Dobrý den,
několik dní zápasím s virem QVO6 na prohlížečích Chrome, Mozilla, Explorer jako hlavní domovská stránka. QVO6 jsem odinstalovala, stáhla několik programů na vymazání, ale nepomohlo nic.
Poslední scan přes „hijack“ nemohu najít nikde QVO6.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:22:28, on 18.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal
Running processes:
C:\Users\Jana a Michal\svchost.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\VESKERE STAHOVANI\STAHOVÁNÍ Chrome\hijackthis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: (no name) – – (no file)
F2 – REG:system.ini: UserInit=userinit.exe
O2 – BHO: MSS+ Identifier – {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} – C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 – BHO: Windows Live ID Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Bing Bar Helper – {d2ce3e00-f94a-4740-988e-03dc2f38c34f} – „C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll“ (file missing)
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 – Toolbar: Bing Bar – {8dcb7100-df86-4384-8842-8fa844297b3f} – „C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll“ (file missing)
O4 – HKLM\..\Run: [GrooveMonitor] „C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe“
O4 – HKLM\..\Run: [ArcadeMovieService] „C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe“
O4 – HKLM\..\Run: [APSDaemon] „C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe“
O4 – HKLM\..\Run: [AVG_UI] „C:\Program Files (x86)\AVG\AVG2013\avgui.exe“ /TRAYONLY
O4 – HKLM\..\Run: [SunJavaUpdateSched] „C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe“
O4 – HKLM\..\Run: [Adobe ARM] „C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe“
O4 – HKLM\..\Run: [seznam-listicka-distribuce] „C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe“ -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 – HKCU\..\Run: [AlcoholAutomount] „C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe“ -automount
O4 – HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 – HKCU\..\Run: [DAEMON Tools Lite] „C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe“ -autorun
O4 – HKCU\..\Run: [Facebook Update] „C:\Users\Jana a Michal\AppData\Local\Facebook\Update\FacebookUpdate.exe“ /c /nocrashserver
O4 – HKCU\..\Run: [5d5e3c1b562e3a75dc95740a35744ad0] „C:\Users\Jana a Michal\svchost.exe“ ..
O4 – HKCU\..\Run: [cz.seznam.software.autoupdate] „C:\Users\Jana a Michal\AppData\Roaming\Seznam.cz\szninstall.exe“ -c
O4 – HKCU\..\Run: [cz.seznam.software.szndesktop] „C:\Users\Jana a Michal\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe“ -q
O4 – HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User ‚SYSTEM‘)
O4 – HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User ‚Default user‘)
O4 – Startup: 5d5e3c1b562e3a75dc95740a35744ad0.exe
O4 – Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O9 – Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra ‚Tools‘ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra button: Odeslat do aplikace OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 – Extra ‚Tools‘ menuitem: Od&eslat do aplikace OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 – Extra button: ICQ6 – {E59EB121-F339-4851-A3BA-FE49C35617C2} – C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 – Extra ‚Tools‘ menuitem: ICQ6 – {E59EB121-F339-4851-A3BA-FE49C35617C2} – C:\Program Files (x86)\ICQ6.5\ICQ.exe
O10 – Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 – Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 – Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 – Protocol: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} – C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 – AppInit_DLLs: C:\Users\JANAAM~1\AppData\Local\DProtect\eBP.dll,C:\Users\JANAAM~1\AppData\Local\DProtect\eBPSD.dll
O23 – Service: Adobe Acrobat Update Service (AdobeARMservice) – Adobe Systems Incorporated – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 – Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) – Adobe Systems Incorporated – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 – Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) – Unknown owner – C:\Windows\System32\alg.exe (file missing)
O23 – Service: AMD External Events Utility – Unknown owner – C:\Windows\system32\atiesrxx.exe (file missing)
O23 – Service: AMD FUEL Service – Advanced Micro Devices, Inc. – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 – Service: AVGIDSAgent – AVG Technologies CZ, s.r.o. – C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 – Service: AVG WatchDog (avgwd) – AVG Technologies CZ, s.r.o. – C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) – Unknown owner – C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 – Service: DPService – Woodtale Technology Inc – C:\Users\Jana a Michal\AppData\Local\DProtect\DProtectSvc.exe
O23 – Service: Dritek WMI Service (DsiWMIService) – Dritek System Inc. – C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 – Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) – Unknown owner – C:\Windows\System32\lsass.exe (file missing)
O23 – Service: EgisTec Ticket Service – Egis Technology Inc. – C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 – Service: Acer ePower Service (ePowerSvc) – Acer Incorporated – C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 – Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) – Unknown owner – C:\Windows\system32\fxssvc.exe (file missing)
O23 – Service: FLEXnet Licensing Service – Acresso Software Inc. – C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: GREGService – Acer Incorporated – C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 – Service: Služba Google Update (gupdate) (gupdate) – Google Inc. – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 – Service: Služba Google Update (gupdatem) (gupdatem) – Google Inc. – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 – Service: @keyiso.dll,-100 (KeyIso) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
O23 – Service: Live Updater Service – Acer Incorporated – C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 – Service: McAfee Security Scan Component Host Service (McComponentHostService) – McAfee, Inc. – C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 – Service: Mozilla Maintenance Service (MozillaMaintenance) – Mozilla Foundation – C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 – Service: @comres.dll,-2797 (MSDTC) – Unknown owner – C:\Windows\System32\msdtc.exe (file missing)
O23 – Service: Nero BackItUp Scheduler 3 – Nero AG – C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 – Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
O23 – Service: NMIndexingService – Nero AG – C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 – Service: Norton Online Backup (NOBU) – Symantec Corporation – C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 – Service: NTI IScheduleSvc – NTI Corporation – C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 – Service: PLFlash DeviceIoControl Service – Prolific Technology Inc. – C:\Windows\SysWOW64\IoctlSvc.exe
O23 – Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
O23 – Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) – Unknown owner – C:\Windows\system32\locator.exe (file missing)
O23 – Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
O23 – Service: ServiceLayer – Nokia – C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 – Service: Skype Updater (SkypeUpdate) – Skype Technologies – C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 – Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) – Unknown owner – C:\Windows\System32\snmptrap.exe (file missing)
O23 – Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) – Unknown owner – C:\Windows\System32\spoolsv.exe (file missing)
O23 – Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) – Unknown owner – C:\Windows\system32\sppsvc.exe (file missing)
O23 – Service: StarWind AE Service (StarWindServiceAE) – StarWind Software – C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 – Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) – TuneUp Software – C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 – Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) – Unknown owner – C:\Windows\system32\UI0Detect.exe (file missing)
O23 – Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
O23 – Service: @%SystemRoot%\system32\vds.exe,-100 (vds) – Unknown owner – C:\Windows\System32\vds.exe (file missing)
O23 – Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) – Unknown owner – C:\Windows\system32\vssvc.exe (file missing)
O23 – Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) – Unknown owner – C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 – Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) – Unknown owner – C:\Windows\system32\wbengine.exe (file missing)
O23 – Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) – Unknown owner – C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 – Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) – Unknown owner – C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
—
End of file – 13074 bytes
Nevím, co už vymazat.
Všchny prohlížeče jsem několikrát nastav ila na na domovskou stránku seznam, ale při opětovném spuštění je tam opět QVO6
ono to neni v podstate ani virus je to unosce domovske stranky navod zde : http://www.anti-spyware-101.com/cz/odstranit-qv06
Dle tohoto návodu jsem již jela několikrát, Ve správci vyhledávačů QVO6 není, ani na jednom z míněných vyhledávačů. Přesto při spuštění jakéhokoliv z nich najede QVO6