QQPCTray => value not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => value not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => value not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HCDNClient => value not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c2cbe03-205c-11e5-825f-d05349beed9a} => key not found.
HKCR\CLSID\{2c2cbe03-205c-11e5-825f-d05349beed9a} => key not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb93872c-20e0-11e5-8261-d05349beed9a} => key not found.
HKCR\CLSID\{cb93872c-20e0-11e5-8261-d05349beed9a} => key not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb938797-20e0-11e5-8261-d05349beed9a} => key not found.
HKCR\CLSID\{cb938797-20e0-11e5-8261-d05349beed9a} => key not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb93a4d9-20e0-11e5-8261-d05349beed9a} => key not found.
HKCR\CLSID\{cb93a4d9-20e0-11e5-8261-d05349beed9a} => key not found.
C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NHL® 09 Registration.lnk not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon => key not found.
HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} => key not found.
HKCR\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} => key not found.
HKLM\Software\MozillaPlugins\@iqiyi.com/npclient => key not found.
HKLM\Software\MozillaPlugins\@iqiyi.com/npWebPlayer => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@iqiyi.com/npclient => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@iqiyi.com/npWebPlayer => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPCMgr => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0 => key not found.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\Software\MozillaPlugins\@iqiyi.com/npWebPlayer => key not found.
C:\IQIYI Video\LStyle\npWebPlayer.dll not found.
HKU\S-1-5-21-1605116887-4151089956-4083807502-1001\Software\MozillaPlugins\@rising.com.cn/nprising => key not found.
C:\Program Files (x86)\Rising\RAV\nprising.dll not found.
C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfaohpmjmhdgnjblojekjlnadhehiadj folder not found
RsMgrSvc => Service removed successfully
RsRavMon => Service removed successfully
rsutils => Service not found.
sysmon => Unable to stop service.
sysmon => Service removed successfully
IObitUnlocker => Service not found.
msahci => Service not found.
C:\Program Files (x86)\Rising => moved successfully.
"C:\IQIYI Video" => File/Folder not found.
C:\Program Files (x86)\baidu => moved successfully.
"C:\Program Files (x86)\Tencent" => File/Folder not found.
"C:\Users\Asus\AppData\Roaming\cpuminer" => File/Folder not found.
"C:\Windows\system32\cpuminer-gw64.exe" => File/Folder not found.
"C:\Users\Asus\Downloads\C073.tmp" => File/Folder not found.
C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => moved successfully.
C:\Users\Asus\Downloads\appremover.exe => moved successfully.
C:\Users\Public\Desktop\IObit Unlocker.lnk => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker => moved successfully.
C:\ProgramData\IObit => moved successfully.
C:\Program Files (x86)\IObit => moved successfully.
C:\Users\Asus\Downloads\iobit-unlocker-setup-beta.exe => moved successfully.
C:\AdwCleaner => moved successfully.
C:\Users\Asus\Desktop\adwcleaner_4.207.exe => moved successfully.
C:\Users\Asus\Downloads\ccsetup507.exe => moved successfully.
C:\Qiyi => moved successfully.
Could not move "C:\Users\Asus\Desktop\????.lnk" => Scheduled to move on reboot.
C:\Users\Asus\AppData\Roaming\ppslog => moved successfully.
C:\Windows\System32\Tasks\{CC2251E0-763A-4880-A63F-139740B5C8A6} => moved successfully.
C:\Users\Asus\Desktop\eset_smart_security_live_installer_.exe => moved successfully.
C:\Windows\SysWOW64\vpatch.dll => moved successfully.
C:\Windows\system32\ravext64.dll => moved successfully.
C:\Windows\SysWOW64\ravext.dll => moved successfully.
C:\Windows\SysWOW64\bsmain.exe => moved successfully.
C:\Windows\system32\Drivers\sysmon.sys => moved successfully.
C:\Windows\system32\Drivers\rsutils.sys => moved successfully.
C:\Windows\system32\Drivers\rsndisp.sys => moved successfully.
C:\ProgramData\Rising => moved successfully.
"C:\Program Files (x86)\Rising" => File/Folder not found.

"C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder move:

Could not move "C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder => Scheduled to move on reboot.

"C:\Windows\system32\Drivers\TFsFltX64.sys" => File/Folder not found.
C:\Program Files (x86)\CinemaPlus-4.5vV06.07 => moved successfully.
C:\ppsfile => moved successfully.
"C:\Program Files (x86)\baidu" => File/Folder not found.
C:\Users\Public\QiYi => moved successfully.
C:\Users\Asus\AppData\Roaming\sp_data.sys => moved successfully.
C:\ProgramData\DP45977C.lfl => moved successfully.
C:\ProgramData\SetStretch.cmd => moved successfully.
C:\ProgramData\SetStretch.exe => moved successfully.
C:\ProgramData\SetStretch.VBS => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 2.4 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-07 20:11:41)<=

"C:\Users\Asus\Desktop\????.lnk" => Could not move
"C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" => Could not move

==== End of Fixlog 20:11:41 ====

[vyosek]

Udelejte novy sken pomoci FRST

[miisule]

Tak opět musím do přílohy.

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  2015-07-07 20:11 - 2015-07-07 20:11 - 00000093 _____ C:\Users\Asus\AppData\Roaming\sp_data.sys
  2015-07-07 18:53 - 2015-07-07 18:55 - 00001636 _____ C:\Users\Asus\Desktop\Rkill.txt
  2015-07-07 18:53 - 2015-07-07 18:53 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Asus\Desktop\rkill64.com
  2015-07-07 18:52 - 2015-07-07 18:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Asus\Desktop\rkill.com
  2015-07-07 18:31 - 2015-07-07 18:31 - 00061132 _____ C:\Users\Asus\Desktop\FRST.rar
  2015-07-07 18:13 - 2015-07-07 18:14 - 00032254 _____ C:\Users\Asus\Desktop\Addition.txt
  2015-07-07 18:08 - 2015-07-07 20:27 - 00016401 _____ C:\Users\Asus\Desktop\FRST.txt
  2015-07-06 23:41 - 2015-07-06 23:41 - 00001266 _____ C:\Users\Asus\Desktop\全网影视.lnk
  2015-07-06 19:39 - 2015-07-06 19:39 - 00000150 __RSH C:\rising.ini
  2015-07-06 19:36 - 2015-07-06 20:02 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
  
  
  Hosts:
  EmptyTemp:
  Reboot:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[miisule]

Už se to zdá být v pořádku

2015-07-06 19:39 - 2015-07-06 19:39 - 00000150 __RSH C:\rising.ini
2015-07-06 19:36 - 2015-07-06 20:02 - 00000000 ____D C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????


Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Users\Asus\AppData\Roaming\sp_data.sys => moved successfully.
"C:\Users\Asus\Desktop\Rkill.txt" => File/Folder not found.
C:\Users\Asus\Desktop\rkill64.com => moved successfully.
C:\Users\Asus\Desktop\rkill.com => moved successfully.
C:\Users\Asus\Desktop\FRST.rar => moved successfully.
"C:\Users\Asus\Desktop\Addition.txt" => File/Folder not found.
"C:\Users\Asus\Desktop\FRST.txt" => File/Folder not found.
Could not move "C:\Users\Asus\Desktop\????.lnk" => Scheduled to move on reboot.
C:\rising.ini => moved successfully.

"C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder move:

Could not move "C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder => Scheduled to move on reboot.

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 77.5 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-08 17:54:51)<=

"C:\Users\Asus\Desktop\????.lnk" => Could not move
"C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" => Could not move

==== End of Fixlog 17:54:51 ====

[vyosek]

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[miisule]

Děkuji mnohokráte, už podruhé jste mě tu zachránili, jste nejlepší

Jen ještě mi zůstala na ploše ikona a ve startu prázdná složka toho čínského programu, tu mohu jen smazat, ne? Zdá se, že to už je jen poslední zbytek z toho bordelu.