Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

W7 možný Surrogate

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Wenzl
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 01 led 2016 11:34

W7 možný Surrogate

#1 Příspěvek od Wenzl »

Dobrý den, prosím o kontrolu logu. Při náhlém zpomalení pc mi ve správci úloh problikl Surrogate. Avast ani Malwarebytes nic nenašli moc děkuji za pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2017
Ran by VacKor (administrator) on TEST-PC (10-09-2017 19:10:28)
Running from C:\Users\VacKor\Desktop
Loaded Profiles: VacKor (Available Profiles: VacKor)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-02] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HDAudDeck] => c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe [2441840 2010-06-25] (VIA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E79E767F-937C-4159-B204-DCCCD2F0BDAF}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4161623063-1077891321-1027309549-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4161623063-1077891321-1027309549-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4161623063-1077891321-1027309549-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-09-02] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-09-02] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-16] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\VacKor\AppData\Roaming\Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 [2017-09-10]
FF NewTab: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> Seznam
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> Seznam
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> Seznam
FF Homepage: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (Avast Passwords) - C:\Users\VacKor\AppData\Roaming\Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2017-08-25]
FF Extension: (Avast SafePrice) - C:\Users\VacKor\AppData\Roaming\Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345\Extensions\sp@avast.com.xpi [2017-08-24]
FF Extension: (Avast Online Security) - C:\Users\VacKor\AppData\Roaming\Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345\Extensions\wrc@avast.com.xpi [2017-08-20]
FF SearchPlugin: C:\Users\VacKor\AppData\Roaming\Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345\searchplugins\seznam-avast.xml [2016-10-19]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-08-26] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2017-08-26] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-08-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-09] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @hypercosm.com/HypercosmPlayer -> C:\Program Files (x86)\Hypercosm\Hypercosm Player\components\nphypercosm.dll [2011-02-11] (Hypercosm LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default [2017-09-10]
CHR Extension: (Disk Google) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Vyhledávání Google) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Ads Removal) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-17]
CHR Extension: (Avast Online Security) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-07]
CHR Extension: (Gmail) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR Extension: (Chrome Media Router) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [322976 2017-09-02] (AVAST Software)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2014-02-13] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320528 2017-09-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-09-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343296 2017-09-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-09-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47016 2017-09-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147784 2017-09-02] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-07-01] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [555072 2017-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-09-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1016384 2017-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [590880 2017-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [199312 2017-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-09-02] (AVAST Software)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-12-18] (Audials AG)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-10 19:10 - 2017-09-10 19:11 - 000018592 _____ C:\Users\VacKor\Desktop\FRST.txt
2017-09-10 19:09 - 2017-09-10 19:09 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-09-10 19:04 - 2017-09-10 19:04 - 002396160 _____ (Farbar) C:\Users\VacKor\Desktop\FRST64.exe
2017-09-10 08:27 - 2017-09-10 08:27 - 000000000 ____D C:\Users\VacKor\AppData\Local\{58FFC384-2492-4AF6-AE71-97E7A2B43A81}
2017-09-09 19:20 - 2017-09-09 19:20 - 000000000 ____D C:\Users\VacKor\AppData\Local\{01241273-3B59-44F1-9F2E-31D6D0D5B35E}
2017-09-09 07:19 - 2017-09-09 07:19 - 000000000 ____D C:\Users\VacKor\AppData\Local\{BA6DC10F-6ED2-450D-A180-215D2D369C84}
2017-09-09 07:15 - 2017-09-10 07:37 - 000003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4161623063-1077891321-1027309549-1000
2017-09-09 07:15 - 2017-09-10 07:37 - 000003208 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4161623063-1077891321-1027309549-1000
2017-09-08 13:45 - 2017-09-08 13:45 - 000000000 ____D C:\Users\VacKor\AppData\Local\{DF1ED6D1-931C-4FF8-A305-9C38DA6BA350}
2017-09-07 16:53 - 2017-09-07 16:53 - 000000000 ____D C:\Users\VacKor\AppData\Local\{7F286DD5-9BDF-4FB6-AFB1-202EAE86F1DF}
2017-09-06 18:08 - 2017-09-06 18:08 - 000000000 ____D C:\Users\VacKor\AppData\Local\{FB1DABFD-890C-432C-9B3D-4E36A3E60D2F}
2017-09-05 17:55 - 2017-09-05 17:55 - 000000000 ____D C:\Users\VacKor\AppData\Local\{2464B831-18AF-4033-8843-E254DDEAEEDA}
2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\Users\VacKor\AppData\Local\{8EC0B6BE-65C4-43FB-A2CB-08D892D70C81}
2017-09-03 19:59 - 2017-09-03 19:59 - 000000000 ____D C:\Users\VacKor\AppData\Local\{C0D03744-E3FD-4211-8088-5E8EB558E7CB}
2017-09-03 07:58 - 2017-09-03 07:58 - 000000000 ____D C:\Users\VacKor\AppData\Local\{B67C2A7B-FC83-4067-87D6-A2B0BDC00D44}
2017-09-02 19:49 - 2017-09-02 19:49 - 000000000 ____D C:\Users\VacKor\AppData\Local\{F541AB4A-380C-4AD4-91D4-C3896B54A497}
2017-09-02 11:26 - 2017-09-02 11:24 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-09-02 10:37 - 2017-09-02 10:37 - 000001246 _____ C:\Users\VacKor\.recently-used.xbel
2017-09-02 07:48 - 2017-09-02 07:48 - 000000000 ____D C:\Users\VacKor\AppData\Local\{BD4FE36A-EB07-4605-9BCA-948C99D16321}
2017-09-01 16:48 - 2017-09-01 16:48 - 000000000 ____D C:\Users\VacKor\AppData\Local\{9F538F49-F20D-4724-B58D-C71CDA222F3A}
2017-08-31 16:57 - 2017-08-31 16:57 - 000000000 ____D C:\Users\VacKor\AppData\Local\{43A30A50-AA36-47DC-805F-DB1C22E5BFE3}
2017-08-30 17:54 - 2017-08-30 17:54 - 000000000 ____D C:\Users\VacKor\AppData\Local\{FD094CA6-F2C3-46F3-86CA-B65FCCB726CE}
2017-08-29 17:55 - 2017-08-29 17:55 - 000000000 ____D C:\Users\VacKor\AppData\Local\{96BBDF14-635B-433A-951A-9181B2D38306}
2017-08-28 17:51 - 2017-08-28 17:51 - 000000000 ____D C:\Users\VacKor\AppData\Local\{70858BF2-AD37-45BC-B684-23CBBE420503}
2017-08-27 19:31 - 2017-08-27 19:31 - 000000000 ____D C:\Users\VacKor\AppData\Local\{7D2D3827-A016-4B98-86AE-B07AD23D7BFB}
2017-08-27 07:29 - 2017-08-27 07:29 - 000000000 ____D C:\Users\VacKor\AppData\Local\{CBF88BE7-6077-48AB-98AD-1F01C7D5C182}
2017-08-26 08:21 - 2017-08-26 14:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-26 08:18 - 2017-08-26 08:18 - 000000000 ____D C:\Users\VacKor\AppData\Local\{2A09A895-ABEC-4686-A926-DAB53EB2CDD1}
2017-08-25 20:05 - 2017-08-25 20:05 - 000000000 ____D C:\Users\VacKor\AppData\Local\{C41EBD05-3A6D-4225-9C3D-700B3B2FFE84}
2017-08-25 08:04 - 2017-08-25 08:04 - 000000000 ____D C:\Users\VacKor\AppData\Local\{9B31EB27-F9ED-40AC-AFCB-D4EE9DCE8E37}
2017-08-24 16:59 - 2017-08-24 16:59 - 000002172 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-08-24 16:58 - 2017-08-24 16:59 - 000002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-08-24 16:54 - 2017-08-24 16:54 - 000000000 ____D C:\Users\VacKor\AppData\Local\{0C425467-9D58-4E99-BD19-AE0735AB1189}
2017-08-23 20:57 - 2017-08-23 20:57 - 000000000 ____D C:\Users\VacKor\AppData\Local\{0B04A9BB-021A-47A3-9260-3F30FBFBE548}
2017-08-23 18:28 - 2017-08-23 18:54 - 1637903661 _____ C:\Users\VacKor\Downloads\Strážci vesmíru.mkv
2017-08-22 18:57 - 2017-08-22 18:57 - 000000000 ____D C:\Users\VacKor\AppData\Local\{D4D863B1-0ECA-4D91-A853-B4BB979A2368}
2017-08-21 20:24 - 2017-08-21 20:24 - 000047583 _____ C:\Users\VacKor\Downloads\Pohyb_14400852120_na_uctu_2001033807.pdf
2017-08-21 20:04 - 2017-08-21 20:04 - 000047551 _____ C:\Users\VacKor\Downloads\Pohyb_14402154528_na_uctu_2001033807.pdf
2017-08-21 20:04 - 2017-08-21 20:04 - 000047551 _____ C:\Users\VacKor\Downloads\Pohyb_14402154528_na_uctu_2001033807 (1).pdf
2017-08-21 17:50 - 2017-08-21 17:50 - 000000000 ____D C:\Users\VacKor\AppData\Local\{44E14A94-63F5-446A-AB90-0035CA454673}
2017-08-20 22:31 - 2017-08-20 22:31 - 000000000 ____D C:\Users\VacKor\AppData\Local\{1CE639DC-8783-4A06-A463-CB9CEA669FB2}
2017-08-17 17:35 - 2017-08-17 17:35 - 000000000 ____D C:\Users\VacKor\AppData\Local\{16159D57-C4BA-4A8D-BB4D-9609B872587D}
2017-08-16 18:01 - 2017-08-16 18:01 - 000000000 ____D C:\Users\VacKor\AppData\Local\{034EFC17-DBDE-4C01-A89A-CDF32FAB5644}
2017-08-15 20:31 - 2017-08-15 20:31 - 000000000 ____D C:\Users\VacKor\AppData\Local\{A27ADAFC-472D-4812-A8A6-18D6F4143971}
2017-08-15 08:15 - 2017-08-15 08:15 - 000000000 ____D C:\Users\VacKor\AppData\Local\{CA90DDC9-92A8-401B-876B-BE82651F8323}
2017-08-14 18:54 - 2017-08-14 18:54 - 000000000 ____D C:\Users\VacKor\AppData\Local\{39B1E838-5AD9-4751-B326-776691E3FA25}
2017-08-13 23:37 - 2017-08-13 23:37 - 000000000 ____D C:\Users\VacKor\AppData\Local\{C587A856-EA24-4F4E-88EF-0120FCA3E3D8}
2017-08-13 09:58 - 2017-08-13 09:58 - 000000000 ____D C:\Users\VacKor\AppData\Local\{C4DA96E3-17F9-4E98-8A12-11CBB825DD08}
2017-08-12 19:51 - 2017-08-12 19:51 - 000000000 ____D C:\Users\VacKor\AppData\Local\{C4C5E051-18B2-4E03-B2AF-E5D956F22A2C}
2017-08-12 07:31 - 2017-08-12 07:31 - 000000000 ____D C:\Users\VacKor\AppData\Local\{1D0F9BEA-8E11-4A2D-90A4-D16AABFCAFB8}
2017-08-11 22:33 - 2017-08-11 22:33 - 000000529 _____ C:\Users\VacKor\Desktop\martánci.txt
2017-08-11 14:04 - 2017-08-11 14:04 - 000000000 ____D C:\Users\VacKor\AppData\Local\{94D264CF-7C4E-4D7A-B3F2-1859419EAA76}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-10 19:10 - 2014-06-01 08:50 - 000000000 ____D C:\FRST
2017-09-10 19:07 - 2014-01-09 23:22 - 000000000 ____D C:\Down
2017-09-10 18:39 - 2014-05-17 10:50 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-10 18:26 - 2011-07-10 13:42 - 000000000 ____D C:\ProgramData\Adobe
2017-09-10 18:26 - 2011-07-08 22:51 - 000000000 ____D C:\Users\VacKor\AppData\Roaming\Adobe
2017-09-10 18:17 - 2011-07-10 16:38 - 000000000 ____D C:\Users\VacKor\AppData\Roaming\Skype
2017-09-10 08:26 - 2016-11-18 20:16 - 000000000 ____D C:\Users\VacKor\AppData\LocalLow\Mozilla
2017-09-10 08:01 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-10 08:01 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-10 07:36 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-07 21:46 - 2011-07-10 09:47 - 000000000 ____D C:\Users\VacKor\AppData\Roaming\vlc
2017-09-05 17:58 - 2011-07-10 16:37 - 000000000 ____D C:\ProgramData\Skype
2017-09-05 17:57 - 2015-12-07 09:02 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-02 21:53 - 2014-01-30 04:05 - 001559340 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-02 21:53 - 2011-04-12 10:34 - 000668882 _____ C:\Windows\system32\perfh005.dat
2017-09-02 21:53 - 2011-04-12 10:34 - 000141542 _____ C:\Windows\system32\perfc005.dat
2017-09-02 21:53 - 2009-07-14 07:13 - 001559340 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-02 21:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-09-02 11:58 - 2017-03-10 13:28 - 000003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1452257823
2017-09-02 11:28 - 2017-03-09 20:21 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-09-02 11:24 - 2014-04-26 20:19 - 000047016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-09-02 11:24 - 2014-01-01 15:26 - 000199312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-09-02 11:24 - 2013-03-05 18:39 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-09-02 11:24 - 2013-03-05 18:39 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-09-02 11:24 - 2012-03-10 15:51 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-09-02 11:24 - 2011-07-18 13:19 - 000590880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-09-02 11:24 - 2011-07-18 13:19 - 000147784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-09-02 11:22 - 2012-03-10 15:51 - 000041832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-09-02 11:22 - 2011-07-18 13:19 - 001016384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-09-02 11:21 - 2017-03-09 20:21 - 000343296 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-09-02 11:21 - 2017-03-09 20:21 - 000320528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-09-02 11:21 - 2017-03-09 20:21 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-09-02 11:21 - 2017-03-09 20:21 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-09-02 11:21 - 2016-02-28 11:40 - 000555072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-09-02 10:37 - 2011-07-08 22:23 - 000000000 ____D C:\Users\VacKor
2017-08-30 21:28 - 2015-11-08 21:27 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 17:58 - 2014-08-28 20:57 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-26 14:15 - 2012-04-26 18:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-24 16:58 - 2013-01-06 16:27 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-16 19:38 - 2016-04-06 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-16 19:37 - 2016-04-06 20:43 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-08-16 19:37 - 2013-11-16 10:23 - 000000000 ____D C:\Program Files (x86)\Java

==================== Files in the root of some directories =======

2011-07-10 19:43 - 2011-09-25 19:59 - 000007622 _____ () C:\Users\VacKor\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-04-21 14:36 - 2017-04-21 14:36 - 000739904 _____ (Oracle Corporation) C:\Users\VacKor\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-21 19:14 - 2017-07-21 19:14 - 000739904 _____ (Oracle Corporation) C:\Users\VacKor\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-03-15 20:25 - 2017-03-15 20:25 - 014456872 _____ (Microsoft Corporation) C:\Users\VacKor\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-10 08:24

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: W7 možný Surrogate

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Wenzl
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 01 led 2016 11:34

Re: W7 možný Surrogate

#3 Příspěvek od Wenzl »

# AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 10 19:15:22 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
Deleted: C:\Program Files (x86)\GotClip
Deleted: C:\Users\VacKor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GotClip
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\ProgramData\Application Data\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\ProgramData\Ask
Deleted: C:\ProgramData\Application Data\Ask
Deleted: C:\Users\All Users\Ask


***** [ Files ] *****

Deleted: C:\Users\VacKor\Desktop\GotClip.lnk
Deleted: C:\Windows\System32\drivers\DRVAGENT64.SYS


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\IOBIT\ASC
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\wlogin.icq.com
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{52E4A841-4891-47AE-9B45-73C7178BEF19}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9A3F3EAD-A2AC-4ACD-A541-9A95DDBC0DDF}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder 7 Applications
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GotClip
Deleted: [Key] - HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\Software\GotClip Downloader
Deleted: [Key] - HKCU\Software\GotClip Downloader
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION|BackgroundHost.exe
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{52E4A841-4891-47AE-9B45-73C7178BEF19}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{9A3F3EAD-A2AC-4ACD-A541-9A95DDBC0DDF}
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Applications\iLividSetupV1.exe


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Ads Removal -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4610 B] - [2017/9/10 19:13:31]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: W7 možný Surrogate

#4 Příspěvek od Rudy »

Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Wenzl
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 01 led 2016 11:34

Re: W7 možný Surrogate

#5 Příspěvek od Wenzl »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
Ran by VacKor (administrator) on TEST-PC (11-09-2017 17:49:10)
Running from C:\Users\VacKor\Desktop
Loaded Profiles: VacKor (Available Profiles: VacKor)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [239856 2017-09-02] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HDAudDeck] => c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe [2441840 2010-06-25] (VIA)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E79E767F-937C-4159-B204-DCCCD2F0BDAF}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
SearchScopes: HKLM-x32 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKLM-x32 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4161623063-1077891321-1027309549-1000 -> DefaultScope {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4161623063-1077891321-1027309549-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4161623063-1077891321-1027309549-1000 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-09-02] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-08-16] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-09-02] (AVAST Software)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-16] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-07-18] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\VacKor\AppData\Roaming\Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 [2017-09-10]
FF NewTab: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> Seznam
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> Seznam
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> Seznam
FF Homepage: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> hxxps://www.seznam.cz/?clid=22668
FF Keyword.URL: Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345 -> hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&
FF Extension: (Avast Passwords) - C:\Users\VacKor\AppData\Roaming\Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2017-08-25]
FF Extension: (Avast SafePrice) - C:\Users\VacKor\AppData\Roaming\Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345\Extensions\sp@avast.com.xpi [2017-08-24]
FF Extension: (Avast Online Security) - C:\Users\VacKor\AppData\Roaming\Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345\Extensions\wrc@avast.com.xpi [2017-08-20]
FF SearchPlugin: C:\Users\VacKor\AppData\Roaming\Mozilla\Firefox\Profiles\sh9hc1df.default-1423319141345\searchplugins\seznam-avast.xml [2016-10-19]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-08-26] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2017-08-26] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-08-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: (Download videos and MP3s from YouTube) - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-09] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-08] ()
FF Plugin-x32: @hypercosm.com/HypercosmPlayer -> C:\Program Files (x86)\Hypercosm\Hypercosm Player\components\nphypercosm.dll [2011-02-11] (Hypercosm LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-01] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "www.google.com"
CHR Profile: C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default [2017-09-10]
CHR Extension: (Disk Google) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Vyhledávání Google) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-17]
CHR Extension: (Avast Online Security) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-09-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-07]
CHR Extension: (Gmail) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR Extension: (Chrome Media Router) - C:\Users\VacKor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-07]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7452288 2017-09-02] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [275208 2017-09-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [322976 2017-09-02] (AVAST Software)
S3 EFS; C:\Windows\System32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-21] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [116224 2017-07-14] (Microsoft Corporation)
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-11-09] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-11-09] (Microsoft Corporation)
S4 Netlogon; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-16] (Nero AG)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S4 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation)
R2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-21] (Microsoft Corporation)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2017-07-07] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-21] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2014-02-13] (VIA Technologies, Inc.)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2017-07-14] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2017-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [320528 2017-09-02] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-09-02] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343296 2017-09-02] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-09-02] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47016 2017-09-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41832 2017-09-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147784 2017-09-02] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [38152 2017-07-01] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [555072 2017-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110376 2017-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-09-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1016384 2017-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [590880 2017-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [199312 2017-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [361336 2017-09-02] (AVAST Software)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] ()
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2013-12-18] (Audials AG)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-11 17:49 - 2017-09-11 17:49 - 000000000 ____D C:\Users\VacKor\Desktop\FRST-OlderVersion
2017-09-11 17:42 - 2017-09-11 17:42 - 000003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4161623063-1077891321-1027309549-1000
2017-09-10 21:21 - 2017-09-11 17:42 - 000003208 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4161623063-1077891321-1027309549-1000
2017-09-10 21:11 - 2017-09-10 21:15 - 000000000 ____D C:\AdwCleaner
2017-09-10 20:43 - 2017-09-10 20:44 - 008182736 _____ (Malwarebytes) C:\Users\VacKor\Desktop\adwcleaner_7.0.2.1.exe
2017-09-10 19:11 - 2017-09-10 19:13 - 000041352 _____ C:\Users\VacKor\Desktop\Addition.txt
2017-09-10 19:10 - 2017-09-11 17:50 - 000020211 _____ C:\Users\VacKor\Desktop\FRST.txt
2017-09-10 19:04 - 2017-09-11 17:49 - 002396672 _____ (Farbar) C:\Users\VacKor\Desktop\FRST64.exe
2017-09-10 08:27 - 2017-09-10 08:27 - 000000000 ____D C:\Users\VacKor\AppData\Local\{58FFC384-2492-4AF6-AE71-97E7A2B43A81}
2017-09-09 19:20 - 2017-09-09 19:20 - 000000000 ____D C:\Users\VacKor\AppData\Local\{01241273-3B59-44F1-9F2E-31D6D0D5B35E}
2017-09-09 07:19 - 2017-09-09 07:19 - 000000000 ____D C:\Users\VacKor\AppData\Local\{BA6DC10F-6ED2-450D-A180-215D2D369C84}
2017-09-08 13:45 - 2017-09-08 13:45 - 000000000 ____D C:\Users\VacKor\AppData\Local\{DF1ED6D1-931C-4FF8-A305-9C38DA6BA350}
2017-09-07 16:53 - 2017-09-07 16:53 - 000000000 ____D C:\Users\VacKor\AppData\Local\{7F286DD5-9BDF-4FB6-AFB1-202EAE86F1DF}
2017-09-06 18:08 - 2017-09-06 18:08 - 000000000 ____D C:\Users\VacKor\AppData\Local\{FB1DABFD-890C-432C-9B3D-4E36A3E60D2F}
2017-09-05 17:55 - 2017-09-05 17:55 - 000000000 ____D C:\Users\VacKor\AppData\Local\{2464B831-18AF-4033-8843-E254DDEAEEDA}
2017-09-04 17:53 - 2017-09-04 17:53 - 000000000 ____D C:\Users\VacKor\AppData\Local\{8EC0B6BE-65C4-43FB-A2CB-08D892D70C81}
2017-09-03 19:59 - 2017-09-03 19:59 - 000000000 ____D C:\Users\VacKor\AppData\Local\{C0D03744-E3FD-4211-8088-5E8EB558E7CB}
2017-09-03 07:58 - 2017-09-03 07:58 - 000000000 ____D C:\Users\VacKor\AppData\Local\{B67C2A7B-FC83-4067-87D6-A2B0BDC00D44}
2017-09-02 19:49 - 2017-09-02 19:49 - 000000000 ____D C:\Users\VacKor\AppData\Local\{F541AB4A-380C-4AD4-91D4-C3896B54A497}
2017-09-02 11:26 - 2017-09-02 11:24 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-09-02 10:37 - 2017-09-02 10:37 - 000001246 _____ C:\Users\VacKor\.recently-used.xbel
2017-09-02 07:48 - 2017-09-02 07:48 - 000000000 ____D C:\Users\VacKor\AppData\Local\{BD4FE36A-EB07-4605-9BCA-948C99D16321}
2017-09-01 16:48 - 2017-09-01 16:48 - 000000000 ____D C:\Users\VacKor\AppData\Local\{9F538F49-F20D-4724-B58D-C71CDA222F3A}
2017-08-31 16:57 - 2017-08-31 16:57 - 000000000 ____D C:\Users\VacKor\AppData\Local\{43A30A50-AA36-47DC-805F-DB1C22E5BFE3}
2017-08-30 17:54 - 2017-08-30 17:54 - 000000000 ____D C:\Users\VacKor\AppData\Local\{FD094CA6-F2C3-46F3-86CA-B65FCCB726CE}
2017-08-29 17:55 - 2017-08-29 17:55 - 000000000 ____D C:\Users\VacKor\AppData\Local\{96BBDF14-635B-433A-951A-9181B2D38306}
2017-08-28 17:51 - 2017-08-28 17:51 - 000000000 ____D C:\Users\VacKor\AppData\Local\{70858BF2-AD37-45BC-B684-23CBBE420503}
2017-08-27 19:31 - 2017-08-27 19:31 - 000000000 ____D C:\Users\VacKor\AppData\Local\{7D2D3827-A016-4B98-86AE-B07AD23D7BFB}
2017-08-27 07:29 - 2017-08-27 07:29 - 000000000 ____D C:\Users\VacKor\AppData\Local\{CBF88BE7-6077-48AB-98AD-1F01C7D5C182}
2017-08-26 08:21 - 2017-08-26 14:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-26 08:18 - 2017-08-26 08:18 - 000000000 ____D C:\Users\VacKor\AppData\Local\{2A09A895-ABEC-4686-A926-DAB53EB2CDD1}
2017-08-25 20:05 - 2017-08-25 20:05 - 000000000 ____D C:\Users\VacKor\AppData\Local\{C41EBD05-3A6D-4225-9C3D-700B3B2FFE84}
2017-08-25 08:04 - 2017-08-25 08:04 - 000000000 ____D C:\Users\VacKor\AppData\Local\{9B31EB27-F9ED-40AC-AFCB-D4EE9DCE8E37}
2017-08-24 16:59 - 2017-08-24 16:59 - 000002172 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-08-24 16:58 - 2017-08-24 16:59 - 000002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-08-24 16:54 - 2017-08-24 16:54 - 000000000 ____D C:\Users\VacKor\AppData\Local\{0C425467-9D58-4E99-BD19-AE0735AB1189}
2017-08-23 20:57 - 2017-08-23 20:57 - 000000000 ____D C:\Users\VacKor\AppData\Local\{0B04A9BB-021A-47A3-9260-3F30FBFBE548}
2017-08-23 18:28 - 2017-08-23 18:54 - 1637903661 _____ C:\Users\VacKor\Downloads\Strážci vesmíru.mkv
2017-08-22 18:57 - 2017-08-22 18:57 - 000000000 ____D C:\Users\VacKor\AppData\Local\{D4D863B1-0ECA-4D91-A853-B4BB979A2368}
2017-08-21 20:24 - 2017-08-21 20:24 - 000047583 _____ C:\Users\VacKor\Downloads\Pohyb_14400852120_na_uctu_2001033807.pdf
2017-08-21 20:04 - 2017-08-21 20:04 - 000047551 _____ C:\Users\VacKor\Downloads\Pohyb_14402154528_na_uctu_2001033807.pdf
2017-08-21 20:04 - 2017-08-21 20:04 - 000047551 _____ C:\Users\VacKor\Downloads\Pohyb_14402154528_na_uctu_2001033807 (1).pdf
2017-08-21 17:50 - 2017-08-21 17:50 - 000000000 ____D C:\Users\VacKor\AppData\Local\{44E14A94-63F5-446A-AB90-0035CA454673}
2017-08-20 22:31 - 2017-08-20 22:31 - 000000000 ____D C:\Users\VacKor\AppData\Local\{1CE639DC-8783-4A06-A463-CB9CEA669FB2}
2017-08-17 17:35 - 2017-08-17 17:35 - 000000000 ____D C:\Users\VacKor\AppData\Local\{16159D57-C4BA-4A8D-BB4D-9609B872587D}
2017-08-16 18:01 - 2017-08-16 18:01 - 000000000 ____D C:\Users\VacKor\AppData\Local\{034EFC17-DBDE-4C01-A89A-CDF32FAB5644}
2017-08-15 20:31 - 2017-08-15 20:31 - 000000000 ____D C:\Users\VacKor\AppData\Local\{A27ADAFC-472D-4812-A8A6-18D6F4143971}
2017-08-15 08:15 - 2017-08-15 08:15 - 000000000 ____D C:\Users\VacKor\AppData\Local\{CA90DDC9-92A8-401B-876B-BE82651F8323}
2017-08-14 18:54 - 2017-08-14 18:54 - 000000000 ____D C:\Users\VacKor\AppData\Local\{39B1E838-5AD9-4751-B326-776691E3FA25}
2017-08-13 23:37 - 2017-08-13 23:37 - 000000000 ____D C:\Users\VacKor\AppData\Local\{C587A856-EA24-4F4E-88EF-0120FCA3E3D8}
2017-08-13 09:58 - 2017-08-13 09:58 - 000000000 ____D C:\Users\VacKor\AppData\Local\{C4DA96E3-17F9-4E98-8A12-11CBB825DD08}
2017-08-12 19:51 - 2017-08-12 19:51 - 000000000 ____D C:\Users\VacKor\AppData\Local\{C4C5E051-18B2-4E03-B2AF-E5D956F22A2C}
2017-08-12 07:31 - 2017-08-12 07:31 - 000000000 ____D C:\Users\VacKor\AppData\Local\{1D0F9BEA-8E11-4A2D-90A4-D16AABFCAFB8}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-11 17:49 - 2014-06-01 08:50 - 000000000 ____D C:\FRST
2017-09-11 17:41 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-10 21:31 - 2016-11-18 20:16 - 000000000 ____D C:\Users\VacKor\AppData\LocalLow\Mozilla
2017-09-10 21:27 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-10 21:27 - 2009-07-14 06:45 - 000029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-10 21:15 - 2014-02-13 21:44 - 000000000 ____D C:\ProgramData\IObit
2017-09-10 21:11 - 2014-01-09 23:22 - 000000000 ____D C:\Down
2017-09-10 18:39 - 2014-05-17 10:50 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-10 18:26 - 2011-07-10 13:42 - 000000000 ____D C:\ProgramData\Adobe
2017-09-10 18:26 - 2011-07-08 22:51 - 000000000 ____D C:\Users\VacKor\AppData\Roaming\Adobe
2017-09-10 18:17 - 2011-07-10 16:38 - 000000000 ____D C:\Users\VacKor\AppData\Roaming\Skype
2017-09-07 21:46 - 2011-07-10 09:47 - 000000000 ____D C:\Users\VacKor\AppData\Roaming\vlc
2017-09-05 17:58 - 2011-07-10 16:37 - 000000000 ____D C:\ProgramData\Skype
2017-09-05 17:57 - 2015-12-07 09:02 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-02 21:53 - 2014-01-30 04:05 - 001559340 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-02 21:53 - 2011-04-12 10:34 - 000668882 _____ C:\Windows\system32\perfh005.dat
2017-09-02 21:53 - 2011-04-12 10:34 - 000141542 _____ C:\Windows\system32\perfc005.dat
2017-09-02 21:53 - 2009-07-14 07:13 - 001559340 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-02 21:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2017-09-02 11:58 - 2017-03-10 13:28 - 000003890 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1452257823
2017-09-02 11:28 - 2017-03-09 20:21 - 000003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-09-02 11:24 - 2014-04-26 20:19 - 000047016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-09-02 11:24 - 2014-01-01 15:26 - 000199312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-09-02 11:24 - 2013-03-05 18:39 - 000361336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-09-02 11:24 - 2013-03-05 18:39 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-09-02 11:24 - 2012-03-10 15:51 - 000110376 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-09-02 11:24 - 2011-07-18 13:19 - 000590880 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-09-02 11:24 - 2011-07-18 13:19 - 000147784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-09-02 11:22 - 2012-03-10 15:51 - 000041832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-09-02 11:22 - 2011-07-18 13:19 - 001016384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-09-02 11:21 - 2017-03-09 20:21 - 000343296 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-09-02 11:21 - 2017-03-09 20:21 - 000320528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-09-02 11:21 - 2017-03-09 20:21 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-09-02 11:21 - 2017-03-09 20:21 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-09-02 11:21 - 2016-02-28 11:40 - 000555072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-09-02 10:37 - 2011-07-08 22:23 - 000000000 ____D C:\Users\VacKor
2017-08-30 21:28 - 2015-11-08 21:27 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 17:58 - 2014-08-28 20:57 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-26 14:15 - 2012-04-26 18:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-24 16:58 - 2013-01-06 16:27 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-16 19:38 - 2016-04-06 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-16 19:37 - 2016-04-06 20:43 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-08-16 19:37 - 2013-11-16 10:23 - 000000000 ____D C:\Program Files (x86)\Java

==================== Files in the root of some directories =======

2011-07-10 19:43 - 2011-09-25 19:59 - 000007622 _____ () C:\Users\VacKor\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2017-04-21 14:36 - 2017-04-21 14:36 - 000739904 _____ (Oracle Corporation) C:\Users\VacKor\AppData\Local\Temp\jre-8u131-windows-au.exe
2017-07-21 19:14 - 2017-07-21 19:14 - 000739904 _____ (Oracle Corporation) C:\Users\VacKor\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-03-15 20:25 - 2017-03-15 20:25 - 014456872 _____ (Microsoft Corporation) C:\Users\VacKor\AppData\Local\Temp\vc_redist.x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-10 08:24

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: W7 možný Surrogate

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-4161623063-1077891321-1027309549-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
C:\Users\VacKor\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Wenzl
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 01 led 2016 11:34

Re: W7 možný Surrogate

#7 Příspěvek od Wenzl »

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017
Ran by VacKor (11-09-2017 19:14:46) Run:2
Running from C:\Users\VacKor\Desktop
Loaded Profiles: VacKor (Available Profiles: VacKor)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-4161623063-1077891321-1027309549-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
C:\Users\VacKor\AppData\Local\Temp

EmptyTemp:
End

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-4161623063-1077891321-1027309549-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key removed successfully
HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key removed successfully
HKLM\Software\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} => key not found.
C:\Program Files (x86)\Skype\Toolbars => moved successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype-ie-addon-data => key removed successfully
HKLM\Software\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key removed successfully
HKLM\Software\Wow6432Node\Classes\PROTOCOLS\Handler\skype-ie-addon-data => key not found.
HKLM\Software\Wow6432Node\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => key removed successfully
"C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx" => not found.

"C:\Users\VacKor\AppData\Local\Temp" folder move:

Could not move "C:\Users\VacKor\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8903593 B
Java, Flash, Steam htmlcache => 341521 B
Windows/system/drivers => 265444592 B
Edge => 0 B
Chrome => 441933937 B
Firefox => 408073288 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42361561 B
systemprofile32 => 82738 B
LocalService => 66228 B
NetworkService => 925332 B
VacKor => 1225811248 B

RecycleBin => 6602107649 B
EmptyTemp: => 8.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 11-09-2017 19:23:34)

C:\Users\VacKor\AppData\Local\Temp => moved successfully

==== End of Fixlog 19:23:53 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: W7 možný Surrogate

#8 Příspěvek od Rudy »

Smazáno, log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Wenzl
Návštěvník
Návštěvník
Příspěvky: 25
Registrován: 01 led 2016 11:34

Re: W7 možný Surrogate

#9 Příspěvek od Wenzl »

Moc děkuji za pomoc ! :thumbsup:
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118275
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: W7 možný Surrogate

#10 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“