MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

Zpráva

j0e_1 · #1 Příspěvek od **j0e_1** » 04 říj 2016 14:44

RSIT log, je moc dlouhej.. přikládám proto do přílohy.

#2 Příspěvek od **Rudy** » 04 říj 2016 16:22

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

j0e_1 · #3 Příspěvek od **j0e_1** » 04 říj 2016 18:36

# AdwCleaner v6.020 - Logfile created 04/10/2016 at 19:27:02
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-03.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Office - OFF
# Running from : C:\Users\Office\Desktop\adwcleaner_6.020.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service deleted: iSafeKrnlBoot
[-] Service deleted: iSafeKrnlMon
[-] Service deleted: iSafeNetFilter
[-] Service deleted: ggbugreport
[-] Service deleted: Winsere
[-] Service deleted: DeskTop_F
[-] Service deleted: CommandHandler
[-] Service deleted: FirefoxU

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\AwinpA
[-] Folder deleted: C:\ProgramData\cwinpc
[-] Folder deleted: C:\ProgramData\ewinpe
[-] Folder deleted: C:\ProgramData\FwinpF
[-] Folder deleted: C:\ProgramData\GwinpG
[-] Folder deleted: C:\ProgramData\HwinpH
[-] Folder deleted: C:\ProgramData\QwinpQ
[-] Folder deleted: C:\ProgramData\twinpt
[-] Folder deleted: C:\ProgramData\YwinpY
[-] Folder deleted: C:\Users\Office\AppData\Local\Hola
[-] Folder deleted: C:\Users\Office\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Folder deleted: C:\Users\Office\AppData\Local\eAHPeNhIUJ
[-] Folder deleted: C:\Users\Office\AppData\Local\ffgogogo
[#] Folder deleted on reboot: C:\Users\Office\AppData\Local\eahpenhiuj
[-] Folder deleted: C:\Users\Office\AppData\Roaming\eCyber
[-] Folder deleted: C:\Users\Office\AppData\Roaming\Elex-tech
[-] Folder deleted: C:\Users\Office\AppData\Roaming\Hola
[-] Folder deleted: C:\Users\Office\AppData\Roaming\Premium
[-] Folder deleted: C:\Users\Office\AppData\Roaming\RHEng
[-] Folder deleted: C:\Users\Office\AppData\Roaming\qksee
[-] Folder deleted: C:\Users\Office\AppData\Roaming\WinZiper
[-] Folder deleted: C:\Users\Office\AppData\Roaming\Uncheckit
[-] Folder deleted: C:\Users\Office\AppData\Roaming\ffgogogo
[-] Folder deleted: C:\Users\guest1\AppData\Roaming\Elex-tech
[-] Folder deleted: C:\Program Files\Hola
[-] Folder deleted: C:\ProgramData\desktopfind
[-] Folder deleted: C:\ProgramData\Uncheckit
[-] Folder deleted: C:\ProgramData\ChelfNotify
[-] Folder deleted: C:\ProgramData\uckt
[#] Folder deleted on reboot: C:\ProgramData\Application Data\desktopfind
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Uncheckit
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ChelfNotify
[#] Folder deleted on reboot: C:\ProgramData\Application Data\uckt
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
[-] Folder deleted: C:\Users\Public\Documents\eAHPeNhIUJ
[-] Folder deleted: C:\Users\Public\Documents\ffgogogo
[#] Folder deleted on reboot: C:\Users\Public\Documents\eahpenhiuj
[-] Folder deleted: C:\Program Files (x86)\Amazon\ABB
[-] Folder deleted: C:\Program Files (x86)\Elex-tech
[-] Folder deleted: C:\Program Files (x86)\ghokswa
[-] Folder deleted: C:\Program Files (x86)\SFK
[-] Folder deleted: C:\Program Files (x86)\SearchesToYesbnd
[-] Folder deleted: C:\Program Files (x86)\TData
[-] Folder deleted: C:\Program Files (x86)\Winsere
[-] Folder deleted: C:\Program Files (x86)\WinTaske
[-] Folder deleted: C:\Program Files (x86)\QQBrowser
[-] Folder deleted: C:\Program Files (x86)\Uncheckit
[-] Folder deleted: C:\Program Files (x86)\TXQQBrowser
[-] Folder deleted: C:\Program Files (x86)\eAHPeNhIUJ
[-] Folder deleted: C:\Program Files (x86)\ffgogogo Browser
[-] Folder deleted: C:\Program Files (x86)\WinSaber
[#] Folder deleted on reboot: C:\Program Files (x86)\winsaber
[#] Folder deleted on reboot: C:\Program Files (x86)\eahpenhiuj
[-] Folder deleted: C:\Program Files (x86)\_SSpm
[-] Folder deleted: C:\WINDOWS\SysWoW64\_SSpm
[-] Folder deleted: C:\Users\Public\Documents\dmp
[-] Folder deleted: C:\Users\Office\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
[-] Folder deleted: C:\Program Files (x86)\Firefox
[-] Folder deleted: C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd

***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\WINDOWS\SysNative\drivers\iSafeKrnlBoot.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\Users\Office\Desktop\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Office\Desktop\Google office\Facebook.lnk
[-] Shortcut disinfected: C:\Users\Office\Desktop\Google office\Google.lnk
[-] Shortcut disinfected: C:\Users\Office\Desktop\Google office\Twitter.lnk
[-] Shortcut disinfected: C:\Users\Office\Desktop\Google office\Youtube.lnk
[-] Shortcut disinfected: C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Office\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Office\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Office\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\Users\Office\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.001
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.z
[-] Key deleted: HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] Key deleted: HKU\.DEFAULT\Software\Elex-tech
[-] Key deleted: HKU\.DEFAULT\Software\Hola
[-] Key deleted: HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key deleted: HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Key deleted: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Hola
[-] Key deleted: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Key deleted: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\ffgogogo
[-] Key deleted: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hola
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Elex-tech
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Hola
[#] Key deleted on reboot: HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Key deleted on reboot: HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Key deleted on reboot: HKCU\Software\Hola
[#] Key deleted on reboot: HKCU\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Key deleted on reboot: HKCU\Software\ffgogogo
[-] Key deleted: HKLM\SOFTWARE\Elex-tech
[-] Key deleted: HKLM\SOFTWARE\hdcode
[-] Key deleted: HKLM\SOFTWARE\TSv
[-] Key deleted: HKLM\SOFTWARE\yessearchesSoftware
[-] Key deleted: HKLM\SOFTWARE\qkseeSvc
[-] Key deleted: HKLM\SOFTWARE\qksee
[-] Key deleted: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key deleted: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Key deleted: HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[-] Key deleted: HKLM\SOFTWARE\WinZiper
[-] Key deleted: HKLM\SOFTWARE\WinSaberSvc
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hola
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee
[-] Key deleted: HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[#] Key deleted on reboot: [x64] HKCU\Software\Hola
[#] Key deleted on reboot: [x64] HKCU\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Key deleted on reboot: [x64] HKCU\Software\ffgogogo
[-] Key deleted: [x64] HKLM\SOFTWARE\Hola
[-] Key deleted: [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key deleted: [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hola
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\CLIENTS\Corner Sunshine
[-] Data restored: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data restored: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data restored: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default]
[-] Value deleted: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Windows\CurrentVersion\Run [hola]
[-] Value deleted: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [hola]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [hola]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [hola]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [hola]
[-] Key deleted: HKCU\Software\MozillaPlugins\@hola.org/FlashPlayer
[-] Key deleted: HKCU\Software\MozillaPlugins\@hola.org/vlc
[-] Key deleted: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key deleted: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key deleted: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd

***** [ Web browsers ] *****

[-] [C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: google
[-] [C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [15807 Bytes] - [04/10/2016 19:27:02]
C:\AdwCleaner\AdwCleaner[S0].txt - [18889 Bytes] - [04/10/2016 19:06:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [15955 Bytes] ##########

#4 Příspěvek od **Rudy** » 04 říj 2016 18:40

Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

j0e_1 · #5 Příspěvek od **j0e_1** » 04 říj 2016 19:09

Neveslo se do zpravy....

#6 Příspěvek od **Rudy** » 04 říj 2016 20:17

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\...\Run: [BingSvc] => C:\Users\Office\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\...\MountPoints2: {380efac8-7b48-11e6-831c-0025ab55d9ff} - "E:\Setup.exe"
HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\...\MountPoints2: {4fc2c1bd-80f3-11e6-8321-b8ee652c1ace} - "E:\Setup.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
Toolbar: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mylucky123.com/?type=sc&ts=14752079 ... 4630346303
FF Homepage: Mozilla\Firefox\Profiles\kxv50f8u.default-1473505144021 -> hxxp://www.nuesearch.com/?
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Office\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Office\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0961fddf13945
C:\WINDOWS\System32\Tasks\eAHPeNhIUJCheckTask
C:\WINDOWS\System32\Tasks\eAHPeNhIUJBrowserUpdateUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0961fdc9ba50c
C:\WINDOWS\System32\Tasks\KMSAutoNet
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
C:\ProgramData\KMSAutoS
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0961fddf13945.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0961fdc9ba50c.job
C:\ProgramData\DP45977C.lfl
C:\ProgramData\dvrs.dat
C:\Users\Office\AppData\Local\Temp
Task: {089682B2-C680-494F-A7A7-C9B910841B4A} - System32\Tasks\AvgSetup => C:\WINDOWS\Temp\AvgSetup\388bf1a0-4a2e-47cc-a14c-d16cedb1300c\install\avgsetupx.exe <==== ATTENTION
Task: {127BA205-CF71-4ACD-93E8-735306C2A122} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {289B934C-34DB-4FDD-817E-5CEB436BD45F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3C733B8E-2234-474B-A693-F89FBA942D8D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {509092DE-7D4D-44E1-A2F0-5DB381CD6DD3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5E9711BE-8BC1-4477-8D01-17F3B25A5F19} - System32\Tasks\eAHPeNhIUJBrowserUpdateUA => C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_server.exe <==== ATTENTION
Task: {61C4DF72-4631-4760-8C40-6EF6203980ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {704721AA-6528-44B1-9C22-96658F76EB67} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
ask: {77042B4A-19F4-459C-A049-80C7FBA65977} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9747B317-D242-41AE-8EEB-A014E86BAEA9} - \WPD\SqmUpload_S-1-5-21-3405886302-3877856416-3159069044-1001 -> No File <==== ATTENTION
Task: {B414100D-BA27-439A-B89D-64AEBFF19835} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C2594C25-21C1-4519-A492-7A8C1BB2E22F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C79D9966-A70A-4444-8829-FE92FAABE3D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F798C9BA-5F41-4B4B-97AC-ACE8363B9415} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FD348530-D73C-49D9-B951-305F4E8AA6EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\AvgSetup.job => C:\WINDOWS\Temp\AvgSetup\388bf1a0-4a2e-47cc-a14c-d16cedb1300c\install\avgsetupx.exe <==== ATTENTION
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

j0e_1 · #7 Příspěvek od **j0e_1** » 05 říj 2016 08:50

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by Office (05-10-2016 09:44:13) Run:1
Running from C:\Users\Office\Desktop
Loaded Profiles: Office (Available Profiles: Office & guest1 & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\...\Run: [BingSvc] => C:\Users\Office\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\...\MountPoints2: {380efac8-7b48-11e6-831c-0025ab55d9ff} - "E:\Setup.exe"
HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\...\MountPoints2: {4fc2c1bd-80f3-11e6-8321-b8ee652c1ace} - "E:\Setup.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
Toolbar: HKU\S-1-5-21-3405886302-3877856416-3159069044-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mylucky123.com/?type=sc&ts=1 ... 4630346303
FF Homepage: Mozilla\Firefox\Profiles\kxv50f8u.default-1473505144021 -> hxxp://www.nuesearch.com/?
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Office\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Office\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0961fddf13945
C:\WINDOWS\System32\Tasks\eAHPeNhIUJCheckTask
C:\WINDOWS\System32\Tasks\eAHPeNhIUJBrowserUpdateUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0961fdc9ba50c
C:\WINDOWS\System32\Tasks\KMSAutoNet
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
C:\ProgramData\KMSAutoS
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0961fddf13945.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0961fdc9ba50c.job
C:\ProgramData\DP45977C.lfl
C:\ProgramData\dvrs.dat
C:\Users\Office\AppData\Local\Temp
Task: {089682B2-C680-494F-A7A7-C9B910841B4A} - System32\Tasks\AvgSetup => C:\WINDOWS\Temp\AvgSetup\388bf1a0-4a2e-47cc-a14c-d16cedb1300c\install\avgsetupx.exe <==== ATTENTION
Task: {127BA205-CF71-4ACD-93E8-735306C2A122} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {289B934C-34DB-4FDD-817E-5CEB436BD45F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3C733B8E-2234-474B-A693-F89FBA942D8D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {509092DE-7D4D-44E1-A2F0-5DB381CD6DD3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5E9711BE-8BC1-4477-8D01-17F3B25A5F19} - System32\Tasks\eAHPeNhIUJBrowserUpdateUA => C:\Program Files (x86)\eAHPeNhIUJ\eAHPeNhIUJ\bin\eAHPeNhIUJ_server.exe <==== ATTENTION
Task: {61C4DF72-4631-4760-8C40-6EF6203980ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {704721AA-6528-44B1-9C22-96658F76EB67} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
ask: {77042B4A-19F4-459C-A049-80C7FBA65977} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9747B317-D242-41AE-8EEB-A014E86BAEA9} - \WPD\SqmUpload_S-1-5-21-3405886302-3877856416-3159069044-1001 -> No File <==== ATTENTION
Task: {B414100D-BA27-439A-B89D-64AEBFF19835} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C2594C25-21C1-4519-A492-7A8C1BB2E22F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C79D9966-A70A-4444-8829-FE92FAABE3D9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F798C9BA-5F41-4B4B-97AC-ACE8363B9415} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FD348530-D73C-49D9-B951-305F4E8AA6EB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\AvgSetup.job => C:\WINDOWS\Temp\AvgSetup\388bf1a0-4a2e-47cc-a14c-d16cedb1300c\install\avgsetupx.exe <==== ATTENTION
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
"HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{380efac8-7b48-11e6-831c-0025ab55d9ff}" => key removed successfully
HKCR\CLSID\{380efac8-7b48-11e6-831c-0025ab55d9ff} => key not found.
"HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fc2c1bd-80f3-11e6-8321-b8ee652c1ace}" => key removed successfully
HKCR\CLSID\{4fc2c1bd-80f3-11e6-8321-b8ee652c1ace} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-3405886302-3877856416-3159069044-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => value removed successfully
HKCR\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
Firefox "homepage" removed successfully
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/FlashPlayer" => key removed successfully
C:\Users\Office\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll => not found.
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
C:\Users\Office\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0961fddf13945 => moved successfully
C:\WINDOWS\System32\Tasks\eAHPeNhIUJCheckTask => moved successfully
C:\WINDOWS\System32\Tasks\eAHPeNhIUJBrowserUpdateUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0961fdc9ba50c => moved successfully
C:\WINDOWS\System32\Tasks\KMSAutoNet => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat => moved successfully
C:\ProgramData\KMSAutoS => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0961fddf13945.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0961fdc9ba50c.job => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\dvrs.dat => moved successfully

"C:\Users\Office\AppData\Local\Temp" folder move:

Could not move "C:\Users\Office\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{089682B2-C680-494F-A7A7-C9B910841B4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{089682B2-C680-494F-A7A7-C9B910841B4A}" => key removed successfully
C:\WINDOWS\System32\Tasks\AvgSetup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AvgSetup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{127BA205-CF71-4ACD-93E8-735306C2A122}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{127BA205-CF71-4ACD-93E8-735306C2A122}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{289B934C-34DB-4FDD-817E-5CEB436BD45F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{289B934C-34DB-4FDD-817E-5CEB436BD45F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C733B8E-2234-474B-A693-F89FBA942D8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C733B8E-2234-474B-A693-F89FBA942D8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{509092DE-7D4D-44E1-A2F0-5DB381CD6DD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{509092DE-7D4D-44E1-A2F0-5DB381CD6DD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E9711BE-8BC1-4477-8D01-17F3B25A5F19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E9711BE-8BC1-4477-8D01-17F3B25A5F19}" => key removed successfully
C:\WINDOWS\System32\Tasks\eAHPeNhIUJBrowserUpdateUA => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eAHPeNhIUJBrowserUpdateUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61C4DF72-4631-4760-8C40-6EF6203980ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61C4DF72-4631-4760-8C40-6EF6203980ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{704721AA-6528-44B1-9C22-96658F76EB67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{704721AA-6528-44B1-9C22-96658F76EB67}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
ask: {77042B4A-19F4-459C-A049-80C7FBA65977} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9747B317-D242-41AE-8EEB-A014E86BAEA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9747B317-D242-41AE-8EEB-A014E86BAEA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3405886302-3877856416-3159069044-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B414100D-BA27-439A-B89D-64AEBFF19835}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B414100D-BA27-439A-B89D-64AEBFF19835}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2594C25-21C1-4519-A492-7A8C1BB2E22F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2594C25-21C1-4519-A492-7A8C1BB2E22F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C79D9966-A70A-4444-8829-FE92FAABE3D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C79D9966-A70A-4444-8829-FE92FAABE3D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F798C9BA-5F41-4B4B-97AC-ACE8363B9415}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F798C9BA-5F41-4B4B-97AC-ACE8363B9415}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD348530-D73C-49D9-B951-305F4E8AA6EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD348530-D73C-49D9-B951-305F4E8AA6EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
C:\WINDOWS\Tasks\AvgSetup.job => moved successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-10-2016 09:47:26)

C:\Users\Office\AppData\Local\Temp => moved successfully

==== End of Fixlog 09:47:28 ====

#8 Příspěvek od **Rudy** » 05 říj 2016 17:28

Smazáno. Log by již měl být OK.

j0e_1 · #9 Příspěvek od **j0e_1** » 06 říj 2016 09:25

Díky moc

#10 Příspěvek od **Rudy** » 06 říj 2016 16:54

Nemáte zač!

VIRY.CZ

MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

Re: MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

Re: MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

Re: MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

Re: MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

Re: MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

Re: MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

Re: MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

Re: MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě

Re: MALWER, ROOTKIT, ADWARE... a Bůh ví co ještě