Stránka 1 z 1

Prosím o kontrolu

Napsal: 24 kvě 2018 19:31
od ovninja
Dobrý den, prosím o kontrolu. Dnes jsem přeinstalovával win10, protože nějak nezvládly poslední aktualizaci. Vyskakuje mi reklamní okno se spuštěním prohlížeče. ad.fly


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Honza_2 (administrator) on NOTEBOOK-HONZA (24-05-2018 19:21:48)
Running from C:\Users\Honza_2\Desktop
Loaded Profiles: Honza_2 (Available Profiles: Honza_2)
Platform: Windows 10 Home Version 1803 17134.1 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8827.22055.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKU\S-1-5-21-538745971-288609474-2457639092-1003\...\RunOnce: [Uninstall 17.3.6816.0313\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Honza_2\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64"
HKU\S-1-5-21-538745971-288609474-2457639092-1003\...\RunOnce: [Uninstall 17.3.6816.0313] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Honza_2\AppData\Local\Microsoft\OneDrive\17.3.6816.0313"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update steam.bat [2017-07-27] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d9aa622b-5b26-4fcf-9a11-e00cd8353ced}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default [2018-05-24]
CHR Extension: (Prezentace) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-24]
CHR Extension: (Dokumenty) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-24]
CHR Extension: (Disk Google) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-05-24]
CHR Extension: (YouTube) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-05-24]
CHR Extension: (Tabulky) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-24]
CHR Extension: (Disconnect) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2018-05-24]
CHR Extension: (Grammarly for Chrome) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-05-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-24]
CHR Extension: (Gmail) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-05-24]
CHR Extension: (Chrome Media Router) - C:\Users\Honza_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-24 19:34 - 2018-05-24 18:48 - 000000000 ____D C:\Windows.old
2018-05-24 19:21 - 2018-05-24 19:22 - 000006673 _____ C:\Users\Honza_2\Desktop\FRST.txt
2018-05-24 19:19 - 2018-05-24 19:19 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-538745971-288609474-2457639092-1003
2018-05-24 19:14 - 2018-05-24 19:14 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2018-05-24 19:14 - 2018-05-24 18:34 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-24 19:10 - 2018-05-24 19:12 - 000000000 ____D C:\Users\Honza_2\AppData\Local\PackageStaging
2018-05-24 19:10 - 2018-05-24 19:10 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-24 19:08 - 2018-05-24 19:08 - 000000000 ____D C:\Program Files\Elantech
2018-05-24 19:07 - 2018-05-24 19:07 - 000000000 ____D C:\Users\Honza_2\AppData\Roaming\Google
2018-05-24 19:07 - 2018-05-24 19:07 - 000000000 ____D C:\Program Files (x86)\Intel
2018-05-24 19:07 - 2015-07-30 22:45 - 000072688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-24 19:07 - 2015-07-30 22:45 - 000069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-05-24 19:06 - 2018-05-24 19:06 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-05-24 19:06 - 2018-05-24 19:06 - 000000000 ____D C:\Program Files\Intel
2018-05-24 19:03 - 2018-05-24 19:03 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-24 19:03 - 2018-05-24 19:03 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-24 19:02 - 2018-05-24 19:11 - 000000000 ____D C:\Users\Honza_2\AppData\Local\Google
2018-05-24 19:02 - 2018-05-24 19:03 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-24 19:02 - 2018-05-24 19:02 - 000003472 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-24 19:02 - 2018-05-24 19:02 - 000003348 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-24 19:02 - 2018-05-24 19:02 - 000000000 ____D C:\Program Files\Common Files\Atheros
2018-05-24 19:01 - 2018-05-24 19:01 - 000000000 ____D C:\Users\Honza_2\AppData\Local\PlaceholderTileLogoFolder
2018-05-24 19:01 - 2018-05-24 19:01 - 000000000 ____D C:\Users\Honza_2\AppData\Local\Comms
2018-05-24 18:57 - 2018-05-24 19:01 - 000000000 ____D C:\Users\Honza_2\AppData\Local\MicrosoftEdge
2018-05-24 18:57 - 2018-05-24 18:57 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-24 18:56 - 2018-05-24 18:56 - 000001417 _____ C:\Users\Honza_2\Desktop\Microsoft Edge.lnk
2018-05-24 18:51 - 2018-05-24 18:51 - 000000000 ____D C:\Users\Honza_2\AppData\Local\Publishers
2018-05-24 18:50 - 2018-05-24 19:23 - 000000000 ____D C:\Users\Honza_2\AppData\Local\Packages
2018-05-24 18:50 - 2018-05-24 19:00 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-24 18:50 - 2018-05-24 18:50 - 000000000 ____D C:\Users\Honza_2\AppData\Roaming\Adobe
2018-05-24 18:50 - 2018-05-24 18:50 - 000000000 ____D C:\Users\Honza_2\AppData\Local\VirtualStore
2018-05-24 18:49 - 2018-05-24 19:21 - 001601516 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-24 18:49 - 2018-05-24 18:59 - 000000000 ____D C:\Users\Honza_2\AppData\Local\ConnectedDevicesPlatform
2018-05-24 18:49 - 2018-05-24 18:49 - 000000020 ___SH C:\Users\Honza_2\ntuser.ini
2018-05-24 18:48 - 2018-05-24 18:48 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2018-05-24 18:48 - 2018-05-24 18:48 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2018-05-24 18:48 - 2018-05-24 18:48 - 000000000 _SHDL C:\ProgramData\Šablony
2018-05-24 18:48 - 2018-05-24 18:48 - 000000000 _SHDL C:\ProgramData\Plocha
2018-05-24 18:48 - 2018-05-24 18:48 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2018-05-24 18:48 - 2018-05-24 18:48 - 000000000 _SHDL C:\ProgramData\Dokumenty
2018-05-24 18:48 - 2018-05-24 18:48 - 000000000 _SHDL C:\ProgramData\Data aplikací
2018-05-24 18:47 - 2018-05-24 19:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-24 18:47 - 2018-05-24 18:47 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-05-24 18:47 - 2018-05-24 18:47 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-05-24 18:47 - 2018-05-24 18:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-24 18:42 - 2018-05-24 19:19 - 000002397 _____ C:\Users\Honza_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-24 18:42 - 2018-05-24 18:50 - 000000000 ____D C:\Users\Honza_2
2018-05-24 18:42 - 2018-05-24 18:48 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Šablony
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Soubory cookie
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Poslední
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Okolní tiskárny
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Okolní síť
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Nabídka Start
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Dokumenty
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Documents\Obrázky
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Documents\Hudba
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Documents\Filmy
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\Data aplikací
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2018-05-24 18:42 - 2018-05-24 18:42 - 000000000 _SHDL C:\Users\Honza_2\AppData\Local\Data aplikací
2018-05-24 18:42 - 2017-08-21 17:05 - 000000153 _____ C:\Users\Honza_2\BullseyeCoverageError.txt
2018-05-24 18:38 - 2018-05-24 18:38 - 000000000 ____D C:\ProgramData\USOShared
2018-05-24 18:38 - 2018-04-12 01:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-24 18:36 - 2018-05-24 18:36 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-05-24 18:34 - 2018-05-24 18:44 - 000234120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-24 18:34 - 2018-05-24 18:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-24 16:06 - 2018-05-24 16:06 - 000000000 ___HD C:\$SysReset
2018-05-24 15:21 - 2018-05-24 16:07 - 000000000 _____ C:\Recovery.txt
2018-05-23 10:11 - 2018-05-23 10:11 - 000000000 ___HD C:\$AV_ASW
2018-05-23 10:02 - 2017-08-21 17:05 - 000000153 _____ C:\Users\Honza_2\BullseyeCoverageError (1).txt
2018-05-21 21:50 - 2018-05-21 21:51 - 002997200 _____ C:\Users\Honza_2\Downloads\SecurityTaskManager_Setup.exe
2018-05-21 20:49 - 2018-05-21 20:49 - 000000812 _____ C:\Users\Honza_2\Documents\cc_20180521_194900.reg
2018-05-21 20:43 - 2018-05-21 20:43 - 000014440 _____ C:\Users\Honza_2\Documents\cc_20180521_194313.reg
2018-05-21 20:38 - 2018-05-24 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-21 20:37 - 2018-05-21 20:37 - 015813432 _____ (Piriform Ltd) C:\Users\Honza_2\Downloads\ccsetup542.exe
2018-05-20 13:52 - 2018-05-20 13:52 - 000135439 _____ C:\Users\Honza_2\Downloads\Vypis_ctvrtletni31.3.2018.pdf
2018-05-11 10:48 - 2018-05-11 10:48 - 075746616 _____ (Exodus Movement Inc) C:\Users\Honza_2\Downloads\exodus-windows-x64-1.51.0.exe
2018-05-02 13:54 - 2018-05-02 13:54 - 000278517 _____ C:\Users\Honza_2\Downloads\Statement 06-APR-18 AC 33246019.PDF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-24 19:34 - 2018-04-12 01:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-24 19:34 - 2018-04-12 01:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-24 19:34 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-24 19:34 - 2017-08-24 23:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-05-24 19:34 - 2017-07-21 17:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-05-24 19:21 - 2018-04-12 17:50 - 000681858 _____ C:\WINDOWS\system32\perfh005.dat
2018-05-24 19:21 - 2018-04-12 17:50 - 000136754 _____ C:\WINDOWS\system32\perfc005.dat
2018-05-24 19:21 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-24 19:21 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-24 19:21 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-24 19:21 - 2017-06-20 02:40 - 000000000 ____D C:\Users\Honza_2\Desktop\FRST-OlderVersion
2018-05-24 19:21 - 2017-06-09 20:42 - 000000000 ____D C:\FRST
2018-05-24 19:21 - 2017-06-09 20:41 - 002413056 _____ (Farbar) C:\Users\Honza_2\Desktop\FRST64.exe
2018-05-24 19:21 - 2017-06-09 00:50 - 000000000 ____D C:\AdwCleaner
2018-05-24 19:21 - 2015-09-02 22:48 - 000000000 ___RD C:\Users\Honza_2\OneDrive
2018-05-24 19:15 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-24 19:15 - 2014-08-12 14:08 - 000000000 __SHD C:\Users\Honza_2\IntelGraphicsProfiles
2018-05-24 19:14 - 2018-04-12 01:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-24 19:13 - 2018-04-11 23:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2018-05-24 18:50 - 2016-03-23 22:06 - 000000000 ___RD C:\Users\Honza_2\3D Objects
2018-05-24 18:48 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\windows nt
2018-05-24 18:47 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-24 18:46 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-24 18:43 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-05-24 18:38 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-24 18:37 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-05-24 18:37 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-24 16:29 - 2016-10-24 14:34 - 000000000 ____D C:\totalcmd
2018-05-23 10:03 - 2017-12-28 13:51 - 000000000 ____D C:\Users\Honza_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Exodus Movement Inc
2018-05-23 09:56 - 2017-12-10 18:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2018-05-14 22:49 - 2017-09-26 23:57 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-24 18:34

==================== End of FRST.txt ============================

Re: Prosím o kontrolu

Napsal: 24 kvě 2018 19:57
od Rudy
Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Re: Prosím o kontrolu

Napsal: 24 kvě 2018 20:25
od ovninja
Po restartu okno vyskočilo samo znovu


# AdwCleaner 7.0.4.0 - Logfile created on Thu May 24 18:19:40 2018
# Updated on 2017/27/10 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [4534 B] - [2017/6/8 22:54:33]
C:/AdwCleaner/AdwCleaner[C1].txt - [1487 B] - [2017/11/7 15:13:37]
C:/AdwCleaner/AdwCleaner[S0].txt - [5552 B] - [2017/6/8 22:52:38]
C:/AdwCleaner/AdwCleaner[S1].txt - [1519 B] - [2017/6/20 0:40:34]
C:/AdwCleaner/AdwCleaner[S2].txt - [1146 B] - [2017/8/24 20:55:5]
C:/AdwCleaner/AdwCleaner[S3].txt - [1337 B] - [2017/11/7 15:12:0]
C:/AdwCleaner/AdwCleaner[S4].txt - [1348 B] - [2017/12/2 22:25:35]
C:/AdwCleaner/AdwCleaner[S5].txt - [1416 B] - [2018/2/28 6:51:1]
C:/AdwCleaner/AdwCleaner[S6].txt - [1482 B] - [2018/5/24 17:21:3]
C:/AdwCleaner/AdwCleaner[S7].txt - [1549 B] - [2018/5/24 18:18:36]


########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########

Re: Prosím o kontrolu

Napsal: 24 kvě 2018 21:01
od Rudy
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Prosím o kontrolu

Napsal: 24 kvě 2018 21:12
od ovninja
Na startu i v prohlížeči zatím klid


Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Honza_2 (24-05-2018 21:07:44) Run:2
Running from C:\Users\Honza_2\Desktop
Loaded Profiles: Honza_2 (Available Profiles: Honza_2)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

EmptyTemp:
End
*****************

Processes closed successfully.
C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15891554 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 28076 B
Edge => 9100066 B
Chrome => 127480402 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1862 B
LocalService => 0 B
NetworkService => 908 B
NetworkService => 0 B
Honza_2 => 36008902 B

RecycleBin => 0 B
EmptyTemp: => 185.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:07:55 ====

Re: Prosím o kontrolu

Napsal: 24 kvě 2018 21:14
od ovninja
Pokud je vyřešeno, tak moc děkuji

Re: Prosím o kontrolu

Napsal: 25 kvě 2018 09:20
od Rudy
Z mé starny vše, pokud se ad.fly již neobjevuje. V opačném případě vyčistíme prohlížeče.