VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Kontrola logu

https://forum.viry.cz:443/viewtopic.php?t=152754

Stránka 1 z 1

Kontrola logu

Napsal: 25 srp 2017 18:35
od pajasimi
Prosím o kontrolu následujících logů (jednotlivé logy nebylo možno přiložit)

Hijackthis:

Logfile of random's system information tool 1.10 (written by random/random)
Run by wydlak at 2017-08-25 19:20:23
Microsoft Windows 7 Home Basic Service Pack 1
System drive C: has 51 GB (66%) free of 76 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:20:32, on 25.8.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elex-tech\YAC\iSafeTray.exe
C:\Windows\VMSnap26.exe
C:\Windows\system32\taskeng.exe
c:\program files\ludashi\ludashi\ComputerZTray.exe
C:\program files\ludashi\ludashi\ComputerZService.exe
C:\program files\ludashi\ludashi\Utils\NavPlugin.exe
C:\Windows\system32\rundll32.exe
c:\program files\ludashi\ludashi\Utils\mininews.exe
C:\Program Files\Bigbin\Application\chrome.exe
C:\Program Files\Bigbin\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Bigbin\Application\chrome.exe
C:\Program Files\Bigbin\Application\chrome.exe
C:\Program Files\Bigbin\Application\chrome.exe
C:\Program Files\Bigbin\Application\chrome.exe
C:\Program Files\Bigbin\Application\chrome.exe
C:\Program Files\Bigbin\Application\chrome.exe
C:\Program Files\Bigbin\Application\chrome.exe
C:\semhle všechno\RSIT.exe
C:\Program Files\trend micro\wydlak.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com/?type=hp&ts=148 ... AM91101827
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqsznED8ryagu6N8RNqnsYPiGn2FkcjFXzfDse65FnoaL7kB-EhpoXHIqkBQUO-cKYuYEPc92ldElWD6lBAuFKMYq8cYfVYRG9ZgKYP5WJuxSmu8E6SsFUrmL7E1KUi_xfBJlvAEWRZonQotOBemW-0YQ0ZzyR&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amisites.com/?type=hp&ts=148 ... AM91101827
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.amisites.com/?type=hp&ts=148 ... AM91101827
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.amisites.com/search/?type=ds ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.amisites.com/search/?type=ds ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.amisites.com/?type=hp&ts=148 ... AM91101827
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqICWRlg5p-TqsznED8ryagu6N8RNqnsYPiGn2FkcjFXzfDse65FnoaL7kB-EhpoXHIqkBQUO-cKYuYEPc92ldElWD6lBAuFKMYq8cYfVYRG9ZgKYP5WJuxSmu8E6SsFUrmL7E1KUi_xfBJlvAEWRZonQotOBemW-0YQ0ZzyR&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [BigDogPath326VMSnap] C:\Windows\VMSnap26.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Vzdálené plochy Chrome (chromoting) - Google Inc. - C:\Program Files\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe
O23 - Service: ed2k idle service (ed2kidle) - http://www.amule.org/ - C:\Program Files\amuleC1\ed2k.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: YAC Service (iSafeService) - Elex do Brasil Participaçoes Ltda - C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

--
End of file - 5230 bytes

======Scheduled tasks folder======

C:\Windows\tasks\UCBrowserUpdater.job - C:\Program Files\UCBrowser\Application\update_task.exe /update
C:\Windows\tasks\UCBrowserUpdaterCore.job - C:\Program Files\UCBrowser\Application\update_task.exe /task=1

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BigDogPath326VMSnap"=C:\Windows\VMSnap26.exe [2007-07-06 90112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner"=C:\Program Files\CCleaner\CCleaner.exe [2016-06-15 6775512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{59CA7A9A-AB79-11E6-8460-64006A5CFC23}"= []
"{9182C4EC-AC16-11E6-9C74-64006A5CFC23}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"Debugger="324095823984.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdaterService.exe]
"Debugger="8736459873644.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux5"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux6"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-08-25 19:20:23 ----D---- C:\rsit
2017-08-25 19:20:23 ----D---- C:\Program Files\trend micro

======List of files/folders modified in the last 1 month======

2017-08-25 19:20:32 ----D---- C:\Windows\Prefetch
2017-08-25 19:20:23 ----RD---- C:\Program Files
2017-08-25 19:20:06 ----D---- C:\semhle všechno
2017-08-25 19:19:27 ----D---- C:\Windows\Temp
2017-08-25 19:12:41 ----D---- C:\Windows
2017-08-25 19:12:38 ----D---- C:\Windows\inf
2017-08-25 15:18:50 ----D---- C:\Users\wydlak\AppData\Roaming\ludashi
2017-08-24 22:22:56 ----AD---- C:\Program Files\Firefox
2017-08-23 21:15:48 ----A---- C:\Windows\win.ini
2017-08-21 10:03:35 ----SHD---- C:\System Volume Information
2017-08-13 19:32:57 ----D---- C:\Windows\system32\drivers\etc
2017-08-13 19:20:20 ----D---- C:\Windows\system32\DriverStore
2017-08-13 19:20:20 ----D---- C:\Windows\system32\catroot
2017-08-13 18:57:06 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-08-13 18:57:04 ----D---- C:\Windows\system32\Macromed
2017-07-26 19:32:48 ----D---- C:\Users\wydlak\AppData\Roaming\AVG
2017-07-26 19:32:48 ----D---- C:\ProgramData\Avg
2017-07-26 19:32:47 ----D---- C:\Program Files\AVG
2017-07-26 19:32:43 ----AD---- C:\Windows\system32\drivers
2017-07-26 19:32:43 ----AD---- C:\Program Files\BlueStacks
2017-07-26 19:31:56 ----SHD---- C:\Windows\Installer
2017-07-26 19:31:55 ----SHD---- C:\Config.Msi
2017-07-26 19:29:55 ----HD---- C:\ProgramData
2017-07-26 19:25:57 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Windows\system32\drivers\HWiNFO32.SYS [2016-12-11 23840]
R1 iSafeKrnl;YAC Mini-Filter Driver; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [2016-05-23 227776]
R1 iSafeKrnlKit;YAC Kit Driver; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [2016-05-23 97912]
R1 iSafeKrnlMon;YAC Monitor Driver; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [2016-05-23 45032]
R1 iSafeKrnlR3;YAC Ring3 Driver; \??\C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [2016-05-23 73232]
R1 iSafeNetFilter;YAC NDIS Driver; C:\Windows\system32\DRIVERS\iSafeNetFilter.sys [2016-05-19 59152]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 ComputerZLock;ComputerZLock; \??\C:\Program Files\LuDaShi\LuDaShi\ComputerZLock.sys [2016-09-13 40384]
R3 ComputerZ;ComputerZ; \??\C:\Program Files\LuDaShi\LuDaShi\ComputerZ.sys [2016-06-27 47616]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-07-22 107648]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x86.sys [2009-07-14 50688]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2015-01-31 149352]
R3 usbrndis6;Adaptér USB RNDIS6; C:\Windows\system32\DRIVERS\usb80236.sys [2009-07-14 15872]
S1 MaohaWifiNetPro;MaohaWifiNetPro; \??\C:\Program Files\Maoha\MaohaAP\MaoHaWiFiNet.sys []
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [2016-07-12 104568]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 aswHdsKe;aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2016-11-19 26168]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus; C:\Windows\system32\DRIVERS\dtliteusbbus.sys [2016-11-19 40504]
S3 iSafeKrnlBoot;YAC Boot Driver; C:\Windows\system32\DRIVERS\iSafeKrnlBoot.sys [2016-05-23 50280]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28u.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2016-07-22 146048]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudobex.sys [2016-07-22 146048]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 27648]
S3 usbvm328;A4 TECH USB2.0 PC Camera G; C:\Windows\System32\Drivers\vmcam326av.sys [2007-10-18 104960]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vvftav326_a4;VC0326 Camera Filter Service A4 TECH; C:\Windows\system32\drivers\vvftav326.sys [2007-07-03 480128]
S3 WinUsb;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
R2 BIT;BIT; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 ed2kidle;ed2k idle service; C:\Program Files\amuleC1\ed2k.exe [2016-12-19 237568]
R2 GmSvc;Game Protection Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 HpSvc;Hardware Protection Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 chromoting;Služba Vzdálené plochy Chrome; C:\Program Files\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [2017-02-07 72024]
R2 iSafeService;YAC Service; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [2017-05-22 130512]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 633672]
R2 SaFiSvc;Local Media Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [2016-07-22 754784]
R2 WinSAPSvc;WinSAPSvc; C:\windows\system32\svchost.exe [2009-07-14 20992]
S2 AppVSvr;Microsoft App-V Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-25 153752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-13 272384]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-25 153752]
S4 MSCFG_SVR;Microsoft Report Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 terana;terana; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------





FRST:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017
Ran by wydlak (25-08-2017 19:28:09)
Running from C:\semhle všechno
Microsoft Windows 7 Home Basic Service Pack 1 (X86) (2016-03-20 01:52:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3334834378-47984234-4051371028-500 - Administrator - Disabled)
Guest (S-1-5-21-3334834378-47984234-4051371028-501 - Limited - Disabled)
wydlak (S-1-5-21-3334834378-47984234-4051371028-1000 - Administrator - Enabled) => C:\Users\wydlak

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A4 TECH USB2.0 PC Camera G (HKLM\...\{2514B3FC-FD37-4455-9CB5-C450F5EB74AB}) (Version: 2007.06.08 - A4 TECH)
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
amuleC (HKLM\...\{19539992-061C-4E8B-9053-07B175303AF4}) (Version: 1.0.1 - amuleC) <==== ATTENTION
amuleC (HKLM\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.1 - amuleC) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Chrome Remote Desktop Host (HKLM\...\{88D5D9A4-48C4-4D0A-88B9-3E18661CF0D9}) (Version: 57.0.2987.37 - Google Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSVC90_x86 (HKLM\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
NVIDIA Ovladač HD audia 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
Ovládací panel NVIDIA 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 309.08 - NVIDIA Corporation) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2250.0 - SAMSUNG Electronics Co., Ltd.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
YAC(Yet Another Cleaner!) (HKLM\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-3334834378-47984234-4051371028-1000\...\ChromeHTML: -> C:\Program Files\Bigbin\Application\chrome.exe (Google Inc.) <==== ATTENTION
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-01-31] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0032B039-6980-40DE-8E4A-E75CA6559C05} - System32\Tasks\{5B18A495-34B2-4D7D-B1BC-0BDF31CB26B2} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\avg-antivirus-free-edition-seznam-listicka.exe" -d "C:\Program Files"
Task: {015345F2-BC11-431F-8060-0F569CA94A5F} - System32\Tasks\UCBrowserUpdater => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {1543DE9A-0CA1-42F6-A8A2-EEA1BC5ECA6E} - System32\Tasks\{C80BC2BE-5509-424C-A188-4B65E45C250E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Elex-tech\YAC\uninstall.exe"
Task: {79919439-3DFC-4BC2-8CAA-FF5B22A92236} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-15] (Piriform Ltd)
Task: {7E4A637E-AC68-4179-A03A-C4063627D526} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files\AVG\AVG PC TuneUp\tuscanx.exe
Task: {ADC72D9E-9CBE-4C99-A285-B52CEF4238BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {BAD85429-7356-42D0-9B22-C68382BF346A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-13] (Adobe Systems Incorporated)
Task: {DFAB4DD1-4644-48C3-A405-BE2CBF7999C3} - System32\Tasks\ComputerZ-Tray => c:\program files\ludashi\ludashi\ComputerZTray.exe [2016-12-12] () <==== ATTENTION
Task: {E7096A8A-2E32-4B9E-A515-8DE7A8F1562E} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {F7454D80-21FD-4B81-9955-84073ED65398} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {FDAFCCED-0DE7-497D-8EEE-8D85FB18EF6C} - System32\Tasks\{55DE6982-63D0-47A7-92D9-144DB8C2DAFC} => C:\Windows\system32\pcalua.exe -a "C:\semhle všechno\chrome.exe" -d "C:\semhle všechno"
Task: {FE1F8146-54FD-424E-8B07-9E3B58587902} - System32\Tasks\Milimili => C:\Program Files\MIO\MIO.exe [2017-02-06] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI_ActiveScriptEventConsumer_ASEC: <==== ATTENTION

Shortcut: C:\Users\wydlak\Desktop\Wydlak - Chrome.lnk -> C:\Users\wydlak\Desktop ()
Shortcut: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Bigbin\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files\Bigbin\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files\Bigbin\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1e629580ca9c9a18\Vzdálená plocha Chrome.lnk -> C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\1e629580ca9c9a18 ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Bigbin\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Bigbin\Application\chrome.exe (Google Inc.)

ShortcutWithArgument: C:\Users\wydlak\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\wydlak\AppData\Local\Cluvagh\Default\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\wydlak\AppData\Local\Bigbin\User Data\ChromeDefaultData\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\wydlak\AppData\Local\Animerck\ChromeDefaultData\Web Applications\_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=blpcfgokakmgnkcojhhkbfbldkacnbeo
ShortcutWithArgument: C:\Users\wydlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/
ShortcutWithArgument: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/
ShortcutWithArgument: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktopbr.com/
ShortcutWithArgument: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/
ShortcutWithArgument: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktopbr.com/
ShortcutWithArgument: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\33e6ad31b79608dd\Google Chrome.lnk -> C:\Program Files\Bigbin\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktopbr.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Internet Explorer.lnk -> C:\Program Files\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/

==================== Loaded Modules (Whitelisted) ==============

2017-05-22 13:21 - 2016-05-23 04:37 - 000065696 _____ () C:\Program Files\Elex-tech\YAC\zlib1.dll
2017-05-22 13:21 - 2015-08-06 05:51 - 000582144 _____ () C:\Program Files\Elex-tech\YAC\curlpp.dll
2017-05-22 13:21 - 2017-05-16 05:40 - 000477440 _____ () C:\Program Files\Elex-tech\YAC\iSafeKrnlMonCall.dll
2016-11-04 14:08 - 2016-11-04 14:08 - 000463272 _____ () c:\program files\ldsgamecenter\ldsgamecenter\gmsvc.dll
2016-11-18 04:20 - 2016-11-18 04:20 - 000252328 _____ () c:\program files\ludashi\ludashi\lpi\hpsvc.dll
2017-06-29 16:29 - 2017-06-29 16:29 - 000604256 _____ () c:\program files\ldsgamecenter\ldsgamecenter\GmSvcDll.dll
2016-03-20 10:34 - 2015-01-31 02:48 - 000078480 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2016-12-15 20:29 - 2016-12-13 05:13 - 000083696 _____ () c:\program files\safiplayer\safisvc.dll
2016-12-15 20:29 - 2016-10-25 05:33 - 000257264 _____ () c:\program files\safiplayer\updater\checkupdate.dll
2016-12-15 20:29 - 2016-10-25 05:33 - 000166128 _____ () c:\program files\safiplayer\substat.dll
2017-05-22 13:17 - 2017-05-31 09:59 - 001886720 _____ () c:\users\wydlak\appdata\roaming\winsapsvc\winsap.dll
2017-05-22 13:21 - 2016-05-23 04:37 - 000179200 _____ () C:\Program Files\Elex-tech\YAC\libpng.dll
2016-12-02 22:17 - 2007-07-06 19:45 - 000090112 _____ () C:\Windows\VMSnap26.exe
2016-12-12 04:01 - 2016-12-12 04:01 - 002977704 _____ () c:\program files\ludashi\ludashi\ComputerZTray.exe
2016-12-15 04:20 - 2016-12-15 04:20 - 001510312 _____ () c:\program files\ludashi\ludashi\ComputerMonZ.dll
2016-11-29 11:34 - 2016-11-29 11:34 - 000440232 _____ () c:\program files\ludashi\ludashi\Utils\Pop.dll
2016-08-23 13:02 - 2016-08-23 13:02 - 000351144 _____ () c:\program files\ludashi\ludashi\Utils\Popularize.dll
2015-10-27 11:15 - 2015-10-27 11:15 - 000179824 _____ () c:\program files\ludashi\ludashi\ComputerZ_Accelerator.dll
2016-08-10 11:26 - 2016-08-10 11:26 - 000756648 _____ () C:\program files\ludashi\ludashi\ComputerZService.exe
2016-12-15 10:41 - 2016-12-15 10:41 - 008333224 _____ () C:\program files\ludashi\ludashi\ComputerZ_HardwareDll.dll
2016-12-15 10:41 - 2016-12-15 10:41 - 002037160 _____ () C:\program files\ludashi\ludashi\Utils\NavPlugin.exe
2017-05-22 13:21 - 2017-05-22 08:29 - 000105984 _____ () c:\programdata\microsoft\app-v\client\appv.dll
2017-05-22 13:21 - 2017-04-19 06:04 - 002864984 _____ () C:\Program Files\Bigbin\Application\libglesv2.dll
2017-05-22 13:21 - 2017-04-19 06:04 - 000087384 _____ () C:\Program Files\Bigbin\Application\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2016-12-15 20:17 - 000001135 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com
127.0.0.1 clients2.google.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 http://www.czzsyzgm.com
127.0.0.1 http://www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\wydlak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.42.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{B24B4F99-EC89-4415-8891-742452137517}C:\program files\bigbin\application\chrome.exe] => (Allow) C:\program files\bigbin\application\chrome.exe
FirewallRules: [UDP Query User{87C3CC95-D274-421F-950A-EED025A6B7D0}C:\program files\bigbin\application\chrome.exe] => (Allow) C:\program files\bigbin\application\chrome.exe
FirewallRules: [{5209D8D9-151A-4115-ADB1-15E45A1F5AD5}] => (Allow) C:\Program Files\LuDaShi\LuDaShi\ComputerZTray.exe
FirewallRules: [{C7367903-2F19-42E0-9FBE-8A274BBFE714}] => (Allow) C:\Program Files\LuDaShi\LuDaShi\ComputerZTray.exe
FirewallRules: [TCP Query User{791DF1FF-E94C-4291-8D10-CE322937D458}C:\program files\bigbin\application\chrome.exe] => (Allow) C:\program files\bigbin\application\chrome.exe
FirewallRules: [UDP Query User{5337389C-A43E-40D0-A60D-B1F8CE78DC10}C:\program files\bigbin\application\chrome.exe] => (Allow) C:\program files\bigbin\application\chrome.exe
FirewallRules: [{1EB7E341-E36E-4DED-A03F-CD3FED2326EF}] => (Allow) C:\Program Files\LuDaShi\LuDaShi\Utils\mininews.exe
FirewallRules: [{FAEAD5FC-572C-4812-B050-DB37098249B4}] => (Allow) C:\Program Files\LuDaShi\LuDaShi\Utils\mininews.exe
FirewallRules: [{24F94092-3A58-4EF6-85EC-7705962D3950}] => (Allow) c:\program files\ludashi\ludashi\MobileMgr\LdsMobileMgr.exe
FirewallRules: [{B85234A9-B74D-40DC-9C6E-1B5D3E5DF168}] => (Allow) c:\program files\ludashi\ludashi\MobileMgr\LdsMobileLink.exe
FirewallRules: [{AA5EA78F-9943-48F1-A5C7-AED632705953}] => (Allow) C:\Program Files\LuDaShi\LuDaShi\ComputerZTray.exe
FirewallRules: [{803AAA9A-E40A-4F9A-8BD2-4EA4DDB1E25E}] => (Allow) C:\Program Files\LuDaShi\LuDaShi\ComputerZTray.exe
FirewallRules: [{467F0B19-2B44-45A1-8CBE-E7E5A0A9B3D3}] => (Allow) C:\Program Files\LuDaShi\LuDaShi\Utils\mininews.exe
FirewallRules: [{5322A937-9105-4E9C-B206-28C470AA4910}] => (Allow) C:\Program Files\LuDaShi\LuDaShi\Utils\mininews.exe

==================== Restore Points =========================

02-08-2017 23:45:19 Naplánovaný kontrolní bod
13-08-2017 19:21:08 Removed Chrome Remote Desktop Host
21-08-2017 01:48:26 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name: MaohaWifiNetPro
Description: MaohaWifiNetPro
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MaohaWifiNetPro
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2009 01:05:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.

Error: (01/01/2009 01:05:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (01/01/2009 01:05:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (01/01/2009 01:03:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.

Error: (01/01/2009 01:03:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error: (01/01/2009 01:03:01 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.


System errors:
=============
Error: (01/01/2009 01:03:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Aktualizace Google (gupdate) neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


CodeIntegrity:
===================================
Date: 2016-09-24 00:39:46.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-24 00:39:46.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-24 00:39:46.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-24 00:39:46.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-24 00:39:46.585
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-24 00:39:46.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 55%
Total physical RAM: 2046.49 MB
Available physical RAM: 902.12 MB
Total Virtual: 4092.98 MB
Available Virtual: 2576.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:49.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: DAE90492)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Kontrola logu

Napsal: 25 srp 2017 18:59
od Rudy
Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Kontrola logu

Napsal: 25 srp 2017 19:12
od pajasimi
MALWAREBYTES LOG po SCANU
(po čištění přiložím výsledný scan)

# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 25 18:08:13 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-25-2017.1
# Running on Windows 7 Home Basic (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Adware.Elex, MSCFG_SVR
Adware.Elex, terana
PUP.Optional.Legacy, iSafeService
PUP.Optional.Legacy, HpSvc
PUP.Optional.Legacy, GmSvc
Trojan.Frethog, BIT
PUP.Optional.Elex, WinSAPSvc
PUP.Optional.SafiPlayer, SaFiSvc


***** [ Folders ] *****

Adware.Elex, C:\Program Files\MK
Adware.Elex, C:\Program Files\Elex-tech
Adware.Elex, C:\Users\wydlak\AppData\Roaming\Elex-tech
Adware.Elex, C:\Program Files\WinArcher
Adware.Elex, C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
Adware.Elex, C:\Users\wydlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
Adware.Elex, C:\Users\wydlak\AppData\Local\terana
Adware.Elex, C:\Users\wydlak\AppData\Local\CSHMDR
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\Firefox
PUP.Optional.Legacy, C:\Program Files\Explorer
PUP.Optional.Legacy, C:\Program Files\reports
PUP.Optional.Legacy, C:\ProgramData\WindowsMsg
PUP.Optional.Legacy, C:\ProgramData\Application Data\WindowsMsg
PUP.Optional.Legacy, C:\Users\All Users\WindowsMsg
PUP.Optional.Legacy, C:\ProgramData\Logic Handler
PUP.Optional.Legacy, C:\ProgramData\Application Data\Logic Handler
PUP.Optional.Legacy, C:\Users\All Users\Logic Handler
PUP.Optional.Legacy, C:\Program Files\Common Files\Noobzo
PUP.Optional.Legacy, C:\Program Files\mpck
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Roaming\Tencent
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\Softlink
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Roaming\aMule
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\aMule
PUP.Optional.Legacy, C:\Program Files\amuleC1
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\navplugin
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
PUP.Optional.Kuaizip, C:\Users\wydlak\AppData\Roaming\Kuaizip
PUP.Optional.YeaDesktop, C:\Users\wydlak\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
PUP.Optional.MaohaWiFi, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaohaWiFi
PUP.Optional.SearchModule, C:\ProgramData\SearchModule
PUP.Optional.SearchModule, C:\ProgramData\Application Data\SearchModule
PUP.Optional.SearchModule, C:\Users\All Users\SearchModule
PUP.Optional.Badu, C:\Program Files\wanttoxiamen
PUP.Optional.Ludashi, C:\Program Files\LuDaShi
PUP.Optional.Ludashi, C:\Users\wydlak\AppData\Roaming\LuDaShi
PUP.Optional.Ludashi, C:\Program Files\LDSGameCenter
PUP.Optional.Ludashi, C:\Windows\System32\config\systemprofile\AppData\Roaming\LDSGameCenter
PUP.Optional.Ludashi, C:\Users\wydlak\AppData\Roaming\LDSGameCenter
PUP.Optional.Elex, C:\ProgramData\WinSAPSvc
PUP.Optional.Elex, C:\ProgramData\Application Data\WinSAPSvc
PUP.Optional.Elex, C:\Users\All Users\WinSAPSvc
PUP.Optional.Elex, C:\Users\wydlak\AppData\Roaming\WinSAPSvc
PUP.Optional.Elex, C:\Program Files\UvConverter
PUP.Optional.ContentPush, C:\Program Files\ContentPush
PUP.Optional.ContentPush, C:\Users\wydlak\AppData\Roaming\ContentPush
PUP.Optional.Linkury, C:\ProgramData\NetworkPacketManitor
PUP.Optional.Linkury, C:\ProgramData\Application Data\NetworkPacketManitor
PUP.Optional.Linkury, C:\Users\All Users\NetworkPacketManitor
PUP.Optional.Linkury, C:\ProgramData\Ronzap
PUP.Optional.Linkury, C:\ProgramData\Application Data\Ronzap
PUP.Optional.Linkury, C:\Users\All Users\Ronzap
PUP.Optional.Linkury, C:\ProgramData\Ronzaps
PUP.Optional.Linkury, C:\ProgramData\Application Data\Ronzaps
PUP.Optional.Linkury, C:\Users\All Users\Ronzaps
PUP.Optional.SafiPlayer, C:\Program Files\SaFiPlayer
PUP.Optional.LockHomepage, C:\Users\wydlak\AppData\Roaming\lockhomepage
PUP.Adware.Heuristic, C:\ProgramData\{3A83B8C4-5F70-453E-A723-B5672F107885}
PUP.Adware.Heuristic, C:\Users\wydlak\AppData\Local\tuto_monetize_120161215


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\System32\kz.exe
PUP.Optional.Legacy, C:\Windows\System32\chtbrkg.dll
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\agent.dat
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\Main.dat
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\InstallationConfiguration.xml
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\Installer.dat
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\noah.dat
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\Config.xml
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\md.xml
PUP.Optional.Legacy, C:\Users\All Users\Documents\report.dat
PUP.Optional.Legacy, C:\Users\Public\Documents\report.dat
PUP.Optional.Legacy, C:\Users\All Users\Documents\temp.dat
PUP.Optional.Legacy, C:\Users\Public\Documents\temp.dat
PUP.Optional.Legacy, C:\Program Files\settings.dat
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Office\office_update.dll
PUP.Optional.Legacy, C:\Windows\System32\drivers\iSafeKrnlBoot.sys
PUP.Optional.Legacy, C:\Windows\System32\drivers\iSafeNetFilter.sys
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\Mozilla\Firefox\Profiles\2jw83aqh.default\searchplugins\findit.xml
PUP.Optional.Legacy, C:\Users\wydlak\AppData\Roaming\Mozilla\Firefox\Profiles\2jw83aqh.default\searchplugins\amisites.xml
PUP.Optional.Reimage, C:\Windows\Reimage.ini
PUP.Optional.FakeIELaunch, C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
PUP.Optional.YesSearches, C:\Windows\System32\findit.xml


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

PUP.Adware.Heuristic, ASEC\ROOT\subscription\ActiveScriptEventConsumer


***** [ Shortcuts ] *****

PUP.Optional.YeaDesktop, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - http:\\www.yeadesktopbr.com\
PUP.Optional.YeaDesktop, C:\Users\Public\Desktop\Internet Explorer.lnk - http:\\www.yeadesktopbr.com\
PUP.Optional.YeaDesktop, C:\Users\wydlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - http:\\www.yeadesktopbr.com\
PUP.Optional.YeaDesktop, C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - http:\\www.yeadesktopbr.com\
PUP.Optional.YeaDesktop, C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - http:\\www.yeadesktopbr.com\


***** [ Tasks ] *****

Adware.Elex, Milimili
PUP.Optional.Legacy, UCBrowserUpdaterCore
PUP.Optional.Ludashi, ComputerZ-Tray


***** [ Registry ] *****

Adware.Elex, [Key] - HKLM\SOFTWARE\Elex-tech
Adware.Elex, [Key] - HKLM\SOFTWARE\jhdbca
Adware.Elex, [Key] - HKU\.DEFAULT\Software\jhdbca
Adware.Elex, [Key] - HKU\S-1-5-18\Software\jhdbca
Adware.Elex, [Key] - HKLM\SOFTWARE\WinArcher
Adware.Elex, [Key] - HKLM\SOFTWARE\Maoha
Adware.Elex, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Maoha
Adware.Elex, [Key] - HKCU\Software\Maoha
Adware.Elex, [Key] - HKLM\SOFTWARE\UvConv
Adware.Elex, [Key] - HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
Adware.Elex, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4}
Adware.Elex, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
Adware.Elex, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Adware.Elex, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Adware.Elex, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Adware.Elex, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Adware.Elex, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\Themes | DependOnService
Adware.Ghokswa, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Adware.Ghokswa, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | IE8TourShownTime [뙍섕啭ǒ:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Search_URL [http:\\www.amisites.com\search\?type=ds&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827&q={searchTerms}]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Default_Page_URL [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Start Page [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
PUP.Optional.Legacy, [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main | Search Page [http:\\www.amisites.com\search\?type=ds&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827&q={searchTerms}]
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\UpgSvr
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\UpgSvr
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\UpgSvr
PUP.Optional.Legacy, [Key] - HKCU\Software\UpgSvr
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\360WallPaper
PUP.Optional.Legacy, [Key] - HKCU\Software\360WallPaper
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\PopWnd
PUP.Optional.Legacy, [Key] - HKCU\Software\PopWnd
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\powerpack
PUP.Optional.Legacy, [Key] - HKCU\Software\powerpack
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\MICROSOFT\OTUT
PUP.Optional.Legacy, [Key] - HKCU\Software\MICROSOFT\OTUT
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Earth Networks
PUP.Optional.Legacy, [Key] - HKCU\Software\Earth Networks
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\AutoTime
PUP.Optional.Legacy, [Key] - HKCU\Software\AutoTime
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\trotuxSoftware
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\SNDA
PUP.Optional.Legacy, [Key] - HKCU\Software\SNDA
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\ComputerZ
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\b`nl{y
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\b`nl{y
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\b`nl{y
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\ompndb
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\ompndb
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\ompndb
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\ICSW1.23
PUP.Optional.Legacy, [Key] - HKCU\Software\ICSW1.23
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\amule-custom
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\InterSect Alliance
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{34B3C588-D06C-4F92-929C-2C3A0BC7F821}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | kuaizipupdatesvc
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved | KuaiZip Shell Extension
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | ArcherGroupEx
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | WinSAPSvc
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | BIT
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | CSHMDR
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | terana
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
PUP.Optional.Kuaizip, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\KuaiZipSFX
PUP.Optional.Kuaizip, [Key] - HKCU\Software\KuaiZipSFX
PUP.Optional.Kuaizip, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\KuaiZip
PUP.Optional.Kuaizip, [Key] - HKCU\Software\KuaiZip
Adware.ChinAd, [Key] - HKLM\SOFTWARE\QiLu Inc.
Adware.ChinAd, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\QiLu Inc.
Adware.ChinAd, [Key] - HKCU\Software\QiLu Inc.
PUP.Optional.Conduit, [Key] - HKLM\SOFTWARE\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\Conduit
PUP.Optional.Reimage, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
PUP.Optional.Reimage, [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
PUP.Optional.Reimage, [Key] - HKLM\SOFTWARE\Reimage
PUP.Optional.Reimage, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Reimage
PUP.Optional.Reimage, [Key] - HKCU\Software\Reimage
PUP.Optional.SafeFinder, [Value] - HKCU\Environment | SNF
PUP.Optional.SafeFinder, [Value] - HKCU\Environment | SNP
Adware.FileTour, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Installer
Adware.FileTour, [Key] - HKCU\Software\Installer
PUP.Optional.DiskPower, [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
PUP.Optional.Tuto4PC, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\MICROSOFT\wewewe
PUP.Optional.Tuto4PC, [Key] - HKCU\Software\MICROSOFT\wewewe
PUP.Optional.Ludashi, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5209D8D9-151A-4115-ADB1-15E45A1F5AD5}
PUP.Optional.Ludashi, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C7367903-2F19-42E0-9FBE-8A274BBFE714}
PUP.Optional.Ludashi, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1EB7E341-E36E-4DED-A03F-CD3FED2326EF}
PUP.Optional.Ludashi, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {FAEAD5FC-572C-4812-B050-DB37098249B4}
PUP.Optional.Ludashi, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {AA5EA78F-9943-48F1-A5C7-AED632705953}
PUP.Optional.Ludashi, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {803AAA9A-E40A-4F9A-8BD2-4EA4DDB1E25E}
PUP.Optional.Ludashi, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {467F0B19-2B44-45A1-8CBE-E7E5A0A9B3D3}
PUP.Optional.Ludashi, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5322A937-9105-4E9C-B206-28C470AA4910}
PUP.Optional.Ludashi, [Key] - HKLM\SOFTWARE\Ludashi
PUP.Optional.Ludashi, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Ludashi
PUP.Optional.Ludashi, [Key] - HKCU\Software\Ludashi
PUP.Optional.Amisites.ShrtCln, [Key] - HKLM\SOFTWARE\amisitesSoftware
PUP.Optional.Downloader, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\dlr
PUP.Optional.Downloader, [Key] - HKCU\Software\dlr
PUP.Optional.Linkury.ACMB1, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\mtRonzap
PUP.Optional.Linkury.ACMB1, [Key] - HKCU\Software\mtRonzap
PUP.Optional.Linkury.ACMB1, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Linkury.ACMB1, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Linkury.ACMB1, [Value] - HKCU\Environment | SNF
PUP.Optional.Linkury.ACMB1, [Value] - HKCU\Environment | SNP
PUP.Optional.Linkury.ACMB1, [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
PUP.Optional.Linkury.ShrtCln, [Key] - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
PUP.Optional.Linkury, [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
PUP.Optional.InstallCore, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\csastats
PUP.Optional.InstallCore, [Key] - HKCU\Software\csastats
PUP.Optional.ProductSetup.A, [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\PRODUCTSETUP
PUP.Optional.ProductSetup.A, [Key] - HKCU\Software\PRODUCTSETUP
PUP.Optional.ChromeHelper, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.ChromeHelper, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Re: Kontrola logu

Napsal: 25 srp 2017 19:21
od pajasimi
PS k předchozímu postu: LOG po restartu PC:

# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 25 18:15:50 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 7 Home Basic (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: MSCFG_SVR
Deleted: terana
Deleted: iSafeService
Deleted: HpSvc
Deleted: GmSvc
Deleted: BIT
Deleted: WinSAPSvc
Deleted: SaFiSvc


***** [ Folders ] *****

Deleted: C:\Program Files\\MK
Deleted: C:\Program Files\Elex-tech
Deleted: C:\Users\wydlak\AppData\Roaming\Elex-tech
Deleted: C:\Program Files\WinArcher
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
Deleted: C:\Users\wydlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
Deleted: C:\Users\wydlak\AppData\Local\terana
Deleted: C:\Users\wydlak\AppData\Local\CSHMDR
Deleted: C:\Users\wydlak\AppData\Roaming\\Firefox
Deleted: C:\Program Files\\Explorer
Deleted: C:\Program Files\\reports
Deleted: C:\ProgramData\WindowsMsg
Deleted: C:\ProgramData\Application Data\WindowsMsg
Deleted: C:\Users\All Users\WindowsMsg
Deleted: C:\ProgramData\Logic Handler
Deleted: C:\ProgramData\Application Data\Logic Handler
Deleted: C:\Users\All Users\Logic Handler
Deleted: C:\Program Files\Common Files\Noobzo
Deleted: C:\Program Files\mpck
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\Tencent
Deleted: C:\Users\wydlak\AppData\Roaming\Softlink
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\aMule
Deleted: C:\Users\wydlak\AppData\Roaming\aMule
Deleted: C:\Program Files\amuleC1
Deleted: C:\Users\wydlak\AppData\Roaming\navplugin
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
Deleted: C:\Users\wydlak\AppData\Roaming\Kuaizip
Deleted: C:\Users\wydlak\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaohaWiFi
Deleted: C:\ProgramData\SearchModule
Deleted: C:\ProgramData\Application Data\SearchModule
Deleted: C:\Users\All Users\SearchModule
Deleted: C:\Program Files\wanttoxiamen
Deleted: C:\Program Files\LuDaShi
Deleted: C:\Users\wydlak\AppData\Roaming\LuDaShi
Deleted: C:\Program Files\LDSGameCenter
Deleted: C:\Windows\System32\config\systemprofile\AppData\Roaming\LDSGameCenter
Deleted: C:\Users\wydlak\AppData\Roaming\LDSGameCenter
Deleted: C:\ProgramData\WinSAPSvc
Deleted: C:\ProgramData\Application Data\WinSAPSvc
Deleted: C:\Users\All Users\WinSAPSvc
Deleted: C:\Users\wydlak\AppData\Roaming\WinSAPSvc
Deleted: C:\Program Files\UvConverter
Deleted: C:\Program Files\ContentPush
Deleted: C:\Users\wydlak\AppData\Roaming\ContentPush
Deleted: C:\ProgramData\NetworkPacketManitor
Deleted: C:\ProgramData\Application Data\NetworkPacketManitor
Deleted: C:\Users\All Users\NetworkPacketManitor
Deleted: C:\ProgramData\Ronzap
Deleted: C:\ProgramData\Application Data\Ronzap
Deleted: C:\Users\All Users\Ronzap
Deleted: C:\ProgramData\Ronzaps
Deleted: C:\ProgramData\Application Data\Ronzaps
Deleted: C:\Users\All Users\Ronzaps
Deleted: C:\Program Files\SaFiPlayer
Deleted: C:\Users\wydlak\AppData\Roaming\lockhomepage
Deleted: C:\ProgramData\{3A83B8C4-5F70-453E-A723-B5672F107885}
Deleted: C:\Users\wydlak\AppData\Local\tuto_monetize_120161215


***** [ Files ] *****

Deleted: C:\Windows\System32\\kz.exe
Deleted: C:\Windows\System32\\chtbrkg.dll
Deleted: C:\Users\wydlak\AppData\Roaming\\agent.dat
Deleted: C:\Users\wydlak\AppData\Roaming\Main.dat
Deleted: C:\Users\wydlak\AppData\Roaming\\InstallationConfiguration.xml
Deleted: C:\Users\wydlak\AppData\Roaming\\Installer.dat
Deleted: C:\Users\wydlak\AppData\Roaming\\noah.dat
Deleted: C:\Users\wydlak\AppData\Roaming\\Config.xml
Deleted: C:\Users\wydlak\AppData\Roaming\\md.xml
Deleted: C:\Users\All Users\Documents\\report.dat
Deleted: C:\Users\Public\Documents\\report.dat
Deleted: C:\Users\All Users\Documents\\temp.dat
Deleted: C:\Users\Public\Documents\\temp.dat
Deleted: C:\Program Files\\settings.dat
Deleted: C:\ProgramData\Microsoft\Office\\office_update.dll
Deleted: C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Deleted: C:\Windows\System32\drivers\iSafeNetFilter.sys
Deleted: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
Deleted: C:\Users\wydlak\AppData\Roaming\Mozilla\Firefox\Profiles\2jw83aqh.default\searchplugins\findit.xml
Deleted: C:\Users\wydlak\AppData\Roaming\Mozilla\Firefox\Profiles\2jw83aqh.default\searchplugins\amisites.xml
Deleted: C:\Windows\Reimage.ini
Deleted: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk
Deleted: C:\Windows\System32\findit.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

Deleted: ASEC\ROOT\subscription\ActiveScriptEventConsumer


***** [ Shortcuts ] *****

Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk[http:\\www.yeadesktopbr.com\]
Cleaned: C:\Users\Public\Desktop\Internet Explorer.lnk[http:\\www.yeadesktopbr.com\]
Cleaned: C:\Users\wydlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk[http:\\www.yeadesktopbr.com\]
Cleaned: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk[http:\\www.yeadesktopbr.com\]
Cleaned: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk[http:\\www.yeadesktopbr.com\]


***** [ Tasks ] *****

Deleted: Milimili
Deleted: UCBrowserUpdaterCore
Deleted: ComputerZ-Tray


***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Elex-tech
Deleted: [Key] - HKLM\SOFTWARE\jhdbca
Deleted: [Key] - HKU\.DEFAULT\Software\jhdbca
Deleted: [Key] - HKU\S-1-5-18\Software\jhdbca
Deleted: [Key] - HKLM\SOFTWARE\WinArcher
Deleted: [Key] - HKLM\SOFTWARE\Maoha
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Maoha
Deleted: [Key] - HKCU\Software\Maoha
Deleted: [Key] - HKLM\SOFTWARE\UvConv
Deleted: [Key] - HKLM\SOFTWARE\{84416237-6490-494D-9AD6-4994DD978971}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\Themes|DependOnService
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|IE8TourShownTime [뙍섕啭ǒ:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL [http:\\www.amisites.com\search\?type=ds&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827&q={searchTerms}]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page [http:\\www.amisites.com\search\?type=ds&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827&q={searchTerms}]
Deleted: [Key] - HKU\.DEFAULT\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-18\Software\UpgSvr
Deleted: [Key] - HKCU\Software\UpgSvr
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\360WallPaper
Deleted: [Key] - HKCU\Software\360WallPaper
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\PopWnd
Deleted: [Key] - HKCU\Software\PopWnd
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\powerpack
Deleted: [Key] - HKCU\Software\powerpack
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\MICROSOFT\OTUT
Deleted: [Key] - HKCU\Software\MICROSOFT\OTUT
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Earth Networks
Deleted: [Key] - HKCU\Software\Earth Networks
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\AutoTime
Deleted: [Key] - HKCU\Software\AutoTime
Deleted: [Key] - HKLM\SOFTWARE\trotuxSoftware
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\SNDA
Deleted: [Key] - HKCU\Software\SNDA
Deleted: [Key] - HKLM\SOFTWARE\ComputerZ
Deleted: [Key] - HKLM\SOFTWARE\b`nl{y
Deleted: [Key] - HKU\.DEFAULT\Software\b`nl{y
Deleted: [Key] - HKU\S-1-5-18\Software\b`nl{y
Deleted: [Key] - HKLM\SOFTWARE\ompndb
Deleted: [Key] - HKU\.DEFAULT\Software\ompndb
Deleted: [Key] - HKU\S-1-5-18\Software\ompndb
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\ICSW1.23
Deleted: [Key] - HKCU\Software\ICSW1.23
Deleted: [Key] - HKLM\SOFTWARE\amule-custom
Deleted: [Key] - HKLM\SOFTWARE\InterSect Alliance
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\DMunversion
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{34B3C588-D06C-4F92-929C-2C3A0BC7F821}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|kuaizipupdatesvc
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|KuaiZip Shell Extension
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|ArcherGroupEx
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|WinSAPSvc
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|BIT
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|CSHMDR
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost|terana
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\KuaiZipSFX
Deleted: [Key] - HKCU\Software\KuaiZipSFX
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\KuaiZip
Deleted: [Key] - HKCU\Software\KuaiZip
Deleted: [Key] - HKLM\SOFTWARE\QiLu Inc.
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\QiLu Inc.
Deleted: [Key] - HKCU\Software\QiLu Inc.
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted: [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted: [Key] - HKLM\SOFTWARE\Reimage
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Reimage
Deleted: [Key] - HKCU\Software\Reimage
Deleted: [Value] - HKCU\Environment|SNF
Deleted: [Value] - HKCU\Environment|SNP
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Installer
Deleted: [Key] - HKCU\Software\Installer
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\MICROSOFT\wewewe
Deleted: [Key] - HKCU\Software\MICROSOFT\wewewe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5209D8D9-151A-4115-ADB1-15E45A1F5AD5}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{C7367903-2F19-42E0-9FBE-8A274BBFE714}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1EB7E341-E36E-4DED-A03F-CD3FED2326EF}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FAEAD5FC-572C-4812-B050-DB37098249B4}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AA5EA78F-9943-48F1-A5C7-AED632705953}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{803AAA9A-E40A-4F9A-8BD2-4EA4DDB1E25E}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{467F0B19-2B44-45A1-8CBE-E7E5A0A9B3D3}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5322A937-9105-4E9C-B206-28C470AA4910}
Deleted: [Key] - HKLM\SOFTWARE\Ludashi
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\Ludashi
Deleted: [Key] - HKCU\Software\Ludashi
Deleted: [Key] - HKLM\SOFTWARE\amisitesSoftware
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\dlr
Deleted: [Key] - HKCU\Software\dlr
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\mtRonzap
Deleted: [Key] - HKCU\Software\mtRonzap
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKCU\Environment|SNF
Deleted: [Value] - HKCU\Environment|SNP
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Ronzap.exe
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RONZAP.EXE
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-3334834378-47984234-4051371028-1000\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [19277 B] - [2017/8/25 18:8:13]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Re: Kontrola logu

Napsal: 25 srp 2017 19:57
od Rudy
Nálezy MBAM smažte a dejte nový log FRST.

Re: Kontrola logu

Napsal: 25 srp 2017 21:49
od pajasimi
Po posledních dvou scannech+čištění stále přetrvávají x4 nálezy:

# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 25 20:33:21 2017
# Updated on 2017/05/08 by Malwarebytes
# Running on Windows 7 Home Basic (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: iSafeService


***** [ Folders ] *****

Deleted: C:\Program Files\Elex-tech
Deleted: C:\Users\wydlak\AppData\Roaming\Elex-tech


***** [ Files ] *****

Deleted: C:\Users\All Users\Documents\\temp.dat
Deleted: C:\Users\Public\Documents\\temp.dat
Deleted: C:\Windows\System32\drivers\iSafeNetFilter.sys


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk[http:\\www.yeadesktopbr.com\]
Cleaned: C:\Users\Public\Desktop\Internet Explorer.lnk[http:\\www.yeadesktopbr.com\]
Cleaned: C:\Users\wydlak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk[http:\\www.yeadesktopbr.com\]
Cleaned: C:\Users\wydlak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk[http:\\www.yeadesktopbr.com\]


***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Elex-tech
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
Deleted: [Data] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page [http:\\www.amisites.com\?type=hp&ts=1482013904&z=2beb2724ce48ee885cc5d5dgbz6bfoee2g0cat4e5q&from=che0812&uid=WDCXWD800JB-00JJA0_WD-WCAM91101827]
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
Deleted: [Key] - HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [16713 B] - [2017/8/25 18:15:50]
C:/AdwCleaner/AdwCleaner[C1].txt - [3060 B] - [2017/8/25 18:39:58]
C:/AdwCleaner/AdwCleaner[S0].txt - [19277 B] - [2017/8/25 18:8:13]
C:/AdwCleaner/AdwCleaner[S1].txt - [3179 B] - [2017/8/25 18:30:2]
C:/AdwCleaner/AdwCleaner[S2].txt - [3522 B] - [2017/8/25 20:31:59]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########

Re: Kontrola logu

Napsal: 26 srp 2017 10:11
od Rudy
FRST?
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz