explorer - vyskakovaci okna
Napsal: 23 úno 2018 21:30
dobry den,
na jednom firemnim PC ma kolega problém s vyskakovacími okny. Prikladam log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.02.2018
Ran by DD (administrator) on DD-PC (23-02-2018 21:22:40)
Running from C:\Users\DD\Desktop
Loaded Profiles: DD (Available Profiles: DD)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(forum.viry.cz) C:\Users\DD\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTracking] => "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Users\W\AppData\Roaming\Microsoft\wgaabjtf\bbbbbbbb.exe [289280 2014-04-15] ()
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {026bfc4a-155f-11e7-9cd1-00219b41bed2} - E:\Startme.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {ed2524cd-4450-11e7-ada3-00219b41bed2} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-01-09]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 77.236.192.130
Tcpip\..\Interfaces\{B49B0752-B0C2-413E-9396-1CBD01643D87}: [DhcpNameServer] 8.8.8.8 77.236.192.130
ManualProxies: 0hxxp://web-quick.com/wpad.dat?d237324aa363cadab7cc6569550bd09136767860
Internet Explorer:
==================
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> DefaultScope {20AB443D-4725-4468-8421-390C3683039A} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {A6D5F998-18F9-473B-B930-4006E4F71A7B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&s ... utEncoding?}
CHR Profile: C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default [2018-02-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-03]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-09-20] (Macrovision Europe Ltd.) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
R2 HPSLPSVC; C:\Users\DD\AppData\Local\Temp\7zS17B2\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.) <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2013-05-16] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WorkshopDBService; C:\Program Files\Vivid WorkshopData ATI\WorkshopDBServer.exe [114688 2017-06-14] (Acresso) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-08-28] (Disc Soft Ltd)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-29] (Intel Corporation)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2012-11-08] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [21638 2008-08-22] () [File not signed]
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2014-06-06] (TeamViewer GmbH)
S3 eapihdrv; \??\C:\Users\W\AppData\Local\Temp\ehdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-23 21:22 - 2018-02-23 21:24 - 000017755 _____ C:\Users\DD\Desktop\FRST.txt
2018-02-23 21:22 - 2018-02-23 21:22 - 000000000 ____D C:\FRST
2018-02-23 21:20 - 2018-02-23 21:20 - 001763328 _____ (Farbar) C:\Users\DD\Desktop\FRST.exe
2018-02-23 21:18 - 2018-02-23 21:18 - 000112640 _____ (forum.viry.cz) C:\Users\DD\Desktop\FRSTLauncher.exe
2018-02-23 21:05 - 2018-02-23 21:05 - 000111068 _____ C:\Users\DD\Documents\cc_20180223_210456.reg
2018-02-23 20:55 - 2018-02-23 20:55 - 011217088 _____ (Piriform Ltd) C:\Users\DD\Downloads\ccsetup540pro.exe
2018-02-23 12:50 - 2018-02-23 21:09 - 000000000 ____D C:\AdwCleaner
2018-02-23 12:16 - 2018-02-23 12:17 - 008222496 _____ (Malwarebytes) C:\Users\DD\Desktop\adwcleaner_7.0.8.0.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-23 21:20 - 2009-07-14 05:34 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-23 21:20 - 2009-07-14 05:34 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-23 21:11 - 2017-06-14 16:19 - 000000000 ____D C:\ProgramData\organiser
2018-02-23 21:10 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-23 21:09 - 2014-06-25 12:33 - 000000000 ____D C:\Program Files\TeamViewer
2018-02-23 20:58 - 2014-05-22 16:36 - 000000000 ____D C:\Users\DD\AppData\Local\CrashDumps
2018-02-23 20:58 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-02-23 20:56 - 2017-11-20 19:57 - 000000000 ____D C:\Program Files\CCleaner
2018-02-23 20:55 - 2017-11-20 19:57 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-23 20:52 - 2014-09-02 10:34 - 000000000 ____D C:\Users\DD\Documents\Soubory aplikace Outlook
2018-02-23 15:26 - 2016-10-20 10:36 - 000000000 ____D C:\Users\DD\Documents\_taxi
2018-02-22 15:50 - 2009-07-14 05:53 - 000032522 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-16 10:20 - 2016-07-22 13:17 - 000000000 ____D C:\Users\DD\Documents\__nove
2018-02-06 18:31 - 2014-04-14 13:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-02-06 18:31 - 2014-04-14 13:00 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-02-06 18:31 - 2014-04-14 13:00 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-05 11:49 - 2015-10-16 11:31 - 000000000 ____D C:\Users\DD\Documents\_pojistky
==================== Files in the root of some directories =======
2014-10-06 14:25 - 2006-11-01 11:05 - 000154424 _____ () C:\Users\DD\Volumeid.exe
2014-05-30 08:17 - 2014-05-30 08:17 - 000000089 _____ () C:\Users\DD\AppData\Local\fusioncache.dat
2014-05-07 17:16 - 2015-05-22 15:45 - 000013030 _____ () C:\Users\DD\AppData\Local\PDOXUSRS.NET
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\DD\Desktop" je 56346 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
na jednom firemnim PC ma kolega problém s vyskakovacími okny. Prikladam log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.02.2018
Ran by DD (administrator) on DD-PC (23-02-2018 21:22:40)
Running from C:\Users\DD\Desktop
Loaded Profiles: DD (Available Profiles: DD)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(forum.viry.cz) C:\Users\DD\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTracking] => "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Users\W\AppData\Roaming\Microsoft\wgaabjtf\bbbbbbbb.exe [289280 2014-04-15] ()
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {026bfc4a-155f-11e7-9cd1-00219b41bed2} - E:\Startme.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {ed2524cd-4450-11e7-ada3-00219b41bed2} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-01-09]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 77.236.192.130
Tcpip\..\Interfaces\{B49B0752-B0C2-413E-9396-1CBD01643D87}: [DhcpNameServer] 8.8.8.8 77.236.192.130
ManualProxies: 0hxxp://web-quick.com/wpad.dat?d237324aa363cadab7cc6569550bd09136767860
Internet Explorer:
==================
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> DefaultScope {20AB443D-4725-4468-8421-390C3683039A} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {A6D5F998-18F9-473B-B930-4006E4F71A7B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&s ... utEncoding?}
CHR Profile: C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default [2018-02-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-03]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-09-20] (Macrovision Europe Ltd.) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
R2 HPSLPSVC; C:\Users\DD\AppData\Local\Temp\7zS17B2\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.) <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2013-05-16] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WorkshopDBService; C:\Program Files\Vivid WorkshopData ATI\WorkshopDBServer.exe [114688 2017-06-14] (Acresso) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-08-28] (Disc Soft Ltd)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-29] (Intel Corporation)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2012-11-08] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [21638 2008-08-22] () [File not signed]
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2014-06-06] (TeamViewer GmbH)
S3 eapihdrv; \??\C:\Users\W\AppData\Local\Temp\ehdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-23 21:22 - 2018-02-23 21:24 - 000017755 _____ C:\Users\DD\Desktop\FRST.txt
2018-02-23 21:22 - 2018-02-23 21:22 - 000000000 ____D C:\FRST
2018-02-23 21:20 - 2018-02-23 21:20 - 001763328 _____ (Farbar) C:\Users\DD\Desktop\FRST.exe
2018-02-23 21:18 - 2018-02-23 21:18 - 000112640 _____ (forum.viry.cz) C:\Users\DD\Desktop\FRSTLauncher.exe
2018-02-23 21:05 - 2018-02-23 21:05 - 000111068 _____ C:\Users\DD\Documents\cc_20180223_210456.reg
2018-02-23 20:55 - 2018-02-23 20:55 - 011217088 _____ (Piriform Ltd) C:\Users\DD\Downloads\ccsetup540pro.exe
2018-02-23 12:50 - 2018-02-23 21:09 - 000000000 ____D C:\AdwCleaner
2018-02-23 12:16 - 2018-02-23 12:17 - 008222496 _____ (Malwarebytes) C:\Users\DD\Desktop\adwcleaner_7.0.8.0.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-23 21:20 - 2009-07-14 05:34 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-23 21:20 - 2009-07-14 05:34 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-23 21:11 - 2017-06-14 16:19 - 000000000 ____D C:\ProgramData\organiser
2018-02-23 21:10 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-23 21:09 - 2014-06-25 12:33 - 000000000 ____D C:\Program Files\TeamViewer
2018-02-23 20:58 - 2014-05-22 16:36 - 000000000 ____D C:\Users\DD\AppData\Local\CrashDumps
2018-02-23 20:58 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-02-23 20:56 - 2017-11-20 19:57 - 000000000 ____D C:\Program Files\CCleaner
2018-02-23 20:55 - 2017-11-20 19:57 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-23 20:52 - 2014-09-02 10:34 - 000000000 ____D C:\Users\DD\Documents\Soubory aplikace Outlook
2018-02-23 15:26 - 2016-10-20 10:36 - 000000000 ____D C:\Users\DD\Documents\_taxi
2018-02-22 15:50 - 2009-07-14 05:53 - 000032522 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-16 10:20 - 2016-07-22 13:17 - 000000000 ____D C:\Users\DD\Documents\__nove
2018-02-06 18:31 - 2014-04-14 13:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-02-06 18:31 - 2014-04-14 13:00 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-02-06 18:31 - 2014-04-14 13:00 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-05 11:49 - 2015-10-16 11:31 - 000000000 ____D C:\Users\DD\Documents\_pojistky
==================== Files in the root of some directories =======
2014-10-06 14:25 - 2006-11-01 11:05 - 000154424 _____ () C:\Users\DD\Volumeid.exe
2014-05-30 08:17 - 2014-05-30 08:17 - 000000089 _____ () C:\Users\DD\AppData\Local\fusioncache.dat
2014-05-07 17:16 - 2015-05-22 15:45 - 000013030 _____ () C:\Users\DD\AppData\Local\PDOXUSRS.NET
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\DD\Desktop" je 56346 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================