VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

zavirovaný počítač

https://forum.viry.cz:443/viewtopic.php?t=149909

Stránka 1 z 1

zavirovaný počítač

Napsal: 03 zář 2016 17:24
od feraf
Prosím o kontrolu logu. FRSTLauncher nejde spustit protože tomu brání nějaký čínský antivir nobo co a po předchozí počáteční kontrole adwcleanrem kdy vyskočilo skoro 200 virů tak bych radči prosil o pomoc. Lečení adwcleanrem jsem neprováděl jenom scan.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by user (administrator) on USER-PC (03-09-2016 18:08:01)
Running from C:\Desktop\Nová složka
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Fishlamp\Application\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCRTP.exe
(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\qkseeSvc.exe
(Winziper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files (x86)\Uncheckit\cktSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TODO: <Company name>) C:\Program Files (x86)\SoEasySvc\SoEasySvc.exe
(evangel technology (hk) limited) C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe
(EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files (x86)\Uncheckit\UncheckitBsn.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTray.exe
() C:\Program Files (x86)\OLBPre\OLBPre.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
() C:\ProgramData\Fishlamp\Fishlamp.exe
() C:\ProgramData\IHeeaWA\protect\protect.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Fishlamp\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Fishlamp\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Fishlamp\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Fishlamp\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-03-23] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3622912 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCTray.exe [364776 2016-05-31] (Tencent)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51662464 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1732368 2016-07-12] (Lavasoft)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\Run: [Chromium] => c:\users\user\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 18\Program32\ZPSTRAY.EXE [680528 2016-03-24] (ZONER software)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\MountPoints2: {9af51b9b-6fe2-11e4-aafd-001f16b217b4} - E:\PMCsetup.exe
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QMGCShellExt64.dll [2016-05-31] (Tencent)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1578760874-2601509612-2761757911-1000] => hxxp://un-stop.net/wpad.dat?14551838b43a7a8f8d0d2ee7a0b337367832507
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 16 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-10] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-10] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-10] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-10] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-04-10] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.2
Tcpip\..\Interfaces\{928BDA04-F686-42A8-9C23-187109C81C8E}: [DhcpNameServer] 192.168.2.2
ManualProxies: 0hxxp://un-stop.net/wpad.dat?14551838b43a7a8f8d0d2ee7a0b337367832507

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=146790982 ... X49G7W46GW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://xinjunshi.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=147006213 ... X49G7W46GW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=147006213 ... X49G7W46GW
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://xinjunshi.com
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=147006213 ... X49G7W46GW
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... earchTerms}
SearchScopes: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TSWebMon64.dat [2016-05-31] (Tencent)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: hxxp://www.nicesearches.com?type=hp&ts=1459853 ... bw6c3o3mcz
FF DefaultSearchEngine: hohosearch
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
FF SelectedSearchEngine: nice
FF Homepage: hxxp://www.nicesearches.com?type=hp&ts=1459853 ... bw6c3o3mcz
FF Keyword.URL: hxxp://www.hohosearch.com/chrome.php?uid=CBC99 ... toolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-17] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-03-26] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\npQMExtensionsMozilla.dll [2016-05-31] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k7oqug8r.default\searchplugins\nuesearch.xml [2016-06-13]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-19]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\searchplugins\DD1B66D4.xml [2016-03-19]
FF Extension: (xRocket Toolbar) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com [2016-04-05] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [not found]
FF Extension: (GsearchFinder) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-17]
FF Extension: (GsearchFinder) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-17]
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-17]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S2 BirdsarahU; C:\Program Files (x86)\Birdsarah\Update\BirdsarahUpdate.exe [591744 2016-06-23] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 cktSvc; C:\Program Files (x86)\Uncheckit\cktSvc.exe [274176 2016-07-05] (EVANGEL TECHNOLOGY (HK) LIMITED)
R2 FishlampP; C:\ProgramData\Fishlamp\Fishlamp.exe [429952 2016-07-12] ()
S2 FishlampU; C:\Program Files (x86)\Fishlamp\Update\FishlampUpdate.exe [567184 2016-07-12] ()
S2 ggbugreport; C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe [1592888 2016-03-17] () [File not signed]
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3452928 2009-09-05] (Egis Technology Inc.) [File not signed]
R2 IHeeaWA_protect; C:\ProgramData\IHeeaWA\protect\protect.exe [303016 2016-04-22] ()
S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-04-08] (Elex do Brasil Participações Ltda)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-07-12] (Lavasoft Limited)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [752376 2016-06-20] (Qksee Pvt Ltd.)
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCRTP.exe [311768 2016-05-31] (Tencent)
U2 QQRepair909; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepair909 [155368 2016-09-03] ()
S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\QQRepairFixSVC [155368 2016-09-03] ()
R2 SoEasySvc; C:\Program Files (x86)\SoEasySvc\SoEasySvc.exe [110776 2016-08-04] (TODO: <Company name>) <==== ATTENTION
R2 UncheckitSvc; C:\Program Files (x86)\Uncheckit\UncheckitSvc.exe [247552 2016-07-05] (evangel technology (hk) limited)
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-07-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-14] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1301112 2016-06-29] (Winziper Pvt Ltd.) <==== ATTENTION
S2 gerocyni; C:\Program Files (x86)\A0FA5EE0-1458385860-DE11-9C32-A574870ACFA8\jnsvBC01.tmp [X]
S2 IHeeaWA_update; "C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe" [X]
S2 IhPul; C:\Users\user\AppData\Roaming\TSv\TSvr.exe [X]
S2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X]
S2 WdMan; no ImagePath
S2 winsaber; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-24] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-24] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-17] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-09-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-17] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-05-05] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QMUdisk64.sys [189432 2016-08-30] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQSysMonX64.sys [152568 2016-05-31] (电脑管家)
R3 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\softaal64.sys [42488 2016-05-31] (Tencent)
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [185848 2016-09-03] ()
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [97880 2016-05-31] (Tencent)
R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [145400 2016-05-31] (Tencent Technology(Shenzhen) Company Limited)
R3 TcHardWare; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCHW-x64.sys [16552 2016-05-31] (Tencent)
R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [95224 2016-05-31] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TS888x64.sys [38520 2016-09-03] (Tencent)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TSDefenseBT64.sys [28984 2016-05-31] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TsNetHlpX64.sys [55800 2016-05-31] ()
R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-03-16] (电脑管家)
R4 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\TSSysKit64.sys [94712 2016-05-31] (电脑管家)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-03 18:07 - 2016-09-03 18:08 - 00000000 ____D C:\FRST
2016-09-03 17:40 - 2016-09-03 17:44 - 00000000 ____D C:\AdwCleaner
2016-09-03 17:35 - 2016-09-03 17:35 - 00000000 _____ C:\Windows\SysWOW64\tmp6.html
2016-09-03 17:29 - 2016-09-03 17:29 - 00000000 _____ C:\Windows\SysWOW64\tmp4.html
2016-09-03 09:00 - 2016-09-03 09:00 - 00000000 _____ C:\Windows\SysWOW64\tmp9.html
2016-08-22 16:23 - 2016-08-22 16:23 - 00000000 ____D C:\ProgramData\gwinpg
2016-08-22 16:23 - 2016-08-22 16:23 - 00000000 ____D C:\Program Files (x86)\0ecqxzge
2016-08-22 16:16 - 2016-08-22 16:22 - 00000000 ____D C:\Program Files (x86)\cg3tls5v
2016-08-14 20:42 - 2016-08-14 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-08-13 16:50 - 2016-08-17 18:11 - 01001304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-13 16:50 - 2015-12-11 17:28 - 00182152 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-08-13 16:37 - 2016-08-13 16:37 - 00000000 ____D C:\Users\user\AppData\Local\Fishlamp
2016-08-13 15:02 - 2016-08-13 15:02 - 00000000 ____D C:\Users\Public\Documents\chrome
2016-08-05 05:56 - 2016-08-22 16:23 - 00003438 _____ C:\Windows\System32\Tasks\ChelfNotify Task
2016-08-05 05:56 - 2016-08-05 05:56 - 00000000 ____D C:\Program Files (x86)\SoEasySvc
2016-08-05 05:55 - 2016-08-24 06:03 - 00000000 ____D C:\ProgramData\ChelfNotify
2016-08-05 05:54 - 2016-08-05 05:56 - 00000000 ____D C:\Program Files (x86)\1q19cdk3

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-03 18:03 - 2016-06-08 15:36 - 00000904 _____ C:\Users\Public\Documents\report.dat
2016-09-03 17:59 - 2014-10-26 10:56 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-03 17:58 - 2014-10-13 10:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-09-03 17:55 - 2016-06-20 10:49 - 00000000 ____D C:\Program Files (x86)\qksee
2016-09-03 17:55 - 2016-04-14 08:55 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-09-03 17:55 - 2016-02-09 19:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-03 17:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-03 17:53 - 2011-04-12 10:34 - 00671630 _____ C:\Windows\system32\perfh005.dat
2016-09-03 17:53 - 2011-04-12 10:34 - 00142194 _____ C:\Windows\system32\perfc005.dat
2016-09-03 17:53 - 2009-07-14 07:13 - 01590850 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-03 17:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-03 17:52 - 2015-03-14 21:32 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-09-03 17:49 - 2016-07-12 16:10 - 00000101 _____ C:\Users\Public\Documents\report1.dat
2016-09-03 17:48 - 2009-07-14 06:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-03 17:48 - 2009-07-14 06:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-03 17:37 - 2016-03-21 11:13 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2016-09-03 17:35 - 2016-03-19 13:47 - 00000000 ____D C:\ProgramData\TXQMPC
2016-09-03 17:34 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-30 18:31 - 2014-10-14 08:43 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-08-30 17:49 - 2016-07-12 16:12 - 00003552 _____ C:\Windows\System32\Tasks\FishlampUpdateTaskMachineCore
2016-08-30 17:49 - 2016-07-12 16:12 - 00003468 _____ C:\Windows\System32\Tasks\FishlampUpdateTaskMachineUA
2016-08-24 06:03 - 2016-03-19 13:32 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
2016-08-17 18:20 - 2016-06-24 09:33 - 00000000 ____D C:\ProgramData\Birdsarah
2016-08-17 18:11 - 2015-12-03 11:10 - 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-17 18:09 - 2016-05-05 03:43 - 00236888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-16 03:09 - 2016-06-24 09:33 - 00003472 _____ C:\Windows\System32\Tasks\BirdsarahUpdateTaskMachineUA
2016-08-15 20:36 - 2014-10-14 08:45 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-15 20:36 - 2014-10-14 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-15 20:36 - 2014-10-14 08:45 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-08-14 20:41 - 2016-02-09 19:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-08-13 17:35 - 2016-08-01 05:55 - 00000001 _____ C:\Windows\SysWOW64\en.html
2016-08-13 14:02 - 2016-04-14 08:55 - 00000000 ____D C:\Users\user\AppData\Roaming\TSv
2016-08-07 18:03 - 2016-06-24 09:33 - 00003556 _____ C:\Windows\System32\Tasks\BirdsarahUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-07-01 14:57 - 2016-08-01 16:34 - 2983895 _____ (Update) C:\Program Files (x86)\SSFK.exe
2016-03-19 13:49 - 2016-03-19 13:49 - 0005120 _____ () C:\Users\user\AppData\Roaming\GiftBag.db

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\ba5552f8-cf29-4353-a4f9-e1aafb31168a.exe
C:\Users\user\AppData\Local\Temp\kw1whrc4.dll
C:\Users\user\AppData\Local\Temp\MSETUP4.EXE
C:\Users\user\AppData\Local\Temp\ose00000.exe
C:\Users\user\AppData\Local\Temp\PCMgr_Setup_11_4_17347_218.exe
C:\Users\user\AppData\Local\Temp\PCMgr_Setup_11_6_17645_227.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\TempQMRouterMgrSetup_11.6.17645.227_1464161443429.exe
C:\Users\user\AppData\Local\Temp\TempQMSystemSetup_11.6.17645.227_1464161424232.exe
C:\Users\user\AppData\Local\Temp\utt3AC3.tmp.exe
C:\Users\user\AppData\Local\Temp\utt4E9C.tmp.exe
C:\Users\user\AppData\Local\Temp\uttFA68.tmp.exe
C:\Users\user\AppData\Local\Temp\vKOeRXN05y.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-17 18:53

==================== End of FRST.txt ============================

Re: zavirovaný počítač

Napsal: 03 zář 2016 17:30
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: zavirovaný počítač

Napsal: 03 zář 2016 20:17
od feraf
adwcleaner stále jede, ale neodpovída, ukazatel průmběhu píše hotovo ale program zamrzl. Můžu restartovat pc?

Re: zavirovaný počítač

Napsal: 03 zář 2016 20:23
od Rudy
Můžete. Přejděte do nouz. režimu a spusťte ADW v něm.

Re: zavirovaný počítač

Napsal: 03 zář 2016 20:56
od feraf
Tady je log z čištění:

# AdwCleaner v6.010 - Log soubor vytvořen 03/09/2016 na 21:40:53
# Aktualizováno dne 12/08/2016 z ToolsLib
# Databáze : 2016-09-03.1 [Místní]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : user - USER-PC
# Beží od : E:\adwcleaner_6.010.exe
# Mod: Čištění
# Podpora : https://toolslib.net/forum



***** [ Služby ] *****

[-] Služby smazány:QQRepair569
[-] Služby smazány:QQRepairFixSVC
[-] Služby smazány:QQPCRTP
[-] Služby smazány:TSDefenseBt
[-] Služby smazány:SRepairDrv


***** [ Adresáře ] *****

[-] Adresář smazán:C:\users\user\AppData\Roaming\tencent
[-] Adresář smazán:C:\users\user\AppData\Roaming\Uncheckit
[#] Adresář nelze smazat:C:\users\user\AppData\Roaming\Tencent
[-] Adresář smazán:C:\Program Files\Common Files\tencent
[#] Adresář nelze smazat:C:\Program Files\Common Files\Tencent
[-] Adresář smazán:C:\ProgramData\tencent
[-] Adresář smazán:C:\ProgramData\TXQMPC
[#] Adresář nelze smazat:C:\ProgramData\Tencent
[-] Adresář smazán:C:\ProgramData\Fishlamp
[#] Adresář nelze smazat:C:\ProgramData\Application Data\tencent
[#] Adresář nelze smazat:C:\ProgramData\Application Data\TXQMPC
[#] Adresář nelze smazat:C:\ProgramData\Application Data\Tencent
[#] Adresář nelze smazat:C:\ProgramData\Application Data\Fishlamp
[-] Adresář smazán:C:\Program Files (x86)\Elex-tech
[-] Adresář smazán:C:\Program Files (x86)\tencent
[-] Adresář smazán:C:\Program Files (x86)\WinZipper
[-] Adresář smazán:C:\Program Files (x86)\SearchesToYesbnd
[-] Adresář smazán:C:\Program Files (x86)\qksee
[#] Adresář nelze smazat:C:\Program Files (x86)\Tencent
[-] Adresář smazán:C:\Program Files (x86)\SoEasySvc


***** [ Soubory ] *****

[-] Soubor smazán:C:\Windows\SysNative\LavasoftTcpService64.dll
[-] Soubor smazán:C:\Windows\SysNative\drivers\TFsFltX64.sys


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupce ] *****



***** [ Plánovač úloh ] *****



***** [ Registry ] *****

[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
[-] Data obnovena:[x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data obnovena:HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]


***** [ Prohlížeče ] *****

[-] Firefox nastavení vyčištěno:"browser.search.searchengine.url" - "hxxp://www.nicesearches.com/search.php?type=ds ... earchTerms}"
[-] Firefox nastavení vyčištěno:"browser.startup.homepage" - "hxxp://www.nicesearches.com?type=hp&ts=1459853 ... bw6c3o3mcz"
[-] Firefox nastavení vyčištěno:"browser.newtab.url" - "hxxp://www.nicesearches.com?type=hp&ts=1459853 ... bw6c3o3mcz"


*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3392 Bajtů] - [03/09/2016 21:40:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [35141 Bajtů] - [03/09/2016 17:44:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [35697 Bajtů] - [03/09/2016 18:30:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [3930 Bajtů] - [03/09/2016 21:31:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3690 Bajtů] ##########

Re: zavirovaný počítač

Napsal: 03 zář 2016 20:57
od feraf
A ještě pro jistotu posílám log z toho skenu, který se seknul

# AdwCleaner v6.010 - Log soubor vytvořen 03/09/2016 na 18:30:14
# Aktualizováno dne 12/08/2016 z ToolsLib
# Databáze : 2016-09-03.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : user - USER-PC
# Beží od : E:\adwcleaner_6.010.exe
# Mod: Skenování
# Podpora : https://toolslib.net/forum



***** [ Služby ] *****

SLužba nalezena: QQRepair909
SLužba nalezena: QQRepairFixSVC
SLužba nalezena: gerocyni
SLužba nalezena: iSafeKrnl
SLužba nalezena: iSafeKrnlBoot
SLužba nalezena: iSafeKrnlKit
SLužba nalezena: iSafeKrnlMon
SLužba nalezena: iSafeKrnlR3
SLužba nalezena: iSafeNetFilter
SLužba nalezena: iSafeService
SLužba nalezena: QQPCRTP
SLužba nalezena: winzipersvc
SLužba nalezena: TAOAccelerator
SLužba nalezena: TSDefenseBt
SLužba nalezena: TSSysKit
SLužba nalezena: QMUdisk
SLužba nalezena: TS888x64
SLužba nalezena: QQSysMonX64
SLužba nalezena: TFsFlt
SLužba nalezena: TAOKernelDriver
SLužba nalezena: TSSKX64
SLužba nalezena: SSFK
SLužba nalezena: IhPul
SLužba nalezena: WdMan
SLužba nalezena: softaal
SLužba nalezena: ggbugreport
SLužba nalezena: SRepairDrv
SLužba nalezena: LavasoftTcpService
SLužba nalezena: tsnethlpx64
SLužba nalezena: qkseeService
SLužba nalezena: WCAssistantService
SLužba nalezena: winsaber
SLužba nalezena: UncheckitSvc
SLužba nalezena: cktSvc
SLužba nalezena: SoEasySvc


***** [ Adresáře ] *****

Složka nalezena: C:\Program Files (x86)\A0FA5EE0-1458385860-DE11-9C32-A574870ACFA8
Složka nalezena: C:\ProgramData\bwinpb
Složka nalezena: C:\ProgramData\CwinpC
Složka nalezena: C:\ProgramData\gwinpg
Složka nalezena: C:\ProgramData\KwinpK
Složka nalezena: C:\ProgramData\WwinpW
Složka nalezena: C:\ProgramData\ywinpy
Složka nalezena: C:\users\user\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
Složka nalezena: C:\users\user\AppData\Local\ffgogogo
Složka nalezena: C:\users\user\AppData\Local\Fishlamp
Složka nalezena: C:\users\user\AppData\Local\Birdsarah
Složka nalezena: C:\users\user\AppData\Local\iheeawa
Složka nalezena: C:\users\user\AppData\Roaming\eCyber
Složka nalezena: C:\users\user\AppData\Roaming\Elex-tech
Složka nalezena: C:\users\user\AppData\Roaming\tencent
Složka nalezena: C:\users\user\AppData\Roaming\TSv
Složka nalezena: C:\users\user\AppData\Roaming\SpringFiles
Složka nalezena: C:\users\user\AppData\Roaming\lavasoft\web companion
Složka nalezena: C:\users\user\AppData\Roaming\qksee
Složka nalezena: C:\users\user\AppData\Roaming\ASPackage
Složka nalezena: C:\users\user\AppData\Roaming\WinZiper
Složka nalezena: C:\users\user\AppData\Roaming\Uncheckit
Složka nalezena: C:\users\user\AppData\Roaming\ffgogogo
Složka nalezena: C:\users\user\AppData\Roaming\Tencent
Složka nalezena: C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Složka nalezena: C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
Složka nalezena: C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
Složka nalezena: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\YourGSearchFinder_br
Složka nalezena: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\YourGSearchFinder_br
Složka nalezena: C:\Program Files\Common Files\tencent
Složka nalezena: C:\Program Files\Common Files\Tencent
Složka nalezena: C:\ProgramData\tencent
Složka nalezena: C:\ProgramData\TXQMPC
Složka nalezena: C:\ProgramData\lavasoft\web companion
Složka nalezena: C:\ProgramData\Uncheckit
Složka nalezena: C:\ProgramData\Tencent
Složka nalezena: C:\ProgramData\ChelfNotify
Složka nalezena: C:\ProgramData\uckt
Složka nalezena: C:\ProgramData\Fishlamp
Složka nalezena: C:\ProgramData\Birdsarah
Složka nalezena: C:\ProgramData\iheeawa
Složka nalezena: C:\ProgramData\Application Data\tencent
Složka nalezena: C:\ProgramData\Application Data\TXQMPC
Složka nalezena: C:\ProgramData\Application Data\lavasoft\web companion
Složka nalezena: C:\ProgramData\Application Data\Uncheckit
Složka nalezena: C:\ProgramData\Application Data\Tencent
Složka nalezena: C:\ProgramData\Application Data\ChelfNotify
Složka nalezena: C:\ProgramData\Application Data\uckt
Složka nalezena: C:\ProgramData\Application Data\Fishlamp
Složka nalezena: C:\ProgramData\Application Data\Birdsarah
Složka nalezena: C:\ProgramData\Application Data\iheeawa
Složka nalezena: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
Složka nalezena: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
Složka nalezena: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uncheckit
Složka nalezena: C:\Users\Public\Documents\iheeawa
Složka nalezena: C:\ProgramData\Microsoft\Windows\Start Menu\SprgFiles
Složka nalezena: C:\Program Files (x86)\Elex-tech
Složka nalezena: C:\Program Files (x86)\OLBPre
Složka nalezena: C:\Program Files (x86)\SFK
Složka nalezena: C:\Program Files (x86)\tencent
Složka nalezena: C:\Program Files (x86)\WinZipper
Složka nalezena: C:\Program Files (x86)\SearchesToYesbnd
Složka nalezena: C:\Program Files (x86)\TData
Složka nalezena: C:\Program Files (x86)\SprgFiles
Složka nalezena: C:\Program Files (x86)\lavasoft\web companion
Složka nalezena: C:\Program Files (x86)\qksee
Složka nalezena: C:\Program Files (x86)\QQBrowser
Složka nalezena: C:\Program Files (x86)\vreXjvX
Složka nalezena: C:\Program Files (x86)\Uncheckit
Složka nalezena: C:\Program Files (x86)\TXQQBrowser
Složka nalezena: C:\Program Files (x86)\ffgogogo Browser
Složka nalezena: C:\Program Files (x86)\Tencent
Složka nalezena: C:\Program Files (x86)\WinSaber
Složka nalezena: C:\Program Files (x86)\SoEasySvc
Složka nalezena: C:\Program Files (x86)\winsaber
Složka nalezena: C:\Program Files (x86)\Fishlamp
Složka nalezena: C:\Program Files (x86)\Birdsarah
Složka nalezena: C:\Program Files (x86)\iheeawa
Složka nalezena: C:\Program Files (x86)\vrexjvx
Složka nalezena: C:\Program Files (x86)\Common Files\tencent
Složka nalezena: C:\Program Files (x86)\Common Files\Tencent
Složka nalezena: C:\Windows\SysWOW64\_SSpm
Složka nalezena: C:\Users\user\AppData\Local\Temp\tencent
Složka nalezena: C:\Users\user\AppData\Local\Temp\Tencent
Složka nalezena: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Složka nalezena: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Uncheckit
Složka nalezena: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
Složka nalezena: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
Složka nalezena: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
Složka nalezena: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\arthurj8283@gmail.com


***** [ Soubory ] *****

Soubor nalezen: C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user Pinned\StartMenu\电脑管家.lnk
Soubor nalezen: C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user Pinned\StartMenu\qksee.lnk
Soubor nalezen: C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\电脑管家\电脑管家.lnk
Soubor nalezen: C:\Windows\SysNative\log\iSafeKrnlCall.log
Soubor nalezen: C:\Windows\SysNative\LavasoftTcpService64.dll
Soubor nalezen: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
Soubor nalezen: C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
Soubor nalezen: C:\Windows\SysNative\drivers\iSafeNetFilter.sys
Soubor nalezen: C:\Windows\SysNative\drivers\TAOAccelerator64.sys
Soubor nalezen: C:\Windows\SysNative\drivers\TSSKX64.sys
Soubor nalezen: C:\Windows\SysNative\drivers\TAOKernel64.sys
Soubor nalezen: C:\Windows\SysNative\drivers\TFsFltX64.sys
Soubor nalezen: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
Soubor nalezen: C:\Windows\SysWOW64\lavasofttcpservice.dll
Soubor nalezen: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Soubor nalezen: C:\Windows\SysWOW64\drivers\TS888x64.sys
Soubor nalezen: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\dd1b66d4.xml
Soubor nalezen: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\searchplugins\dd1b66d4.xml
Soubor nalezen: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k7oqug8r.default\searchplugins\nuesearch.xml


***** [ DLL ] *****

Nebyly nalezeny žádné škodlivé DLL soubory.


***** [ WMI ] *****

Nebyly nalezeny žádné škodlivé klíče.


***** [ Zástupce ] *****

Žádné infikovaný zástupce nenalezen.


***** [ Plánovač úloh ] *****

Úkol nalezen: LaunchPreSignup
Úkol nalezen: WinTaske
Úkol nalezen: Browser Updater Task(Core)
Úkol nalezen: UncheckitTaskMN
Úkol nalezen: UncheckitUpdateTaskC
Úkol nalezen: UncheckitUpdateTaskDB
Úkol nalezen: ffgogogoCheckTask
Úkol nalezen: ffgogogoBrowserUpdateUA
Úkol nalezen: ChelfNotify Task


***** [ Registry ] *****

Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.001
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.7z
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.arj
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.bz2
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.bzip2
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.cab
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.cpio
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.deb
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.dmg
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.fat
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.gz
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.gzip
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.hfs
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.iso
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.lha
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.lzh
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.lzma
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.ntfs
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.rar
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.rpm
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.squashfs
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.swm
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.tar
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.taz
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.tbz
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.tbz2
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.tgz
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.tpz
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.txz
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.vhd
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.wim
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.xar
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.xz
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.z
Klíč nalezen: HKLM\SOFTWARE\Classes\WinZippers.zip
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Klíč nalezen: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Klíč nalezen: HKLM\SOFTWARE\Classes\metnsd
Klíč nalezen: HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
Klíč nalezen: HKLM\SOFTWARE\Classes\qkseeViewer.bmp
Klíč nalezen: HKLM\SOFTWARE\Classes\qkseeViewer.gif
Klíč nalezen: HKLM\SOFTWARE\Classes\qkseeViewer.ico
Klíč nalezen: HKLM\SOFTWARE\Classes\qkseeViewer.jpeg
Klíč nalezen: HKLM\SOFTWARE\Classes\qkseeViewer.jpg
Klíč nalezen: HKLM\SOFTWARE\Classes\qkseeViewer.png
Klíč nalezen: HKLM\SOFTWARE\Classes\qkseeViewer.tif
Klíč nalezen: HKLM\SOFTWARE\Classes\qmbfile
Klíč nalezen: HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu
Klíč nalezen: HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1
Klíč nalezen: HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
Klíč nalezen: HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
Klíč nalezen: HKLM\SOFTWARE\Classes\qmgcfiles
Klíč nalezen: HKLM\SOFTWARE\Classes\QMSoftExt.QMContextMenu
Klíč nalezen: HKLM\SOFTWARE\Classes\QMSoftExt.QMContextMenu.1
Klíč nalezen: HKLM\SOFTWARE\Classes\qpakfile
Klíč nalezen: HKLM\SOFTWARE\Classes\qqapp
Klíč nalezen: HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid
Klíč nalezen: HKLM\SOFTWARE\Classes\QQAppIEAgentEx.AgentForAndroid.1
Klíč nalezen: HKLM\SOFTWARE\Classes\QQPCMgr.qbox
Klíč nalezen: HKLM\SOFTWARE\Classes\qqpro
Klíč nalezen: HKLM\SOFTWARE\Classes\TencentAndroidAssistant
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4CBF-A009-2673D82C7BF9}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
Klíč nalezen: [x64] HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{754DF2CE-51E8-4895-B53C-6381418B84AE}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{EC0FA563-E0F2-406F-8659-1E728458A91E}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{88260EA6-BC91-42DF-ABEF-4A683E8A3C23}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{4C097DF1-0716-4FA1-84A9-025BC1E7B03F}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Klíč nalezen: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
Klíč nalezen: HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{573F9869-D92C-4B7E-A9C3-F042278D5078}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
Klíč nalezen: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{754DF2CE-51E8-4895-B53C-6381418B84AE}]
Klíč nalezen: [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Klíč nalezen: [x64] HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WarThunder
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WorldofTanks
Klíč nalezen: HKU\.DEFAULT\Software\Elex-tech
Klíč nalezen: HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Klíč nalezen: HKU\.DEFAULT\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Klíč nalezen: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Conduit
Klíč nalezen: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\PRODUCTSETUP
Klíč nalezen: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\SprgFiles
Klíč nalezen: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\csastats
Klíč nalezen: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Uncheckit
Klíč nalezen: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\ffgogogo
Klíč nalezen: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\AppDataLow\Software\adawarebp
Klíč nalezen: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\SprgFiles
Klíč nalezen: HKU\S-1-5-18\Software\Elex-tech
Klíč nalezen: HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Klíč nalezen: HKU\S-1-5-18\Software\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Klíč nalezen: HKCU\Software\Conduit
Klíč nalezen: HKCU\Software\PRODUCTSETUP
Klíč nalezen: HKCU\Software\SprgFiles
Klíč nalezen: HKCU\Software\csastats
Klíč nalezen: HKCU\Software\Uncheckit
Klíč nalezen: HKCU\Software\ffgogogo
Klíč nalezen: HKCU\Software\AppDataLow\Software\adawarebp
Klíč nalezen: HKLM\SOFTWARE\Conduit
Klíč nalezen: HKLM\SOFTWARE\Elex-tech
Klíč nalezen: HKLM\SOFTWARE\hdcode
Klíč nalezen: HKLM\SOFTWARE\TSv
Klíč nalezen: HKLM\SOFTWARE\SprgFiles
Klíč nalezen: HKLM\SOFTWARE\hohosearchSoftware
Klíč nalezen: HKLM\SOFTWARE\qkseeSvc
Klíč nalezen: HKLM\SOFTWARE\qksee
Klíč nalezen: HKLM\SOFTWARE\Lavasoft\Web Companion
Klíč nalezen: HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Klíč nalezen: HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Klíč nalezen: HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
Klíč nalezen: HKLM\SOFTWARE\Uncheckit
Klíč nalezen: HKLM\SOFTWARE\{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}
Klíč nalezen: HKLM\SOFTWARE\ffgogogo
Klíč nalezen: HKLM\SOFTWARE\WinZiper
Klíč nalezen: HKLM\SOFTWARE\WinSaberSvc
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SprgFiles
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\yahooprovidedsearch
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{365ADADE-814B-400C-877C-95E9F684BBEB}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncheckit
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.nuesearch.com/?type=hp&ts=146790982 ... G_49G7W46G
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... XMK2529GSG_
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nuesearch.com/?type=hp&ts=147006213 ... K2529GSG_4
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... OSHIBAXMK2
Data nalezena: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://xinjunshi.com
Data nalezena: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nuesearch.com/?type=hp&ts=147006213 ... am9e4ecq7o
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://xinjunshi.com
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nuesearch.com/?type=hp&ts=147006213 ... 529GSG_49G
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://xinjunshi.com
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... 2529GSG_49
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.nuesearch.com/?type=hp&ts=147006213 ... 529GSG_49G
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.nuesearch.com/search/?type=ds&ts=14 ... HIBAXMK252
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Klíč nalezen: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Klíč nalezen: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\eshopcomp.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mini2015.qq.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.eshopcomp.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\qq.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.xinjunshi.com
Klíč nalezen: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\xinjunshi.com
Hodnota nalezena: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
Hodnota nalezena: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Web Companion]
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Klíč nalezen: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Klíč nalezen: HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Klíč nalezen: HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall
Klíč nalezen: HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall
Klíč nalezen: HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
Klíč nalezen: HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
Klíč nalezen: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.qq.qmchext
Klíč nalezen: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL
Klíč nalezen: HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan
Klíč nalezen: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npandroidassistant
Hodnota nalezena: HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [AndroidServer.exe]
Klíč nalezen: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Klíč nalezen: HKLM\SOFTWARE\Classes\.qbox
Klíč nalezen: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan
Klíč nalezen: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
Klíč nalezen: HKEY_CLASSES_ROOT\.qmgc
Hodnota nalezena: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Hodnota nalezena: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Hodnota nalezena: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]


***** [ Internetové prohlížeče ] *****

Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k7oqug8r.default\prefs.js] - "browser.search.searchengine.iconURL" - "hxxp://www.nicesearches.com/favicon.ico?t=1"
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k7oqug8r.default\prefs.js] - "browser.search.searchengine.url" - "hxxp://www.nicesearches.com/search.php?type=ds ... 740405&uid
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k7oqug8r.default\prefs.js] - "browser.startup.homepage" - "hxxp://www.nicesearches.com?type=hp&ts=1459853 ... xmk2529gsg
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\k7oqug8r.default\prefs.js] - "browser.newtab.url" - "hxxp://www.nicesearches.com?type=hp&ts=1459853 ... 9gsg_49g7w
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "browser.newtab.url" - "hxxp://www.nicesearches.com?type=hp&ts=1459853 ... _49g7w46gw
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "browser.search.defaultenginename" - "hohosearch"
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "browser.search.defaultenginename.US" - "data:text/plain,browser.search.defaultenginename.US=hohosearch"
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "browser.search.searchengine.hp" - "hxxp://www.hohosearch.com/?ts=AHEpC3AsBn4oBk.. ... 462FD59E34
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "browser.search.searchengine.iconURL" - "hxxp://www.nicesearches.com/favicon.ico?t=1"
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "browser.search.searchengine.sp" - "hxxp://www.hohosearch.com/chrome.php?mode=ffse ... ms}&ts=AHE
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "browser.search.searchengine.url" - "hxxp://www.nicesearches.com/search.php?type=ds ... 05&uid=tos
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "browser.startup.homepage" - "hxxp://www.nicesearches.com?type=hp&ts=1459853 ... 529gsg_49g
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE" - "[{\"b\":224520315,\"c\":\"mindspark.magnify\",\"p\":\"L.
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "extensions.toolbar.mindspark._brMembers_.successUrl" - "hxxp://www.hohosearch.com/chrome.php?uid=CBC997C35E0462FD59E34
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "extensions.toolbar.mindspark._brMembers_.uninstallTasks" - "{\"prefBranchesToDelete\":[\"extensions.toolbar.mindspark.
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\prefs.js] - "keyword.URL" - "hxxp://www.hohosearch.com/chrome.php?uid=CBC99 ... C3AsBn4oBk..
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "browser.search.defaultenginename" - "hohosearch"
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "browser.search.defaultenginename.US" - "data:text/plain,browser.search.defaultenginename.US=ho
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "browser.search.searchengine.hp" - "hxxp://www.hohosearch.com/?ts=AHEpC3AsBn4oBk..&v=20160317&u
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "browser.search.searchengine.iconURL" - "hxxp://www.nicesearches.com/favicon.ico?t=1"
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "browser.search.searchengine.sp" - "hxxp://www.hohosearch.com/chrome.php?mode=ffsengext&ptid=am
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "browser.search.searchengine.url" - "hxxp://www.nicesearches.com/search.php?type=ds&ts=14598532
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "browser.search.selectedEngine" - "hohosearch"
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "extensions.toolbar.mindspark._brMembers_.BUTTON_STRUCTURE" - "[{\"b\":224520315,\"c\":\"mindsp
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "extensions.toolbar.mindspark._brMembers_.successUrl" - "hxxp://www.hohosearch.com/chrome.php?u
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "extensions.toolbar.mindspark._brMembers_.uninstallTasks" - "{\"prefBranchesToDelete\":[\"exten
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "keyword.URL" - "hxxp://www.hohosearch.com/chrome.php?uid=CBC99 ... A5BB5&ptid
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "browser.startup.homepage" - "hxxp://www.nicesearches.com?type=hp&ts=1459853 ... 58740405&u
Firefox nastavení nalezeno: [C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles\ccaccbf1-7ab4-4cf5-b32d-668c686a539f\prefs.js] - "browser.newtab.url" - "hxxp://www.nicesearches.com?type=hp&ts=1459853 ... 05&uid=tos
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium báze.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [35141 Bajtů] - [03/09/2016 17:44:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [35441 Bajtů] - [03/09/2016 18:30:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [35516 Bajtů] ##########

Re: zavirovaný počítač

Napsal: 03 zář 2016 21:18
od Rudy
OK. Podstatné je, co bylo smazáno. Dejte nový log FRST.

Re: zavirovaný počítač

Napsal: 03 zář 2016 21:41
od feraf
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by user (administrator) on USER-PC (03-09-2016 22:28:30)
Running from C:\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Fishlamp\Application\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Validity Sensors, Inc.) C:\Windows\System32\vfsFPService.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 18\Program32\ZPSTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\wmi64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-03-23] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3622912 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.6.17645.227\QQPCTray.exe" /regrun
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\Run: [Chromium] => c:\users\user\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 18\Program32\ZPSTRAY.EXE [680528 2016-03-24] (ZONER software)
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\MountPoints2: {9af51b9b-6fe2-11e4-aafd-001f16b217b4} - E:\PMCsetup.exe
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1578760874-2601509612-2761757911-1000] => hxxp://un-stop.net/wpad.dat?14551838b43a7a8f8d0d2ee7a0b337367832507
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.2
Tcpip\..\Interfaces\{928BDA04-F686-42A8-9C23-187109C81C8E}: [DhcpNameServer] 192.168.2.2
ManualProxies: 0hxxp://un-stop.net/wpad.dat?14551838b43a7a8f8d0d2ee7a0b337367832507

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2015-12-22] (AO Kaspersky Lab)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-17] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-03-26] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_ACF0E80077C511E59DED005056C00008@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-08-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3452928 2009-09-05] (Egis Technology Inc.) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2009-06-03] (Validity Sensors, Inc.)
R2 vfsFPService; C:\Windows\SysWOW64\vfsFPService.exe [599344 2009-06-03] (Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-14] (Microsoft Corporation)
S2 BirdsarahU; "C:\Program Files (x86)\Birdsarah\Update\BirdsarahUpdate.exe" [X]
S2 FishlampP; "C:\ProgramData\Fishlamp\Fishlamp.exe" [X]
S2 FishlampU; "C:\Program Files (x86)\Fishlamp\Update\FishlampUpdate.exe" [X]
S2 IHeeaWA_protect; "C:\ProgramData\IHeeaWA\protect\protect.exe" [X]
S2 IHeeaWA_update; "C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [79240 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [182152 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [236888 2016-08-17] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2016-09-03] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1001304 2016-08-17] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50776 2016-05-05] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [110424 2016-08-17] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-03 22:27 - 2016-09-03 22:27 - 00015327 _____ C:\Users\user\Plocha
2016-09-03 22:19 - 2016-09-03 22:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-03 22:19 - 2016-09-03 22:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-03 22:17 - 2016-09-03 22:27 - 00029696 _____ C:\Users\user\AppData\Local\MSGBOX.EXE
2016-09-03 21:27 - 2016-09-03 21:40 - 00176864 _____ C:\Windows\ntbtlog.txt
2016-09-03 21:23 - 2016-09-03 21:23 - 00007607 _____ C:\Users\user\AppData\Local\Resmon.ResmonCfg
2016-09-03 18:07 - 2016-09-03 22:28 - 00000000 ____D C:\FRST
2016-09-03 17:40 - 2016-09-03 21:55 - 00000000 ____D C:\AdwCleaner
2016-09-03 17:35 - 2016-09-03 17:35 - 00000000 _____ C:\Windows\SysWOW64\tmp6.html
2016-09-03 17:29 - 2016-09-03 17:29 - 00000000 _____ C:\Windows\SysWOW64\tmp4.html
2016-09-03 09:00 - 2016-09-03 09:00 - 00000000 _____ C:\Windows\SysWOW64\tmp9.html
2016-08-22 16:23 - 2016-08-22 16:23 - 00000000 ____D C:\Program Files (x86)\0ecqxzge
2016-08-22 16:16 - 2016-08-22 16:22 - 00000000 ____D C:\Program Files (x86)\cg3tls5v
2016-08-14 20:42 - 2016-08-14 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2016-08-13 16:50 - 2016-08-17 18:11 - 01001304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-08-13 16:50 - 2015-12-11 17:28 - 00182152 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-08-13 15:02 - 2016-08-13 15:02 - 00000000 ____D C:\Users\Public\Documents\chrome
2016-08-05 05:54 - 2016-08-05 05:56 - 00000000 ____D C:\Program Files (x86)\1q19cdk3

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-03 22:28 - 2016-02-09 19:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-03 22:28 - 2014-10-13 10:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-09-03 22:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-03 22:19 - 2016-06-11 18:38 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-09-03 22:19 - 2014-10-14 08:31 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-03 22:15 - 2016-03-09 08:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-03 22:06 - 2009-07-14 06:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-03 22:06 - 2009-07-14 06:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-03 22:02 - 2011-04-12 10:34 - 00671630 _____ C:\Windows\system32\perfh005.dat
2016-09-03 22:02 - 2011-04-12 10:34 - 00142194 _____ C:\Windows\system32\perfc005.dat
2016-09-03 22:02 - 2009-07-14 07:13 - 01590850 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-03 22:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-03 21:59 - 2014-10-26 10:56 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-03 21:50 - 2014-10-13 10:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-03 21:50 - 2014-10-13 10:28 - 00000000 ____D C:\ProgramData\Skype
2016-09-03 20:31 - 2016-07-12 16:10 - 00000171 _____ C:\Users\Public\Documents\report1.dat
2016-09-03 19:16 - 2016-03-29 11:56 - 00000000 ____D C:\Windows\system32\log
2016-09-03 19:06 - 2016-04-10 21:48 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-09-03 19:03 - 2016-06-08 15:36 - 00000982 _____ C:\Users\Public\Documents\report.dat
2016-09-03 18:59 - 2016-04-10 21:44 - 00000000 ____D C:\ProgramData\Lavasoft
2016-09-03 18:52 - 2016-04-10 21:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Lavasoft
2016-09-03 17:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-03 17:52 - 2015-03-14 21:32 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-08-30 18:31 - 2014-10-14 08:43 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-08-30 17:49 - 2016-07-12 16:12 - 00003552 _____ C:\Windows\System32\Tasks\FishlampUpdateTaskMachineCore
2016-08-30 17:49 - 2016-07-12 16:12 - 00003468 _____ C:\Windows\System32\Tasks\FishlampUpdateTaskMachineUA
2016-08-17 18:11 - 2015-12-03 11:10 - 00110424 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2016-08-17 18:09 - 2016-05-05 03:43 - 00236888 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-08-16 03:09 - 2016-06-24 09:33 - 00003472 _____ C:\Windows\System32\Tasks\BirdsarahUpdateTaskMachineUA
2016-08-15 20:36 - 2014-10-14 08:45 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-15 20:36 - 2014-10-14 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-08-15 20:36 - 2014-10-14 08:45 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-08-14 20:41 - 2016-02-09 19:48 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-08-07 18:03 - 2016-06-24 09:33 - 00003556 _____ C:\Windows\System32\Tasks\BirdsarahUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-07-01 14:57 - 2016-08-01 16:34 - 2983895 _____ (Update) C:\Program Files (x86)\SSFK.exe
2016-03-19 13:49 - 2016-03-19 13:49 - 0005120 _____ () C:\Users\user\AppData\Roaming\GiftBag.db
2016-09-03 22:17 - 2016-09-03 22:27 - 0029696 _____ () C:\Users\user\AppData\Local\MSGBOX.EXE
2016-09-03 21:23 - 2016-09-03 21:23 - 0007607 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\ba5552f8-cf29-4353-a4f9-e1aafb31168a.exe
C:\Users\user\AppData\Local\Temp\kw1whrc4.dll
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\MSETUP4.EXE
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\ose00000.exe
C:\Users\user\AppData\Local\Temp\PCMgr_Setup_11_4_17347_218.exe
C:\Users\user\AppData\Local\Temp\PCMgr_Setup_11_6_17645_227.exe
C:\Users\user\AppData\Local\Temp\SkypeSetup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\TempQMRouterMgrSetup_11.6.17645.227_1464161443429.exe
C:\Users\user\AppData\Local\Temp\TempQMSystemSetup_11.6.17645.227_1464161424232.exe
C:\Users\user\AppData\Local\Temp\utt3AC3.tmp.exe
C:\Users\user\AppData\Local\Temp\utt4E9C.tmp.exe
C:\Users\user\AppData\Local\Temp\uttFA68.tmp.exe
C:\Users\user\AppData\Local\Temp\vKOeRXN05y.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-17 18:53

==================== End of FRST.txt ============================

Re: zavirovaný počítač

Napsal: 04 zář 2016 10:35
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\MountPoints2: {9af51b9b-6fe2-11e4-aafd-001f16b217b4} - E:\PMCsetup.exe
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
C:\ProgramData\IHeeaWA
C:\Program Files (x86)\IHeeaWA
S2 IHeeaWA_protect; "C:\ProgramData\IHeeaWA\protect\protect.exe" [X]
S2 IHeeaWA_update; "C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe" [X]
S2 BirdsarahU; "C:\Program Files (x86)\Birdsarah\Update\BirdsarahUpdate.exe" [X]
C:\Program Files (x86)\Birdsarah
S2 FishlampU; "C:\Program Files (x86)\Fishlamp\Update\FishlampUpdate.exe" [X]
C:\Program Files (x86)\Fishlamp
C:\Program Files (x86)\0ecqxzge
C:\Program Files (x86)\cg3tls5v
C:\Program Files (x86)\1q19cdk3
C:\Windows\System32\Tasks\FishlampUpdateTaskMachineCore
C:\Windows\System32\Tasks\FishlampUpdateTaskMachineUA
C:\Windows\System32\Tasks\BirdsarahUpdateTaskMachineUA
C:\Windows\System32\Tasks\BirdsarahUpdateTaskMachineCore
C:\Users\user\AppData\Local\Temp
End
Uložte do C:\Desktop jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: zavirovaný počítač

Napsal: 04 zář 2016 11:03
od feraf
Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by user (04-09-2016 11:49:34) Run:1
Running from C:\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\...\MountPoints2: {9af51b9b-6fe2-11e4-aafd-001f16b217b4} - E:\PMCsetup.exe
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1578760874-2601509612-2761757911-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
C:\ProgramData\IHeeaWA
C:\Program Files (x86)\IHeeaWA
S2 IHeeaWA_protect; "C:\ProgramData\IHeeaWA\protect\protect.exe" [X]
S2 IHeeaWA_update; "C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe" [X]
S2 BirdsarahU; "C:\Program Files (x86)\Birdsarah\Update\BirdsarahUpdate.exe" [X]
C:\Program Files (x86)\Birdsarah
S2 FishlampU; "C:\Program Files (x86)\Fishlamp\Update\FishlampUpdate.exe" [X]
C:\Program Files (x86)\Fishlamp
C:\Program Files (x86)\0ecqxzge
C:\Program Files (x86)\cg3tls5v
C:\Program Files (x86)\1q19cdk3
C:\Windows\System32\Tasks\FishlampUpdateTaskMachineCore
C:\Windows\System32\Tasks\FishlampUpdateTaskMachineUA
C:\Windows\System32\Tasks\BirdsarahUpdateTaskMachineUA
C:\Windows\System32\Tasks\BirdsarahUpdateTaskMachineCore
C:\Users\user\AppData\Local\Temp
End
*****************

"HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9af51b9b-6fe2-11e4-aafd-001f16b217b4}" => key removed successfully
HKCR\CLSID\{9af51b9b-6fe2-11e4-aafd-001f16b217b4} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKU\S-1-5-21-1578760874-2601509612-2761757911-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}" => key removed successfully
HKCR\CLSID\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => key not found.
"HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
c2cautoupdatesvc => Service stopped successfully.
c2cautoupdatesvc => service removed successfully
c2cpnrsvc => Service stopped successfully.
c2cpnrsvc => service removed successfully
"C:\ProgramData\IHeeaWA" => not found.
"C:\Program Files (x86)\IHeeaWA" => not found.
IHeeaWA_protect => service removed successfully
IHeeaWA_update => service removed successfully
BirdsarahU => service removed successfully
"C:\Program Files (x86)\Birdsarah" => not found.
FishlampU => service removed successfully
"C:\Program Files (x86)\Fishlamp" => not found.
C:\Program Files (x86)\0ecqxzge => moved successfully
C:\Program Files (x86)\cg3tls5v => moved successfully
C:\Program Files (x86)\1q19cdk3 => moved successfully
C:\Windows\System32\Tasks\FishlampUpdateTaskMachineCore => moved successfully
C:\Windows\System32\Tasks\FishlampUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\BirdsarahUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\BirdsarahUpdateTaskMachineCore => moved successfully

"C:\Users\user\AppData\Local\Temp" folder move:

Could not move "C:\Users\user\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-09-2016 11:54:34)

C:\Users\user\AppData\Local\Temp => moved successfully

==== End of Fixlog 11:54:36 ====

Re: zavirovaný počítač

Napsal: 04 zář 2016 12:14
od Rudy
Smazáno. Nastala nějaká změna?

Re: zavirovaný počítač

Napsal: 04 zář 2016 21:37
od feraf
Jo už to neblbne. Děkuji, jenom musím přeinstalovat pár programů :)

Re: zavirovaný počítač

Napsal: 05 zář 2016 16:42
od Rudy
PL. Nemáte zač! Byly mazány toolbary (jsou zbytečné a skoro nikdo je nepoužívá) a dále už jen malware.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz