Prosím o pomoc, podezřelé procesy na pozadí

Zpráva

SilesianEagle · #1 Příspěvek od **SilesianEagle** » 18 zář 2016 21:53

Dobrý den,
prosím o kontrolu a pomoc s vyčištěním mého NTB. Poslední dobou jsem si všiml zpomalení reakcí mého ntb. Příjde mi, že na pozadí běží mnoho procesů a NTB se následně velmi přehřívá u náročnějších aplikací.
Předem děkuji za pomoc.
LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
Ran by Kamil (administrator) on JAMAILL (18-09-2016 22:41:04)
Running from C:\Users\Kamil\Desktop
Loaded Profiles: Kamil (Available Profiles: Kamil)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Windows\SysWOW64\flcdlock.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\ProgramData\eeaUDOiyy\protect\protect.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\39.0.2256.71\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-04] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-10-24] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285832 2013-01-02] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-02-07] (PDF Complete Inc)
HKLM-x32\...\Run: [CLWCSM] => c:\Program Files (x86)\CyberLink\Webcam Sharing Manager\StreamProvider.exe [249096 2013-02-20] (cyberlink)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [13685464 2013-03-06] (Hewlett-Packard)
HKLM-x32\...\Run: [YouCam Mirage] => c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2013-02-01] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167488 2013-02-01] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111136 2012-11-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493088 2012-11-21] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [338000 2015-06-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\MountPoints2: E - "E:\FalloutLauncher.exe"
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\MountPoints2: {5fcda118-b2d2-11e5-be9d-0c84dcca53cc} - "F:\setup.exe"
Lsa: [Notification Packages] DPPassFilter scecli
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.11.1 176.74.128.10 176.74.128.11
Tcpip\..\Interfaces\{7e59b69a-8ede-4efa-94ce-baf15a5364e1}: [DhcpNameServer] 192.168.11.1 176.74.128.10 176.74.128.11
Tcpip\..\Interfaces\{de3411ee-9534-42ea-a2d5-49e062e6f8a6}: [DhcpNameServer] 192.168.11.1 176.74.128.10 176.74.128.11

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.bing.com?pc=CMNTDFJS
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-02] (AO Kaspersky Lab)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-03-06] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-11-02] (AO Kaspersky Lab)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-02] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-11-02] (AO Kaspersky Lab)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll [2013-01-10] (Skype Technologies)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll [2013-02-27] (DigitalPersona, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-08-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-06-06]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\dpchrome.crx [2013-02-27]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-08-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-11-02] (Kaspersky Lab ZAO)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [491320 2013-03-12] (DigitalPersona, Inc.)
R2 eeaUDOiyy_protect; C:\ProgramData\eeaUDOiyy\protect\protect.exe [303008 2016-05-05] ()
R2 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [556856 2013-03-04] (Hewlett-Packard Company)
S3 HotSpotSrv; C:\Program Files (x86)\Hewlett-Packard\HP Wireless Hotspot\HotSpotSrv.exe [357816 2012-12-19] (Hewlett-Packard Development Company, L.P.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [684624 2015-06-22] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2016-02-07] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-22] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166432 2012-10-22] (Intel Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1135752 2013-02-07] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-02-04] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-10-24] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24856 2016-08-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [91400 2015-10-24] (Advanced Micro Devices, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 clwcsm; C:\Windows\system32\DRIVERS\clwcsm.sys [42944 2013-02-19] (CyberLink Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [65752 2013-02-18] (Hewlett-Packard Company)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-01-04] (Disc Soft Ltd)
R3 HpqKbFiltr; C:\Windows\System32\drivers\HpqKbFiltr64.sys [37112 2015-06-17] (Hewlett-Packard Company)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [77728 2016-03-01] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-11-04] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [238000 2016-06-06] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [933808 2016-06-06] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [49240 2016-06-06] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-04] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87984 2016-06-06] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2512016 2015-06-18] (MediaTek Inc.)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [49856 2013-03-18] (WinMagic, Inc.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1219200 2015-10-24] (Ralink Technology, Corp.)
S3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [448072 2013-02-01] (RTS Corporation)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [212672 2013-03-27] (WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131928 2013-01-07] (WinMagic Inc.)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [163644 2016-02-11] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28400 2013-01-11] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32496 2013-01-11] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [760832 2016-06-27] (Sunplus)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-08-12] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-18 22:41 - 2016-09-18 22:44 - 00019978 _____ C:\Users\Kamil\Desktop\FRST.txt
2016-09-18 22:40 - 2016-09-18 22:41 - 00000000 ____D C:\FRST
2016-09-18 22:34 - 2016-09-18 22:34 - 00016148 _____ C:\WINDOWS\system32\JAMAILL_Kamil_HistoryPrediction.bin
2016-09-18 22:33 - 2016-09-18 22:34 - 00001078 _____ C:\WINDOWS\system32dbgraw.bmp
2016-09-18 22:17 - 2016-09-18 22:19 - 02399232 _____ (Farbar) C:\Users\Kamil\Desktop\FRST64.exe
2016-09-18 17:57 - 2016-09-18 22:40 - 00000000 ____D C:\Users\Kamil\Desktop\Obnova
2016-09-18 16:31 - 2016-09-18 17:46 - 862570000 _____ C:\Users\Kamil\Downloads\Orange.Is.The.New.Black.S01E02.720p.WEBRip.AAC2.0.H.264-Abjex.mkv
2016-09-18 16:29 - 2016-09-18 17:46 - 802054990 _____ C:\Users\Kamil\Downloads\Orange.Is.The.New.Black.S01E01.720p.WEBRip.AAC2.0.H.264-Abjex.mkv
2016-09-17 22:59 - 2016-09-17 22:59 - 00000000 ____D C:\Users\Kamil\AppData\LocalLow\SUPERHOT Team
2016-09-17 10:23 - 2016-09-17 10:23 - 00255488 _____ C:\Users\Kamil\Downloads\rh2016-17-zs.xls
2016-09-17 10:23 - 2016-09-17 10:23 - 00041984 _____ C:\Users\Kamil\Downloads\misto-a-podminky-sportu-zs-16-17.xls
2016-09-11 19:25 - 2016-09-11 19:25 - 00537838 _____ C:\Users\Kamil\Downloads\Mega Bomberman (Europe) (1).zip
2016-09-11 15:58 - 2016-09-11 15:58 - 00272734 _____ C:\Users\Kamil\Downloads\11985111.pdf
2016-09-11 12:23 - 2016-08-15 19:51 - 00110113 _____ C:\Users\Kamil\Downloads\07.2016.pdf
2016-09-11 12:23 - 2016-06-14 18:27 - 00109568 _____ C:\Users\Kamil\Downloads\05.2016.pdf
2016-09-11 12:23 - 2016-05-11 20:55 - 00110844 _____ C:\Users\Kamil\Downloads\04.2016.pdf
2016-09-11 12:22 - 2016-04-13 18:55 - 00110131 _____ C:\Users\Kamil\Downloads\03.2016.pdf
2016-09-11 12:21 - 2016-09-11 12:21 - 00108296 _____ C:\Users\Kamil\Downloads\10.2015.pdf
2016-09-11 12:20 - 2016-03-10 21:55 - 00107742 _____ C:\Users\Kamil\Downloads\02.2016.pdf
2016-09-01 19:32 - 2016-09-01 20:47 - 00000000 ____D C:\Users\Kamil\Downloads\Blade Runner (1982) Final Cut 1080p BluRay.x264 SUJAIDR
2016-08-26 20:03 - 2016-08-26 20:03 - 00000218 _____ C:\Users\Kamil\AppData\Local\recently-used.xbel
2016-08-24 22:09 - 2016-08-24 22:09 - 00000232 _____ C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rayman Origins.url
2016-08-24 22:07 - 2016-08-26 20:54 - 00000000 ____D C:\Users\Kamil\AppData\Local\Ubisoft Game Launcher
2016-08-24 22:07 - 2016-08-24 22:07 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-08-24 22:06 - 2016-08-24 22:06 - 00000000 ____D C:\Program Files (x86)\Ubisoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-18 22:34 - 2015-11-02 22:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-18 22:34 - 2015-10-24 21:58 - 00000000 __SHD C:\Users\Kamil\IntelGraphicsProfiles
2016-09-18 22:33 - 2013-05-09 12:50 - 00000000 ____D C:\ProgramData\PDFC
2016-09-18 22:32 - 2015-07-30 23:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-18 22:32 - 2015-07-10 11:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-18 21:58 - 2015-10-25 18:04 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-18 17:56 - 2016-04-30 20:54 - 00078272 _____ C:\WINDOWS\SysWOW64\SmrtDrive.ocx
2016-09-18 17:47 - 2016-03-13 10:29 - 00000000 ___RD C:\Users\Kamil\Desktop\Games
2016-09-18 17:46 - 2015-10-25 11:41 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\uTorrent
2016-09-18 17:41 - 2015-10-26 12:06 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\DAEMON Tools Lite
2016-09-18 17:39 - 2015-11-08 10:22 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-18 16:44 - 2015-07-30 23:49 - 00363368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-18 16:37 - 2015-10-23 22:12 - 00000000 ____D C:\Users\Kamil
2016-09-18 16:27 - 2015-11-23 17:48 - 02665472 ___SH C:\Users\Kamil\Downloads\Thumbs.db
2016-09-18 13:13 - 2015-07-31 00:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-18 03:52 - 2015-07-31 00:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-18 02:25 - 2015-10-25 18:04 - 00000958 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-17 22:58 - 2016-01-04 14:38 - 00000000 ____D C:\Program Files (x86)\The Sims 4
2016-09-16 17:30 - 2015-07-31 00:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-15 20:15 - 2015-07-31 00:42 - 00000000 ____D C:\WINDOWS\rescache
2016-09-15 19:26 - 2015-09-10 07:20 - 00000000 ____D C:\WINDOWS\ShellNew
2016-09-15 19:26 - 2015-09-10 07:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-09-15 19:26 - 2015-07-31 00:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-15 19:25 - 2015-11-17 22:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-15 19:17 - 2015-11-17 22:57 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-15 18:45 - 2016-05-01 11:28 - 00003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForKamil
2016-09-15 18:45 - 2016-05-01 11:28 - 00000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKamil.job
2016-09-15 15:58 - 2015-10-25 18:04 - 00004032 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-09-15 15:58 - 2015-07-31 00:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-15 15:58 - 2015-07-31 00:42 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-13 09:36 - 2015-10-23 22:11 - 00006744 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-13 09:36 - 2015-09-10 07:05 - 02406590 _____ C:\WINDOWS\system32\perfh005.dat
2016-09-13 09:36 - 2015-09-10 07:05 - 00696314 _____ C:\WINDOWS\system32\perfc005.dat
2016-09-09 18:19 - 2016-02-25 00:42 - 00000000 ____D C:\Users\Kamil\Downloads\Nikča
2016-09-08 12:51 - 2015-10-23 20:18 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1445624289
2016-09-08 12:51 - 2015-10-23 20:18 - 00001127 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-09-08 12:51 - 2015-10-23 20:16 - 00000000 ____D C:\Program Files (x86)\Opera
2016-09-07 03:02 - 2015-10-31 16:57 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 03:02 - 2015-10-31 16:57 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-04 21:06 - 2012-10-27 16:30 - 00000000 ____D C:\Users\Kamil\Downloads\přednášky embryologie z mejlu
2016-09-03 11:08 - 2015-10-25 18:05 - 00004196 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7225BA93-1A32-47C4-8CF9-A962ABC4E676}
2016-08-26 20:04 - 2016-03-13 10:44 - 00000000 ____D C:\Users\Kamil\AppData\Local\PokerStars.EU
2016-08-26 15:49 - 2015-11-23 17:47 - 00406528 ___SH C:\Users\Kamil\Desktop\Thumbs.db

==================== Files in the root of some directories =======

2015-10-31 22:09 - 2015-10-31 22:09 - 0003584 _____ () C:\Users\Kamil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-25 15:40 - 2016-03-25 16:02 - 0000744 _____ () C:\Users\Kamil\AppData\Local\FSDownloader.err
2016-03-25 15:38 - 2016-03-25 19:35 - 0001088 _____ () C:\Users\Kamil\AppData\Local\FSDownloader.nast
2016-08-26 20:03 - 2016-08-26 20:03 - 0000218 _____ () C:\Users\Kamil\AppData\Local\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-13 09:58

==================== End of FRST.txt ============================

#2 Příspěvek od **altrok** » 19 zář 2016 09:27

Krasny den Vam preju

Otestujte na virustotal.com C:\ProgramData\eeaUDOiyy\protect\protect.exe - pokud uz byl soubor otestovany, zvolte Reanalyse. Do pristiho prispevku dejte link (odkaz) s vysledky analyzy.

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan (Skenovani), pote na Cleaning (Cisteni)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

SilesianEagle · #3 Příspěvek od **SilesianEagle** » 20 zář 2016 08:51

Dobrý den,
děkuji za pomoc.
Zde je log z VirusTotal: https://virustotal.com/cs/file/5877ac58 ... 474357047/
Zde je log z AdwCleaner:
# AdwCleaner v6.020 - Log soubor vytvořen 20/09/2016 na 09:45:18
# Aktualizováno dne 14/09/2016 z ToolsLib
# Databáze : 2016-09-20.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Kamil - JAMAILL
# Beží od : C:\Users\Kamil\Desktop\adwcleaner_6.020.exe
# Mod: Čištění
# Podpora : https://toolslib.net/forum

***** [ Služby ] *****

***** [ Adresáře ] *****

[-] Adresář smazán:C:\ProgramData\1a0254e4-d458-47fa-82a0-6940ee729f6c
[-] Adresář smazán:C:\ProgramData\lwinpl
[-] Adresář smazán:C:\Users\Kamil\AppData\Local\eeaUDOiyy
[#] Adresář nelze smazat:C:\Users\Kamil\AppData\Roaming\RHEng
[-] Adresář smazán:C:\Users\Kamil\AppData\Roaming\TSv
[-] Adresář smazán:C:\Users\Kamil\AppData\Roaming\qksee
[-] Adresář smazán:C:\Users\Kamil\AppData\Roaming\WinZiper
[-] Adresář smazán:C:\ProgramData\eeaUDOiyy
[#] Adresář nelze smazat:C:\ProgramData\Application Data\eeaUDOiyy
[-] Adresář smazán:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
[-] Adresář smazán:C:\Users\Public\Documents\eeaUDOiyy
[-] Adresář smazán:C:\Program Files (x86)\eeaUDOiyy
[-] Adresář smazán:C:\extensions
[-] Adresář smazán:C:\Users\Public\Documents\dmp

***** [ Soubory ] *****

[-] Soubor smazán:C:\WINDOWS\SysNative\log\iSafeKrnlCall.log

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Zástupce ] *****

***** [ Plánovač úloh ] *****

***** [ Registry ] *****

[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] Klíč smazán po restartování:[x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Klíč smazán:HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Klíč smazán:HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán:HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\Software\Conduit
[#] Klíč smazán po restartování:HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[#] Klíč smazán po restartování:HKCU\Software\Conduit
[-] Klíč smazán:HKLM\SOFTWARE\Conduit
[-] Klíč smazán:HKLM\SOFTWARE\hdcode
[-] Klíč smazán:HKLM\SOFTWARE\qkseeSvc
[-] Klíč smazán:HKLM\SOFTWARE\qksee
[-] Klíč smazán:HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán:HKLM\SOFTWARE\{G6276374-DEEE-4AAA-A355-9016A2F98A2D}
[-] Klíč smazán:HKLM\SOFTWARE\WinZiper
[#] Klíč smazán po restartování:[x64] HKCU\Software\Conduit
[-] Klíč smazán:[x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Klíč smazán:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tlscdn.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Klíč smazán po restartování:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tlscdn.com
[-] Klíč smazán:HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Klíč smazán:HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}

***** [ Prohlížeče ] *****

*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8333 Bajtů] - [20/09/2016 09:45:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [8270 Bajtů] - [20/09/2016 09:43:44]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8481 Bajtů] ##########

#4 Příspěvek od **altrok** » 20 zář 2016 08:56

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=144868

Upozorneni: tento sken zabere od 30 minut po nekolik hodin

SilesianEagle · #5 Příspěvek od **SilesianEagle** » 21 zář 2016 06:28

Sken byl dokončen a byl detekován malware, mám je tedy hned odstranit nebo zase poslat log?

SilesianEagle · #6 Příspěvek od **SilesianEagle** » 21 zář 2016 06:31

Pardon už to vidím v jiném topicu. Zde je Log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 21.09.2016
Čas skenování: 6:38
Protokol:
Správce: Ano

Verze: 0.0.0.0000
Databáze malwaru: v2016.09.21.02
Databáze rootkitů: v2016.08.15.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Kamil

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 344339
Uplynulý čas: 20 min, 31 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

SilesianEagle · #7 Příspěvek od **SilesianEagle** » 21 zář 2016 06:35

Každopádně v logu nevidím žádné hrozby, ale přímo program mi jich ukazuje 31...

#8 Příspěvek od **altrok** » 21 zář 2016 08:29

Vidite nekde konkretni nalezy? Pujde poridit alespon jejich screenshot?

SilesianEagle · #9 Příspěvek od **SilesianEagle** » 21 zář 2016 10:52

Nálezy samozřejmě vidím, jakmile se dostanu k PC přepošlu screeny.

SilesianEagle

Zde přeposílám slíbené screeny.

#11 Příspěvek od **altrok** » 21 zář 2016 18:37

Vsechny nalezy smazte.

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

SilesianEagle

Log je delší než 100000 znaků, posílam zip soubor.

#13 Příspěvek od **altrok** » 21 zář 2016 19:38

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\MountPoints2: E - "E:\FalloutLauncher.exe" 
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\MountPoints2: {5fcda118-b2d2-11e5-be9d-0c84dcca53cc} - "F:\setup.exe" 
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
S2 eeaUDOiyy_protect; "C:\ProgramData\eeaUDOiyy\protect\protect.exe" [X]
C:\ProgramData\eeaUDOiyy
2016-09-20 09:41 - 2016-09-20 09:45 - 00000000 ____D C:\AdwCleaner
2016-09-20 09:40 - 2016-09-20 09:41 - 03861056 _____ C:\Users\Kamil\Desktop\adwcleaner_6.020.exe
2016-09-18 22:44 - 2016-09-18 22:46 - 00036907 _____ C:\Users\Kamil\Desktop\Addition.txt
2016-09-18 22:41 - 2016-09-21 20:22 - 00020484 _____ C:\Users\Kamil\Desktop\FRST.txt
Folder: C:\Users\TEMP\AppData\Roaming\Elex-tech
2016-09-21 19:43 - 2016-05-13 21:32 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Elex-tech
FirewallRules: [{8664A38C-B386-449D-A34C-A518FFE209E5}] => (Allow) C:\ProgramData\eeaUDOiyy\protect\protect.exe
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End

SilesianEagle

Zde je fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by Kamil (21-09-2016 20:41:24) Run:1
Running from C:\Users\Kamil\Desktop
Loaded Profiles: Kamil (Available Profiles: Kamil)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\MountPoints2: E - "E:\FalloutLauncher.exe"
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\...\MountPoints2: {5fcda118-b2d2-11e5-be9d-0c84dcca53cc} - "F:\setup.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
S2 eeaUDOiyy_protect; "C:\ProgramData\eeaUDOiyy\protect\protect.exe" [X]
C:\ProgramData\eeaUDOiyy
2016-09-20 09:41 - 2016-09-20 09:45 - 00000000 ____D C:\AdwCleaner
2016-09-20 09:40 - 2016-09-20 09:41 - 03861056 _____ C:\Users\Kamil\Desktop\adwcleaner_6.020.exe
2016-09-18 22:44 - 2016-09-18 22:46 - 00036907 _____ C:\Users\Kamil\Desktop\Addition.txt
2016-09-18 22:41 - 2016-09-21 20:22 - 00020484 _____ C:\Users\Kamil\Desktop\FRST.txt
Folder: C:\Users\TEMP\AppData\Roaming\Elex-tech
2016-09-21 19:43 - 2016-05-13 21:32 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Elex-tech
FirewallRules: [{8664A38C-B386-449D-A34C-A518FFE209E5}] => (Allow) C:\ProgramData\eeaUDOiyy\protect\protect.exe
CMD: dir "C:\PROGRA~1"
CMD: dir "C:\PROGRA~2"
CMD: dir "C:\PROGRA~3"
CMD: dir "%localappdata%"
CMD: dir "%appdata%"
Hosts:
EmptyTemp:
End

*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Automount => value removed successfully
"HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully
"HKU\S-1-5-21-1827811410-3487138707-3304029025-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fcda118-b2d2-11e5-be9d-0c84dcca53cc}" => key removed successfully
HKCR\CLSID\{5fcda118-b2d2-11e5-be9d-0c84dcca53cc} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
eeaUDOiyy_protect => service removed successfully
"C:\ProgramData\eeaUDOiyy" => not found.
C:\AdwCleaner => moved successfully
C:\Users\Kamil\Desktop\adwcleaner_6.020.exe => moved successfully
C:\Users\Kamil\Desktop\Addition.txt => moved successfully
"C:\Users\Kamil\Desktop\FRST.txt" => not found.

========================= Folder: C:\Users\TEMP\AppData\Roaming\Elex-tech ========================

====== End of Folder: ======

C:\Users\TEMP\AppData\Roaming\Elex-tech => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8664A38C-B386-449D-A34C-A518FFE209E5} => value removed successfully

========= dir "C:\PROGRA~1" =========

Volume in drive C is Windows
Volume Serial Number is E423-70F8

Directory of C:\PROGRA~1

19.07.2016 14:46 <DIR> .
19.07.2016 14:46 <DIR> ..
06.03.2016 16:55 <DIR> AMD
22.08.2013 18:44 <DIR> ATI
22.08.2013 19:01 <DIR> Bonjour
02.11.2015 20:37 <DIR> CCleaner
09.03.2016 22:02 <DIR> Common Files
26.10.2015 12:09 <DIR> DAEMON Tools Lite
22.08.2013 19:03 <DIR> Hewlett-Packard
22.08.2013 18:42 <DIR> IDT
24.10.2015 21:52 <DIR> Intel
21.09.2016 19:51 <DIR> Internet Explorer
09.03.2016 21:58 <DIR> Microsoft Analysis Services
09.03.2016 22:00 <DIR> Microsoft Office
09.03.2016 22:00 <DIR> Microsoft SQL Server Compact Edition
09.03.2016 22:00 <DIR> Microsoft Sync Framework
09.03.2016 22:01 <DIR> Microsoft Synchronization Services
23.10.2015 23:01 <DIR> MSBuild
23.10.2015 23:01 <DIR> Reference Assemblies
23.10.2015 22:09 <DIR> Synaptics
22.08.2013 18:56 <DIR> Validity Sensors
21.09.2016 19:51 <DIR> Windows Defender
15.09.2016 19:26 <DIR> Windows Journal
21.09.2016 19:51 <DIR> Windows Mail
21.09.2016 19:51 <DIR> Windows Media Player
12.03.2016 08:02 <DIR> Windows Multimedia Platform
23.10.2015 22:27 <DIR> Windows NT
21.09.2016 19:51 <DIR> Windows Photo Viewer
12.03.2016 08:02 <DIR> Windows Portable Devices
26.10.2015 13:49 <DIR> WinRAR
0 File(s) 0 bytes
30 Dir(s) 81˙271˙160˙832 bytes free

========= End of CMD: =========

========= dir "C:\PROGRA~2" =========

Volume in drive C is Windows
Volume Serial Number is E423-70F8

Directory of C:\PROGRA~2

20.09.2016 10:27 <DIR> .
20.09.2016 10:27 <DIR> ..
30.04.2016 20:54 <DIR> 4PLAY60
22.08.2013 18:45 <DIR> AMD APP
23.10.2015 22:14 <DIR> AMD AVT
06.03.2016 10:15 <DIR> ATI Technologies
16.12.2015 20:20 <DIR> Bethesda Softworks
22.08.2013 19:01 <DIR> Bonjour
21.09.2016 19:43 <DIR> Common Files
22.08.2013 19:08 <DIR> CyberLink
26.10.2015 12:09 <DIR> Disc Soft
09.05.2013 12:52 <DIR> Evernote
27.01.2016 10:44 <DIR> Farm_scot_2
20.03.2016 16:14 <DIR> gnubg
03.05.2016 10:27 <DIR> Google
27.05.2016 16:03 <DIR> Hewlett-Packard
22.08.2013 18:54 <DIR> HP HD Webcam Driver
27.06.2016 13:08 <DIR> HP Universal Camera Driver
22.08.2013 18:54 <DIR> Intel
21.09.2016 19:51 <DIR> Internet Explorer
02.11.2015 22:07 <DIR> Kaspersky Lab
07.02.2016 12:58 <DIR> LucasArts
20.09.2016 10:27 <DIR> Malwarebytes Anti-Malware
09.03.2016 21:58 <DIR> Microsoft Analysis Services
15.03.2016 15:24 <DIR> Microsoft Games
16.12.2015 22:07 <DIR> Microsoft Games for Windows - LIVE
09.03.2016 21:58 <DIR> Microsoft Office
09.03.2016 21:59 <DIR> Microsoft Visual Studio 8
03.01.2016 21:55 <DIR> Microsoft WSE
07.11.2015 13:53 <DIR> Microsoft XNA
09.03.2016 22:00 <DIR> Microsoft.NET
09.03.2016 22:01 <DIR> MSBuild
23.10.2015 19:23 <DIR> Online Services
08.09.2016 12:51 <DIR> Opera
04.01.2016 15:09 <DIR> Origin
09.05.2013 12:50 <DIR> PDF Complete
26.07.2016 10:11 <DIR> PokerStars.EU
22.08.2013 18:54 <DIR> Realtek
23.10.2015 23:01 <DIR> Reference Assemblies
18.09.2016 23:17 <DIR> Steam
21.09.2016 19:43 <DIR> The Elder Scrolls V Skyrim
25.03.2016 17:12 <DIR> The Elder Scrolls V Skyrim LE
17.09.2016 22:58 <DIR> The Sims 4
28.02.2016 17:13 <DIR> Tomb Raider
22.04.2016 19:10 <DIR> Two Tribes
24.08.2016 22:06 <DIR> Ubisoft
24.10.2015 22:34 <DIR> Webteh
21.09.2016 19:51 <DIR> Windows Defender
21.09.2016 19:51 <DIR> Windows Mail
21.09.2016 19:51 <DIR> Windows Media Player
12.03.2016 08:02 <DIR> Windows Multimedia Platform
31.07.2015 00:42 <DIR> Windows NT
21.09.2016 19:51 <DIR> Windows Photo Viewer
12.03.2016 08:02 <DIR> Windows Portable Devices
0 File(s) 0 bytes
54 Dir(s) 81˙271˙156˙736 bytes free

========= End of CMD: =========

========= dir "C:\PROGRA~3" =========

Volume in drive C is Windows
Volume Serial Number is E423-70F8

Directory of C:\PROGRA~3

01.11.2015 12:24 <DIR> .mono
22.08.2013 18:45 <DIR> AMD
22.08.2013 19:01 <DIR> Apple
06.03.2016 21:19 <DIR> ATI
31.07.2015 00:42 <DIR> Comms
16.12.2015 23:30 <DIR> CyberLink
26.10.2015 12:06 <DIR> DAEMON Tools Lite
03.01.2016 21:57 <DIR> EA Core
31.10.2015 17:09 <DIR> Electronic Arts
26.07.2016 10:14 <DIR> GeoComply
15.02.2016 09:56 <DIR> Hewlett-Packard
06.01.2016 11:00 <DIR> HPQLOG
22.08.2013 19:08 <DIR> install_clap
22.08.2013 18:54 <DIR> Intel
21.09.2016 20:29 <DIR> Kaspersky Lab
20.09.2016 10:27 <DIR> Malwarebytes
09.03.2016 22:07 <DIR> Microsoft Help
10.09.2015 07:43 <DIR> Microsoft OneDrive
02.11.2015 22:07 8˙192 ntuser.dat
04.01.2016 15:09 <DIR> Origin
17.02.2016 00:30 <DIR> Package Cache
21.09.2016 20:13 <DIR> PDFC
23.10.2015 22:14 <DIR> PRICache
22.08.2013 18:52 <DIR> Ralink Bluetooth Stack
22.08.2013 18:50 <DIR> Ralink Driver
23.10.2015 22:19 <DIR> regid.1991-06.com.microsoft
05.11.2015 22:36 <DIR> SoftwareDistribution
13.03.2016 14:36 <DIR> Steam
22.08.2013 19:08 <DIR> Temp
30.07.2015 23:53 <DIR> USOPrivate
30.07.2015 23:53 <DIR> USOShared
22.08.2013 18:56 <DIR> Validity
30.06.2016 13:23 <DIR> W
20.12.2015 20:28 <DIR> X360CE
27.12.2015 17:51 <DIR> {18165758-115C-4DC0-9EC2-FF89F725767F}
1 File(s) 8˙192 bytes
34 Dir(s) 81˙271˙152˙640 bytes free

========= End of CMD: =========

========= dir "%localappdata%" =========

Volume in drive C is Windows
Volume Serial Number is E423-70F8

Directory of C:\Users\Kamil\AppData\Local

20.09.2016 09:44 <DIR> .
20.09.2016 09:44 <DIR> ..
25.10.2015 18:05 <DIR> Adobe
23.10.2015 19:24 <DIR> ATI
23.10.2015 19:24 <DIR> bluesoleil
23.02.2016 12:18 <DIR> CEF
31.10.2015 19:13 <DIR> Colossal Order
23.10.2015 22:35 <DIR> Comms
16.12.2015 23:29 <DIR> CyberLink
31.10.2015 22:09 3˙584 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
18.09.2016 03:52 <DIR> Diagnostics
23.10.2015 19:23 <DIR> DigitalPersona
03.12.2015 12:47 <DIR> ElevatedDiagnostics
16.12.2015 22:07 <DIR> Fallout3
13.03.2016 15:25 <DIR> Flickr
13.03.2016 15:27 <DIR> FlickrUploadrWindows
25.03.2016 16:02 744 FSDownloader.err
25.03.2016 19:35 1˙088 FSDownloader.nast
06.03.2016 10:11 <DIR> Hewlett-Packard
22.08.2013 19:02 <DIR> HP Magic Canvas
02.05.2016 12:11 <DIR> Microsoft
09.03.2016 21:58 <DIR> Microsoft Help
25.10.2015 13:23 <DIR> MicrosoftEdge
24.10.2015 04:55 <DIR> NetworkTiles
23.10.2015 20:18 <DIR> Opera Software
04.01.2016 18:36 <DIR> Ori and the Blind Forest
18.09.2016 23:17 <DIR> Packages
17.04.2016 20:57 <DIR> PDFC
26.08.2016 20:04 <DIR> PokerStars.EU
23.10.2015 19:24 <DIR> Power2Go8
31.10.2015 18:20 <DIR> Programs
23.10.2015 22:36 <DIR> Publishers
26.08.2016 20:03 218 recently-used.xbel
03.04.2016 13:36 <DIR> Room Arranger
03.06.2016 11:34 <DIR> SKIDROW
13.03.2016 14:37 <DIR> Skyrim
13.03.2016 15:25 <DIR> SquirrelTemp
23.02.2016 12:18 <DIR> Steam
27.02.2016 16:19 <DIR> SUPERHOT_Sp_z_o.o
21.09.2016 20:41 <DIR> Temp
23.10.2015 22:35 <DIR> TileDataLayer
22.04.2016 19:30 <DIR> Two Tribes
26.08.2016 20:54 <DIR> Ubisoft Game Launcher
16.12.2015 22:09 <DIR> VirtualStore
4 File(s) 5˙634 bytes
40 Dir(s) 81˙271˙152˙640 bytes free

========= End of CMD: =========

========= dir "%appdata%" =========

Volume in drive C is Windows
Volume Serial Number is E423-70F8

Directory of C:\Users\Kamil\AppData\Roaming

20.09.2016 09:44 <DIR> .
20.09.2016 09:44 <DIR> ..
01.11.2015 12:24 <DIR> .mono
23.10.2015 19:23 <DIR> Adobe
07.02.2016 14:29 <DIR> AMD
11.02.2016 16:36 <DIR> Atari
23.10.2015 19:24 <DIR> ATI
16.02.2016 21:57 <DIR> BSplayer
24.10.2015 22:34 <DIR> BSplayer Pro
31.10.2015 19:13 <DIR> Colossal Order
23.02.2016 12:26 <DIR> com.playsaurus.heroclicker
16.12.2015 23:30 <DIR> CyberLink
18.09.2016 17:41 <DIR> DAEMON Tools Lite
23.10.2015 19:23 <DIR> DigitalPersona
23.10.2015 19:46 <DIR> Hewlett-Packard
06.01.2016 11:00 <DIR> hpqlog
13.03.2016 10:30 <DIR> Identities
25.10.2015 20:47 <DIR> IDT
23.10.2015 19:25 <DIR> Intel Corporation
24.10.2015 21:54 <DIR> library_dir
25.10.2015 13:24 <DIR> Macromedia
11.02.2016 18:17 <DIR> Microsoft Games
23.10.2015 20:18 <DIR> Opera Software
31.10.2015 17:13 <DIR> Origin
26.10.2015 12:09 <DIR> RHEng
03.04.2016 13:36 <DIR> Room Arranger
24.10.2015 21:32 <DIR> Steam
23.10.2015 19:22 <DIR> Synaptics
18.09.2016 23:14 <DIR> uTorrent
26.10.2015 13:49 <DIR> WinRAR
0 File(s) 0 bytes
30 Dir(s) 81˙271˙148˙544 bytes free

========= End of CMD: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

=========== EmptyTemp: ==========

BITS transfer queue => 2241459 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16895832 B
Java, Flash, Steam htmlcache => 24225477 B
Windows/system/drivers => 12578408 B
Edge => 388 B
Chrome => 0 B
Firefox => 0 B
Opera => 414180939 B

Temp, IE cache, history, cookies, recent:
Default => 1536 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 10402 B
LocalService => 2438 B
NetworkService => 1536 B
Kamil => 27251122 B

RecycleBin => 51908533 B
EmptyTemp: => 523.9 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:41:57 ====

#15 Příspěvek od **altrok** » 21 zář 2016 19:59

Vyborne, dalsi malware ted v PC nevidim. Pozorujte prosim, jak se PC chova a dejte vedet. Pripadne uz jen zitra uklidime pouzite nastroje

VIRY.CZ

Prosím o pomoc, podezřelé procesy na pozadí

Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí

Re: Prosím o pomoc, podezřelé procesy na pozadí