Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivní kontrola

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
cunik.cz
Návštěvník
Návštěvník
Příspěvky: 275
Registrován: 13 kvě 2017 10:33

Preventivní kontrola

#1 Příspěvek od cunik.cz »

Ahoj, vkládám log z HJT protože jsem ho měl zrovna po ruce a chtěl bych si jenom ověřit jestli je to bezpečné. Přes PC se totiž platí tak chci mít jistotu.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:27:09, on 11.9.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.19104)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Mamak\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /SF3
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avuirunnerx.exe" C:\Program Files\AVG\AVG2015\avgui.exe
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35P1HJ9Y05Y8:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 3510 series (Síť).lnk = ?
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe

--
End of file - 7187 bytes
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15214
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Preventivní kontrola

#2 Příspěvek od JaRon »

ahoj,
HJT sa pouzivalo cca pred 10 rokmi
na zaciatok doporucujem MSIE11 a dostupne aktualizacie OS :)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
cunik.cz
Návštěvník
Návštěvník
Příspěvky: 275
Registrován: 13 kvě 2017 10:33

Re: Preventivní kontrola

#3 Příspěvek od cunik.cz »

Tak dnes jsem se konečně dostal k notebooku a protože jsem zaregistroval že mám ve stolním PC nějaký sprasky tak jsem chtěl zeptat jestli se to nerozšířilo po síti. Vím že tohle dělají červi ale sám nevím co jsem tam měl :D.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-09-2017 01
Ran by Mamak (administrator) on MAMAK-PC (15-09-2017 19:21:08)
Running from C:\Users\Mamak\Desktop
Loaded Profiles: Mamak (Available Profiles: Mamak)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files\ASUS\Sonic Focus\SonicFocusTray.exe
(Alcor Micro Corp.) C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [14688512 2015-11-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1028352 2015-11-20] (Realtek Semiconductor)
HKLM\...\Run: [SonicMasterTray] => C:\Program Files\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM\...\Run: [AmIcoSinglun] => C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe [258048 2015-08-01] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2262312 2015-08-01] (Synaptics Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3820440 2016-04-21] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [83240 2015-08-01] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-2361900770-3653326983-491238209-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKU\S-1-5-21-2361900770-3653326983-491238209-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2361900770-3653326983-491238209-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [27815896 2017-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2361900770-3653326983-491238209-1000\...\MountPoints2: {f04f5784-588e-11e5-979d-c8600017baf1} - G:\start.exe ar
HKU\S-1-5-21-2361900770-3653326983-491238209-1000\...\MountPoints2: {fd6fa129-825e-11e5-9fe4-c8600017baf1} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-02-20] (Microsoft Corporation)
Startup: C:\Users\Mamak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 3510 series (Síť).lnk [2017-09-15]
ShortcutTarget: Sledovat výstrahy inkoustu - HP Deskjet 3510 series (Síť).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{355AF416-0B0A-403C-9094-A31033DB87E2}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{94E31FAD-5791-48B7-A868-F4EE4D358C53}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
HKU\S-1-5-21-2361900770-3653326983-491238209-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2361900770-3653326983-491238209-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={1024F4E7-0500-43F8-AF75-58AFA23AC02F}&mid=e2e63c796e9047cd873b192946f35302-b2deddffcc56c78750baf3582f84ee404d649d37&lang=cs&ds=AVG&coid=avgtbavg&cmpid=0616avi&pr=fr&d=2016-06-29 06:10:28&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-11] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-11] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-11] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2361900770-3653326983-491238209-1000: @kb-ext.cz/PKIComponent -> C:\Users\Mamak\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [1749-10-20] (Komerční banka, a.s.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-01-29]
CHR Profile: C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-15]
CHR Extension: (Prezentace Google) - C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-29]
CHR Extension: (Dokumenty Google) - C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-29]
CHR Extension: (Disk Google) - C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-29]
CHR Extension: (YouTube) - C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-29]
CHR Extension: (Tabulky Google) - C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-29]
CHR Extension: (Dokumenty Google offline) - C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-29]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Gmail) - C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-29]
CHR Extension: (Chrome Media Router) - C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-28]
CHR Profile: C:\Users\Mamak\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-29]
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2361900770-3653326983-491238209-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1563648 2016-04-21] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3647384 2016-04-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [336152 2016-04-21] (AVG Technologies CZ, s.r.o.)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [46680 2015-08-01] (Alcor Micro, Corp.)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [101352 2011-06-02] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [317416 2011-06-02] (ASMedia Technology Inc)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2241024 2012-11-26] (Qualcomm Atheros Communications, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [68032 2015-07-09] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [252336 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [223152 2016-01-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [234416 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [193456 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2015-09-11] (DT Soft Ltd)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2015-11-03] (REALiX(tm))
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-15 19:21 - 2017-09-15 19:21 - 000013170 _____ C:\Users\Mamak\Desktop\FRST.txt
2017-09-15 19:18 - 2017-09-15 19:21 - 000000000 ____D C:\FRST
2017-09-15 19:17 - 2017-09-15 19:18 - 001794560 _____ (Farbar) C:\Users\Mamak\Desktop\FRST.exe
2017-09-11 18:09 - 2017-09-11 18:09 - 000000000 ____D C:\Program Files\Common Files\Java
2017-09-11 18:05 - 2017-09-11 18:05 - 000000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-15 19:18 - 2015-08-01 23:10 - 000000000 ____D C:\ProgramData\MFAData
2017-09-15 19:17 - 2015-08-01 23:30 - 000000000 ____D C:\Users\Mamak\AppData\Roaming\Skype
2017-09-15 19:13 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-14 17:21 - 2009-07-14 06:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-14 17:21 - 2009-07-14 06:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-11 18:16 - 2015-08-01 23:01 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-11 18:16 - 2015-08-01 23:01 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-11 18:11 - 2015-08-01 23:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-11 18:11 - 2015-08-01 23:51 - 000000000 ____D C:\Program Files\Java
2017-09-11 18:08 - 2015-08-01 23:52 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-09-11 18:05 - 2015-08-01 23:29 - 000000000 ____D C:\ProgramData\Skype
2017-09-11 18:00 - 2015-11-03 21:37 - 000000000 ____D C:\ProgramData\ProductData

==================== Files in the root of some directories =======

2017-01-29 18:29 - 2017-01-29 18:29 - 000007602 _____ () C:\Users\Mamak\AppData\Local\Resmon.ResmonCfg
2015-12-12 13:38 - 2015-12-12 13:38 - 000000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2015-12-04 16:52 - 2015-06-14 21:38 - 000047928 _____ () C:\Users\Mamak\AppData\Local\Temp\ACLMInstaller.exe
2017-01-29 18:24 - 2017-01-29 18:24 - 000739904 _____ (Oracle Corporation) C:\Users\Mamak\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-09-11 18:05 - 2017-09-11 18:05 - 000740416 _____ (Oracle Corporation) C:\Users\Mamak\AppData\Local\Temp\jre-8u144-windows-au.exe
2015-09-12 10:43 - 2015-09-12 10:43 - 000585824 _____ (Oracle Corporation) C:\Users\Mamak\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-11-20 16:32 - 2015-11-20 16:32 - 000585824 _____ (Oracle Corporation) C:\Users\Mamak\AppData\Local\Temp\jre-8u66-windows-au.exe
2015-09-03 17:14 - 2015-09-03 17:14 - 000043520 ____N () C:\Users\Mamak\AppData\Local\Temp\proxy_vole4811058526189653192.dll
2016-05-22 08:30 - 2017-01-29 18:20 - 043918808 _____ (Skype Technologies S.A.) C:\Users\Mamak\AppData\Local\Temp\SkypeSetup.exe
2015-08-01 23:48 - 2016-11-30 17:47 - 004696960 _____ (PS Media s.r.o.) C:\Users\Mamak\AppData\Local\Temp\ssins.exe
2015-08-01 23:48 - 2015-08-01 23:48 - 001945832 _____ () C:\Users\Mamak\AppData\Local\Temp\wrar521cz.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-09 23:09

==================== End of FRST.txt ============================
Nahoru
cunik.cz
Návštěvník
Návštěvník
Příspěvky: 275
Registrován: 13 kvě 2017 10:33

Re: Preventivní kontrola

#4 Příspěvek od cunik.cz »

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-09-2017 01
Ran by Mamak (15-09-2017 19:22:02)
Running from C:\Users\Mamak\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-08-01 20:28:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2361900770-3653326983-491238209-500 - Administrator - Disabled)
Guest (S-1-5-21-2361900770-3653326983-491238209-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2361900770-3653326983-491238209-1002 - Limited - Enabled)
Mamak (S-1-5-21-2361900770-3653326983-491238209-1000 - Administrator - Enabled) => C:\Users\Mamak

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Alcor Micro USB Card Reader (HKLM\...\{4555BB9E-E715-4260-A178-E8EFD2B653E3}) (Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
AVG 2015 (HKLM\...\{62DF9376-A9FB-463A-9F26-63B9DF023DEB}) (Version: 15.0.6201 - AVG Technologies CZ, s.r.o.) Hidden
AVG 2015 (HKLM\...\{8523CA59-7283-4043-9113-3DB9620F09CD}) (Version: 15.0.4782 - AVG Technologies CZ, s.r.o.) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6201 - AVG Technologies CZ, s.r.o.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
K-Lite Codec Pack 11.3.6 Full (HKLM\...\KLiteCodecPack_is1) (Version: 11.3.6 - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
Skype™ 7.39 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Sonic Focus (HKLM\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2361900770-3653326983-491238209-1000_Classes\CLSID\{be328dbe-9f5b-407f-BAFF-827fc6db1aa4}\InprocServer32 -> C:\Users\Mamak\AppData\Roaming\KB-ext\lib\x86\PKIComponentAX-kbext.dll (Komerční banka, a.s.)
ContextMenuHandlers1: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\AVG2015\avgse.dll [2016-04-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-08-01] (Intel Corporation)
ContextMenuHandlers6: [AVG Shell Extension] -> {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} => C:\Program Files\AVG\AVG2015\avgse.dll [2016-04-21] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07EE33E3-7455-4095-8ED1-B310BDEEFCC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-01] (Google Inc.)
Task: {186A6E8E-60B5-4C05-B60F-92A60C323264} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {276BF40B-B56B-449F-A6AC-39CCBCE73594} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {3E873700-C1E6-45F0-B434-43A8C82D4C6E} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {3E873700-C1E6-45F0-B434-43A8C82D4C6E} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {493B1496-F700-42FA-BB6C-CC42D0E8A517} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [2015-11-20] (Realtek Semiconductor)
Task: {7333BE83-9944-460E-8105-0D407F00B929} - System32\Tasks\{1556EEDC-FDA6-45CA-A6AA-E6CA89B8BA10} => C:\Windows\system32\pcalua.exe -a C:\Users\Mamak\AppData\Local\Temp\Temp1_Touchpad_Synaptics_Win7_32_Z15360.zip\Setup.exe <==== ATTENTION
Task: {7B3A6886-9967-4BF5-9CA7-70E0D60DC906} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2015-11-20] (Realtek Semiconductor)
Task: {8BB9815B-8ED2-4695-9DB9-10558EA91ECB} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {8BB9815B-8ED2-4695-9DB9-10558EA91ECB} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {9CE4B467-416F-455E-A275-023014A3BDE5} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [2015-11-20] (Realtek Semiconductor)
Task: {A2EE8C73-D00C-491D-8E39-D3B52BD9D4F1} - System32\Tasks\Driver Booster SkipUAC (Mamak) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {ACA1FC1E-AB08-4CFA-893E-A5915D522117} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {ACA1FC1E-AB08-4CFA-893E-A5915D522117} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {ACA1FC1E-AB08-4CFA-893E-A5915D522117} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)
Task: {AF402F0B-90E7-4183-82C3-3EA600C6CD6A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C0B479C7-548C-4C38-BCB0-9BE8B68D12F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-01] (Google Inc.)
Task: {C973AD75-85E8-4A6B-BC9D-B61785BACFD0} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {C973AD75-85E8-4A6B-BC9D-B61785BACFD0} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2015-12-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-09-16 11:38 - 2015-08-01 22:49 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2017-07-24 15:57 - 2017-07-24 15:57 - 001991640 ____R () C:\Program Files\Skype\Phone\skypert.dll
2017-09-11 18:16 - 2017-08-23 09:31 - 002881368 _____ () C:\Program Files\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-09-11 18:16 - 2017-08-23 09:31 - 000086360 _____ () C:\Program Files\Google\Chrome\Application\60.0.3112.113\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2361900770-3653326983-491238209-1000\...\mojebanka.cz -> hxxps://etrading.mojebanka.cz
IE trusted site: HKU\S-1-5-21-2361900770-3653326983-491238209-1000\...\mojeplatba.cz -> hxxps://www.mojeplatba.cz

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2361900770-3653326983-491238209-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mamak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8F4A9A56-C53A-4837-9E60-04C8899564E6}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{41C2F7E8-27C6-4A7D-A5D2-BB28DD53BE6E}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{62C87D60-AC3F-4D3B-ACD9-2FC6FBC00D14}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E0062FE8-5677-4EA4-B853-875358DA44B1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DF196567-AE70-4094-9DFF-EB4344192929}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{74DCEDE4-3C53-492B-A204-0601240CBDA2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{43A886B6-6FA0-43FA-A332-C84E66D3F4EA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{95685800-ECC9-4BDD-8695-6C42CE5CC19E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D554EB30-BD4F-4CE7-9216-EB3B0615B36B}] => (Allow) C:\Users\Mamak\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{8E732336-E994-4372-8EBC-D7E3D14B0F51}] => (Allow) C:\Users\Mamak\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{385AB2BF-F447-438D-B619-F24789742E7E}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{1B720FC7-87E9-423C-801D-B55690CDBA90}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5735DFB2-C39F-47E4-874E-3C96D4EC5B1A}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FE0C8F3F-9A69-4121-8615-FFA3A271C1CF}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{63288BB9-BFAE-46AA-83A4-0DC9C664199E}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{55F9ECE3-03D5-480F-BCE8-96C223FDBDBB}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{95E77D1A-12B4-4D7D-A3FE-E2E3066E3497}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{D85F5AC1-AB5C-4E88-B6D0-CB2EA262D403}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{3E59080E-C9A4-4CFB-BF90-84A6677732E7}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{14C6AE5F-A7E7-49DF-A103-2EF4305AFEC4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B7DF5B3F-03B5-4570-85FF-24FD82F6AACB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{822FB298-AC33-4610-892A-E4F10D6F4BBE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D606D3E6-CC5E-4BB1-846E-335C3DC3795B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{391A9759-C8E4-4B63-B52B-D7DAA9B100B5}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

02-10-2016 17:27:56 Naplánovaný kontrolní bod
06-11-2016 13:49:33 Naplánovaný kontrolní bod
09-01-2017 23:16:26 Naplánovaný kontrolní bod
29-06-2017 21:49:47 Before uninstalling Bing Bar
29-06-2017 21:58:40 Before uninstalling AVG Web TuneUp
28-07-2017 17:35:14 Before uninstalling TS Matematika 1 - 4 (plná instalace)
28-07-2017 17:45:49 Before uninstalling TS Český jazyk 4 (doporučená instalace)
28-07-2017 17:47:46 Before uninstalling TS Diktáty (plná instalace)
28-07-2017 17:49:41 Before uninstalling Zoner Photo Studio 17
28-07-2017 17:52:08 Before uninstalling Studie vylepšování produktu HP Deskjet 3510 series
28-07-2017 17:52:22 Installed HP Deskjet 3510 series Product Improvement Study
28-07-2017 18:02:16 Before uninstalling Sonic Focus
28-07-2017 18:02:31 Removed Sonic Focus.
28-07-2017 18:04:46 Before uninstalling HP Photo Creations
28-07-2017 18:07:13 Before uninstalling HP Update
28-07-2017 18:07:29 Removed HP Update.
28-07-2017 18:11:13 Before uninstalling Seznam Instalátor

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2017 05:15:45 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/11/2017 06:11:49 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (08/28/2017 04:59:17 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/28/2017 05:35:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {480c6541-9b6c-459b-971b-c5ec7fc1988b}

Error: (07/28/2017 05:21:58 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/29/2017 09:49:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {99e9e147-8a60-452c-8145-970774f9f224}

Error: (06/29/2017 09:46:15 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/14/2017 07:39:02 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/29/2017 11:16:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Skype.exe verze 7.33.0.105 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: a0

Čas spuštění: 01d2d8bf17c32321

Čas ukončení: 20

Cesta k aplikaci: C:\Program Files\Skype\Phone\Skype.exe

ID hlášení: 13853c59-44b4-11e7-b52b-c8600017baf1

Error: (04/28/2017 07:36:45 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (09/15/2017 07:13:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba AVGIDSAgent ukončena s chybou %%-536753636, specifickou pro službu.

Error: (09/11/2017 08:09:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} se v daném časovém limitu neregistroval u služby DCOM.

Error: (09/11/2017 06:40:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/28/2017 06:37:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/28/2017 05:11:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba AVGIDSAgent ukončena s chybou %%-536753636, specifickou pro službu.

Error: (06/29/2017 10:39:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {3FCB7074-EC9E-4AAF-9BE3-C0E356942366} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/29/2017 10:39:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/29/2017 09:34:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba AVGIDSAgent ukončena s chybou %%-536753636, specifickou pro službu.

Error: (06/14/2017 07:28:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba AVGIDSAgent ukončena s chybou %%-536753636, specifickou pro službu.

Error: (05/29/2017 11:01:56 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba AVGIDSAgent ukončena s chybou %%-536753636, specifickou pro službu.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU B815 @ 1.60GHz
Percentage of memory in use: 57%
Total physical RAM: 1952.13 MB
Available physical RAM: 828.15 MB
Total Virtual: 3904.25 MB
Available Virtual: 2532.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:289.3 GB) (Free:239.21 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:8.79 GB) (Free:3.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7C12E647)
Partition 1: (Active) - (Size=289.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15214
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Preventivní kontrola

#5 Příspěvek od JaRon »

JaRon píše:ahoj,

na zaciatok doporucujem MSIE11 a dostupne aktualizacie OS :)
:!:
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
cunik.cz
Návštěvník
Návštěvník
Příspěvky: 275
Registrován: 13 kvě 2017 10:33

Re: Preventivní kontrola

#6 Příspěvek od cunik.cz »

Jo to aktualizuju a co ten log?
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15214
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Preventivní kontrola

#7 Příspěvek od JaRon »

Ako to, ze tam vidim MSIE 8 :???: ale vsak je to Tvoj pocitac ,,,
log v podstate Ok, preventivne prescanuj s MBAM
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
cunik.cz
Návštěvník
Návštěvník
Příspěvky: 275
Registrován: 13 kvě 2017 10:33

Re: Preventivní kontrola

#8 Příspěvek od cunik.cz »

Takže jestli to správně chápu tak MSIE je Microsoft Internet Explorer. Jinak log z HJT bych analyzoval sám kdyby na to jestli tam nějak extra nezáleželo. Ale přes PC se platí tak chci mít jistotu. A dle mých informací není Internet Explorer používán. Spíš Chrome.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“