Havěť CeQeekg

Zpráva

jiri.s · #1 Příspěvek od **jiri.s** » 24 črc 2016 13:48

Ahoj, všiml jsem si, že i přesto, kdy jsme tuto havěť v nedávné minulosti mazali ji mám pořád v nabídce "Otevření v programu". Jak se toho zbavit? Zažrala se mi do systému kvalitně, to se musí uznat...
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-07-2016
Ran by W7 (administrator) on W7-PC (24-07-2016 14:40:32)
Running from C:\Users\W7\Desktop
Loaded Profiles: W7 (Available Profiles: W7)
Platform: Windows 10 Home Version 1511 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Glarysoft Ltd) D:\Program Files\Glary Utilities 5\Integrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-06-08] (LogMeIn Inc.)
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Run: [Steam] => D:\Program Files\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4299968 2016-06-22] (Disc Soft Ltd)
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Run: [GUDelayStartup] => D:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-11-09] (Glarysoft Ltd)
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Policies\Explorer: []
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\MountPoints2: {c70d23f1-a71c-11e5-b133-806e6f6e6963} - "G:\startdvd.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-10] (AVAST Software)
Startup: C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2015-12-18]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{13cdb846-e679-46de-a3e6-9b3b8668a822}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-09] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-09] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\r805vntx.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-24] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3921140049-4044092652-1554341566-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\W7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
FF Extension: AdBlocker Ultimate - C:\Users\W7\AppData\Roaming\Mozilla\Firefox\Profiles\r805vntx.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-04-20]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-10]

Chrome:
=======
CHR Profile: C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Disk Google) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-06]
CHR Extension: (YouTube) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-06]
CHR Extension: (AdBlock) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-06]
CHR Extension: (Gmail) - C:\Users\W7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-06]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-05-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-10] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-03] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1467072 2016-06-22] (Disc Soft Ltd)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-08-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 ceQeekg_update; "C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-10] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-04-16] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-04-16] (Disc Soft Ltd)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2016-07-24] (Glarysoft Ltd)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-09] (Malwarebytes)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-24 14:40 - 2016-07-24 14:40 - 00000000 ____D C:\Users\W7\Desktop\FRST-OlderVersion
2016-07-24 12:58 - 2016-07-24 12:58 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-07-24 12:55 - 2016-07-24 12:55 - 00003652 _____ C:\WINDOWS\System32\Tasks\GlaryUpdate 5
2016-07-24 12:52 - 2016-07-24 12:52 - 00020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2016-07-24 12:52 - 2016-07-24 12:52 - 00003354 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2016-07-24 12:52 - 2016-07-24 12:52 - 00003004 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2016-07-24 12:52 - 2016-07-24 12:52 - 00000774 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2016-07-24 12:52 - 2016-07-24 12:52 - 00000774 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2016-07-24 12:52 - 2016-07-24 12:52 - 00000000 ____D C:\Users\W7\AppData\Roaming\GlarySoft
2016-07-24 12:52 - 2016-07-24 12:52 - 00000000 ____D C:\Users\W7\AppData\Roaming\DiskDefrag
2016-07-24 12:52 - 2016-07-24 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2016-07-16 21:51 - 2016-07-16 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2016-07-16 21:45 - 2016-07-16 21:45 - 00001814 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-07-16 21:45 - 2016-07-16 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-07-16 21:45 - 2016-07-16 21:45 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-07-12 20:30 - 2016-07-12 20:30 - 00164981 _____ C:\Users\W7\Downloads\Detail_spojeni_Praha,,UAN_Florenc_»_Humpolec,,mlecne_lahudky.pdf
2016-07-09 23:14 - 2016-07-09 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Čáslav-Třemošnice
2016-07-09 10:40 - 2016-07-09 10:40 - 00004579 _____ C:\Users\W7\Desktop\vysledek.txt
2016-07-09 10:32 - 2016-07-09 11:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-09 10:32 - 2016-07-09 10:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-07 22:51 - 2016-07-07 22:53 - 00001842 _____ C:\Users\W7\Desktop\Fixlog.txt
2016-07-07 22:11 - 2016-07-24 14:40 - 00015136 _____ C:\Users\W7\Desktop\FRST.txt
2016-07-07 22:11 - 2016-07-07 22:12 - 00042150 _____ C:\Users\W7\Desktop\Addition.txt
2016-07-07 22:10 - 2016-07-24 14:40 - 00000000 ____D C:\FRST
2016-07-07 22:09 - 2016-07-24 14:40 - 02394112 _____ (Farbar) C:\Users\W7\Desktop\FRST64.exe
2016-07-07 20:15 - 2016-07-24 14:37 - 00000000 ____D C:\AdwCleaner
2016-07-07 18:53 - 2016-07-07 18:54 - 00000000 ____D C:\rsit
2016-07-07 18:53 - 2016-07-07 18:53 - 00000000 ____D C:\Program Files\trend micro
2016-07-04 22:21 - 2016-07-04 22:21 - 00000000 ____D C:\Users\W7\AppData\Roaming\.mono
2016-07-04 22:21 - 2016-07-04 22:21 - 00000000 ____D C:\Users\W7\AppData\Local\Colossal Order
2016-07-04 22:21 - 2016-07-04 22:21 - 00000000 ____D C:\ProgramData\.mono
2016-07-04 21:19 - 2016-07-04 21:19 - 00000216 _____ C:\Users\W7\Desktop\Cities Skylines.url
2016-06-30 19:47 - 2016-07-09 13:40 - 00000000 ____D C:\Program Files (x86)\ConPad
2016-06-30 19:47 - 2016-06-30 19:47 - 00000000 ____D C:\Users\W7\AppData\Roaming\Scalabium
2016-06-30 19:46 - 2016-06-23 19:01 - 00098446 _____ C:\Users\W7\Desktop\LOGZVUK.DAT
2016-06-27 21:04 - 2016-03-16 19:05 - 01280116 _____ C:\Users\W7\Desktop\vystareholesovice.wav
2016-06-24 16:56 - 2016-06-24 16:56 - 00001268 _____ C:\Users\W7\Desktop\INISS.lnk
2016-06-24 12:45 - 2016-06-24 12:45 - 00000000 _____ C:\WINDOWS\system32\Accessories
2016-06-24 12:42 - 2008-02-29 20:24 - 00444064 _____ (ComponentOne) C:\WINDOWS\SysWOW64\Vsflex7L.ocx
2016-06-24 12:28 - 2008-02-29 20:24 - 00444064 _____ (ComponentOne) C:\WINDOWS\system32\Vsflex7L.ocx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-24 14:38 - 2015-12-20 15:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-24 14:37 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-24 14:10 - 2016-02-20 10:43 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-24 14:04 - 2016-05-14 21:59 - 00073708 _____ C:\Users\W7\Desktop\OpenRailsLog.txt
2016-07-24 13:27 - 2015-09-23 18:34 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6B38BA62-AC3C-4ACC-A775-DF79BFDA5197}
2016-07-24 13:17 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-24 13:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-24 13:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-24 13:09 - 2015-10-30 20:31 - 00750030 _____ C:\WINDOWS\system32\perfh005.dat
2016-07-24 13:09 - 2015-10-30 20:31 - 00150654 _____ C:\WINDOWS\system32\perfc005.dat
2016-07-24 13:09 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-24 13:09 - 2015-09-23 15:29 - 01771468 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-24 13:06 - 2016-02-06 22:16 - 00000000 ____D C:\Users\W7\AppData\Local\LogMeIn Hamachi
2016-07-24 13:05 - 2015-12-20 15:24 - 00000000 ____D C:\Users\W7
2016-07-24 12:59 - 2016-05-25 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-07-24 12:59 - 2016-03-05 00:19 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-24 12:58 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-24 12:58 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-24 12:57 - 2015-12-11 14:12 - 00000000 ____D C:\Program Files\Microsoft Office
2016-07-24 12:50 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-17 22:20 - 2015-09-23 15:26 - 00000000 ____D C:\Users\W7\AppData\Local\Packages
2016-07-17 22:14 - 2015-10-15 20:54 - 00000000 ____D C:\Users\W7\AppData\Roaming\Skype
2016-07-17 14:33 - 2015-09-23 15:34 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-07-16 21:46 - 2016-04-16 14:46 - 00000000 ____D C:\Users\W7\AppData\Roaming\DAEMON Tools Lite
2016-07-15 21:38 - 2015-12-21 14:08 - 00000000 ____D C:\Users\W7\AppData\Roaming\Audacity
2016-07-14 15:03 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-13 16:27 - 2015-09-27 20:11 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-07-13 16:27 - 2015-09-27 20:11 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-10 10:56 - 2016-05-14 21:56 - 00000000 ____D C:\Users\W7\AppData\Roaming\Open Rails
2016-07-08 00:36 - 2015-09-29 16:03 - 00000000 ____D C:\Users\W7\AppData\Roaming\uTorrent
2016-07-07 20:20 - 2016-04-28 18:30 - 00000000 ____D C:\WINDOWS\system32\log
2016-07-07 13:00 - 2016-03-24 14:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-07 13:00 - 2015-10-15 20:54 - 00000000 ____D C:\ProgramData\Skype
2016-07-07 12:35 - 2016-06-21 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-07 12:35 - 2016-02-28 15:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-07 12:35 - 2016-02-28 15:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-07 12:35 - 2015-11-18 20:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-05 22:05 - 2016-05-25 21:36 - 00000000 ____D C:\WINDOWS\SysWOW64\_tWm
2016-07-04 21:19 - 2016-01-22 13:44 - 00000000 ____D C:\Users\W7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== Files in the root of some directories =======

2015-11-15 23:52 - 2016-04-16 14:58 - 0000000 _____ () C:\Users\W7\AppData\Roaming\FileIn.cns
2015-11-15 23:52 - 2016-04-16 14:58 - 0000000 _____ () C:\Users\W7\AppData\Roaming\FileOut.cns
2016-01-11 01:52 - 2016-01-11 01:52 - 0003584 _____ () C:\Users\W7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-30 18:32 - 2015-09-30 18:32 - 0000058 _____ () C:\Users\W7\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2016-06-22 22:23 - 2016-06-22 22:23 - 0001361 _____ () C:\Users\W7\AppData\Local\recently-used.xbel
2015-10-24 12:55 - 2016-05-06 15:44 - 0007603 _____ () C:\Users\W7\AppData\Local\resmon.resmoncfg
2015-12-07 22:18 - 2015-12-07 22:18 - 0000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\W7\AppData\Local\Temp\gusetup7.exe
C:\Users\W7\AppData\Local\Temp\libeay32.dll
C:\Users\W7\AppData\Local\Temp\msvcr120.dll
C:\Users\W7\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-29 18:28

==================== End of FRST.txt ============================

#2 Příspěvek od **Rudy** » 24 črc 2016 16:22

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Policies\Explorer: []
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\MountPoints2: {c70d23f1-a71c-11e5-b133-806e6f6e6963} - "G:\startdvd.exe"
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
S2 ceQeekg_update; "C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe" [X]
C:\Program Files (x86)\ceQeekg
C:\Users\W7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\W7\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

jiri.s · #3 Příspěvek od **jiri.s** » 24 črc 2016 16:33

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-07-2016
Ran by W7 (2016-07-24 17:22:41) Run:2
Running from C:\Users\W7\Desktop
Loaded Profiles: W7 (Available Profiles: W7)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\Policies\Explorer: []
HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\...\MountPoints2: {c70d23f1-a71c-11e5-b133-806e6f6e6963} - "G:\startdvd.exe"
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
S2 ceQeekg_update; "C:\Program Files (x86)\ceQeekg\ceQeekg\bin\ceQeekg_server.exe" [X]
C:\Program Files (x86)\ceQeekg
C:\Users\W7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\W7\AppData\Local\Temp
End
*****************

HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
"HKU\S-1-5-21-3921140049-4044092652-1554341566-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c70d23f1-a71c-11e5-b133-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{c70d23f1-a71c-11e5-b133-806e6f6e6963} => key not found.
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE => not found.
ceQeekg_update => service removed successfully
"C:\Program Files (x86)\ceQeekg" => not found.
C:\Users\W7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully

"C:\Users\W7\AppData\Local\Temp" folder move:

Could not move "C:\Users\W7\AppData\Local\Temp" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-07-24 17:26:29)

C:\Users\W7\AppData\Local\Temp => moved successfully

==== End of Fixlog 17:26:30 ====

Bohužel, krom toho, že restart protáhl Windows Update, položka z nabídky programů nezmizela...

#4 Příspěvek od **Rudy** » 24 črc 2016 16:34

Smazáno, v logu již nezbyla žádná položka ceQeekg. Nastala nějaká změna?

jiri.s · #5 Příspěvek od **jiri.s** » 24 črc 2016 16:35

Bohužel, krom toho, že restart protáhl Windows Update, položka z nabídky programů nezmizela...

EDIT: Screen zde: https://ctrlv.cz/qqx4

#6 Příspěvek od **Rudy** » 24 črc 2016 18:00

Nevím, jak je to v desítkách, mělo by to ale být podobné. Klikněte na položku CeQeekg pravým myšítkem a dejte odstranit. Ten program už by tam fyzicky být něměl.

jiri.s · #7 Příspěvek od **jiri.s** » 24 črc 2016 18:13

No při kliknutí pravým tlačítkem to udělá to samé jako levým - spustí zvolený program... Konkrétně při zvolení havěti to nic neudělá a vyvolá nabídku programů znovu...

#8 Příspěvek od **Rudy** » 24 črc 2016 18:51

Ten program se spustí? V logu není vidět, takže by se spustit neměl a toto je jen jeho zbytek, který zřejmě neodstraníme jinak, než ruční editací registry.

jiri.s · #9 Příspěvek od **jiri.s** » 24 črc 2016 20:30

Nespustí, vyhodí to zpět nabídku programů.

#10 Příspěvek od **Rudy** » 24 črc 2016 20:58

Takže už je tam jen ten záznam v programech, který přes log neodstraním. Pokud vám tolik vadí, budete muset ručně editovat registry: http://forum.viry.cz/viewtopic.php?f=46&t=2791 .

jiri.s · #11 Příspěvek od **jiri.s** » 25 črc 2016 14:51

Tak do registrů raději sahat nechci. Necháme to tedy takhle. Díky.

#12 Příspěvek od **Rudy** » 25 črc 2016 17:23

OK a nemáte zač!

VIRY.CZ

Havěť CeQeekg

Havěť CeQeekg

Re: Havěť CeQeekg

Re: Havěť CeQeekg

Re: Havěť CeQeekg

Re: Havěť CeQeekg

Re: Havěť CeQeekg

Re: Havěť CeQeekg

Re: Havěť CeQeekg

Re: Havěť CeQeekg

Re: Havěť CeQeekg

Re: Havěť CeQeekg

Re: Havěť CeQeekg