Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu - zřejmě Virus v Boot sektoru

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Panta4546
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 21 led 2020 20:43

Prosím o kontrolu logu - zřejmě Virus v Boot sektoru

#1 Příspěvek od Panta4546 »

Dobrý den.

Prosím o kontrolu logu (Windows 10 Home 64 bit).

Pc se chová podivně. Vytvářejí se podivné skryté složky. Velké množství systémových chyb.

Děkuji.



FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2020
Ran by Stepa (administrator) on HWR-BEATZR (HP HP ENVY Notebook) (05-03-2020 12:04:14)
Running from C:\Users\Stepa\Desktop
Loaded Profiles: Stepa (Available Profiles: Stepa)
Platform: Windows 10 Home Version 1909 18363.592 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126576.inf_amd64_42623e9e7b07ec7e\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126576.inf_amd64_42623e9e7b07ec7e\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126576.inf_amd64_42623e9e7b07ec7e\IntelCpHDCPSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {CB89D64C-87A7-411D-B6CC-6CF1DCE3E894} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2020-03-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D03E5637-5383-49EF-A940-AA85FEBDFFB5} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent => {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} C:\Windows\System32\RDXTaskFactory.dll [415744 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
Task: {D3CA7365-3DA3-4881-8662-E5C59EA028E1} - System32\Tasks\AdwCleaner_onReboot => C:\Users\Stepa\Desktop\adwcleaner_8.0.3.exe [8199856 2020-03-05] (Malwarebytes Inc -> Malwarebytes)
Task: {D5936DB9-1F86-47C1-B12D-90E43CE8E0E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2020-03-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DA7413AB-9BDD-4C18-A580-F837418DB1BC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2020-03-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F3697379-44D0-482A-ABDD-A8CF8B692249} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2020-03-05] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{22a46fab-21c0-4a0c-ac85-018082f7db3a}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ba442618-8986-4659-99e4-34ff24c75ccb}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Handler: mk - a0;ImkTMTbQAWXZsgUEpO?_[cqQDNcNHdXVv!fWK - No File

Edge:
======
DownloadDir: C:\Users\Stepa\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-2539823547-3203320787-3523532562-1001 -> hxxps://www.google.com/

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\Windows\system32\Intel\DPTF\esif_uf.exe [2215168 2016-08-13] (Intel Corporation -> Intel Corporation)
R2 ibtsiva; C:\Windows\System32\ibtsiva.exe [529912 2018-12-21] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-05] (Malwarebytes Inc -> Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2016-12-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [100384 2016-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-03-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MsMpEng.exe [103168 2020-03-05] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [66624 2016-08-13] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [350272 2016-08-13] (Intel Corporation -> Intel Corporation)
R3 ibtusb; C:\Windows\System32\drivers\ibtusb.sys [207384 2018-07-06] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-03-05] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2020-03-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-03-05] (Malwarebytes Inc -> Malwarebytes)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [8720384 2019-08-27] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [43632 2020-03-05] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [787968 2017-02-09] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated)
R3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24576 2020-01-09] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-03-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [376544 2020-03-05] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2020-03-05] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [35392 2019-11-15] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-05 12:04 - 2020-03-05 12:04 - 000010642 _____ C:\Users\Stepa\Desktop\FRST.txt
2020-03-05 12:04 - 2020-03-05 12:04 - 000000000 ____D C:\FRST
2020-03-05 12:02 - 2020-03-05 12:02 - 002279424 _____ (Farbar) C:\Users\Stepa\Desktop\FRST64.exe
2020-03-05 11:57 - 2020-03-05 11:57 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-03-05 11:57 - 2020-03-05 11:57 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-03-05 11:57 - 2020-03-05 11:57 - 000003170 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2020-03-05 11:53 - 2020-03-05 11:57 - 001388448 _____ C:\Users\Public\ASR.dat
2020-03-05 11:36 - 2020-03-05 11:36 - 000388608 _____ (Trend Micro Inc.) C:\Users\Stepa\Desktop\hijackthis.exe
2020-03-05 11:24 - 2020-03-05 11:24 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-03-05 11:24 - 2020-03-05 11:24 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-03-05 11:24 - 2020-03-05 11:24 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-03-05 11:24 - 2020-03-05 11:24 - 000000000 ____D C:\Users\Stepa\AppData\Local\mbamtray
2020-03-05 11:24 - 2020-03-05 11:24 - 000000000 ____D C:\Users\Stepa\AppData\Local\mbam
2020-03-05 11:24 - 2020-03-05 11:24 - 000000000 ____D C:\Users\Stepa\AppData\Local\cache
2020-03-05 11:24 - 2020-03-05 11:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-03-05 11:24 - 2020-03-05 11:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-05 11:24 - 2020-03-05 11:24 - 000000000 ____D C:\Program Files\Malwarebytes
2020-03-05 11:23 - 2020-03-05 11:56 - 000000000 ____D C:\AdwCleaner
2020-03-05 11:23 - 2020-03-05 11:23 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2020-03-05 11:22 - 2020-03-05 11:53 - 000000000 ____D C:\Windows\pss
2020-03-05 11:22 - 2020-03-05 11:40 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2020-03-05 11:21 - 2020-03-05 11:21 - 008199856 _____ (Malwarebytes) C:\Users\Stepa\Desktop\adwcleaner_8.0.3.exe
2020-03-05 11:20 - 2020-03-05 11:20 - 001928352 _____ (Malwarebytes) C:\Users\Stepa\Downloads\MBSetup.exe
2020-03-05 11:18 - 2020-03-05 11:34 - 000000541 _____ C:\Users\Stepa\Documents\JRT.txt
2020-03-05 11:17 - 2020-03-05 11:17 - 001790024 _____ (Malwarebytes) C:\Users\Stepa\Desktop\JRT.exe
2020-03-05 11:04 - 2020-03-05 11:04 - 000001808 _____ C:\Users\Stepa\Downloads\malwarebytescom.crt
2020-03-05 11:03 - 2020-03-05 11:03 - 000001765 _____ C:\Users\Stepa\Downloads\bleepingcomputercom.crt
2020-03-05 11:02 - 2020-03-05 11:03 - 000000000 ____D C:\Windows\system32\MRT
2020-03-05 11:02 - 2020-03-05 11:02 - 120407888 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-03-05 10:35 - 2020-03-05 11:21 - 000000000 ____D C:\Users\Stepa\AppData\Local\D3DSCache
2020-03-05 09:48 - 2020-03-05 09:48 - 000000000 ____D C:\Users\Stepa\AppData\Local\ElevatedDiagnostics
2020-03-05 09:40 - 2020-03-05 09:40 - 000000000 ____D C:\Users\Stepa\AppData\Roaming\Synaptics
2020-03-05 09:39 - 2020-03-05 09:39 - 000054713 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip
2020-03-05 09:39 - 2020-03-05 09:39 - 000002026 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bang & Olufsen.lnk
2020-03-05 09:39 - 2020-03-05 09:39 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2020-03-05 09:39 - 2020-03-05 09:39 - 000000000 ____D C:\Windows\system32\SRSLabs
2020-03-05 09:39 - 2020-03-05 09:39 - 000000000 ____D C:\ProgramData\SRS Labs
2020-03-05 09:39 - 2020-03-05 09:39 - 000000000 ____D C:\Program Files\Realtek
2020-03-05 09:38 - 2020-03-05 09:38 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2020-03-05 09:38 - 2020-03-05 09:38 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2020-03-05 09:38 - 2020-03-05 09:38 - 000000000 ____D C:\Windows\LastGood.Tmp
2020-03-05 09:38 - 2020-03-05 09:38 - 000000000 ____D C:\Program Files\Synaptics
2020-03-05 09:38 - 2017-08-18 02:23 - 000055384 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2020-03-05 09:38 - 2016-12-01 08:06 - 072520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2020-03-05 09:38 - 2016-12-01 08:06 - 005523456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2020-03-05 09:38 - 2016-12-01 08:06 - 003204096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2020-03-05 09:38 - 2016-12-01 08:06 - 003014144 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2020-03-05 09:38 - 2016-12-01 08:06 - 002201088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2020-03-05 09:38 - 2016-12-01 08:06 - 000258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2020-03-05 09:38 - 2016-12-01 08:06 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2020-03-05 09:38 - 2016-12-01 08:04 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2020-03-05 09:38 - 2016-12-01 07:22 - 001435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2020-03-05 09:38 - 2016-12-01 07:22 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2020-03-05 09:38 - 2016-12-01 07:22 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2020-03-05 09:38 - 2016-12-01 07:22 - 000381400 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2020-03-05 09:38 - 2016-12-01 07:22 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2020-03-05 09:38 - 2016-12-01 07:22 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2020-03-05 09:38 - 2016-12-01 07:22 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2020-03-05 09:38 - 2016-12-01 07:21 - 002995000 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2020-03-05 09:38 - 2016-12-01 07:21 - 002706856 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2020-03-05 09:38 - 2016-12-01 07:21 - 000984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2020-03-05 09:38 - 2016-12-01 07:20 - 001003320 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2020-03-05 09:38 - 2016-12-01 07:20 - 000865912 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2020-03-05 09:38 - 2016-12-01 07:20 - 000859216 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2020-03-05 09:38 - 2016-12-01 07:20 - 000850400 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2020-03-05 09:38 - 2016-12-01 07:20 - 000721800 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2020-03-05 09:38 - 2016-12-01 07:20 - 000499152 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2020-03-05 09:38 - 2016-12-01 07:20 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2020-03-05 09:38 - 2016-12-01 07:19 - 003503048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2020-03-05 09:38 - 2016-12-01 07:19 - 001360512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2020-03-05 09:38 - 2016-12-01 07:19 - 000689872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2020-03-05 09:38 - 2016-12-01 07:19 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2020-03-05 09:38 - 2016-12-01 07:19 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2020-03-05 09:38 - 2016-12-01 07:19 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2020-03-05 09:38 - 2016-12-01 07:19 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2020-03-05 09:38 - 2016-12-01 07:19 - 000110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2020-03-05 09:38 - 2016-12-01 07:19 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2020-03-05 09:38 - 2016-12-01 07:18 - 003201376 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2020-03-05 09:38 - 2016-12-01 07:18 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2020-03-05 09:38 - 2016-12-01 07:13 - 001615656 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2020-03-05 09:38 - 2016-12-01 07:13 - 001529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
2020-03-05 09:38 - 2016-12-01 07:13 - 000574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2020-03-05 09:38 - 2016-12-01 07:13 - 000438688 _____ (Conexant Systems, Inc.) C:\Windows\system32\CAF64APO2.dll
2020-03-05 09:38 - 2016-12-01 07:13 - 000118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2020-03-05 09:38 - 2016-12-01 07:13 - 000112488 _____ (Conexant Systems, Inc.) C:\Windows\system32\Caf64api.dll
2020-03-05 09:38 - 2016-12-01 00:44 - 007704619 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2020-03-05 09:38 - 2016-12-01 00:44 - 000005604 _____ C:\Windows\system32\cxapo.lncs
2020-03-05 09:38 - 2016-12-01 00:44 - 000000736 _____ C:\Windows\system32\cxapo.prop
2020-03-05 09:06 - 2020-03-05 09:09 - 000000000 ____D C:\ProgramData\Package Cache
2020-03-05 09:06 - 2020-03-05 09:06 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2020-03-05 09:06 - 2020-03-05 09:06 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2020-03-05 09:06 - 2020-03-05 09:06 - 000000000 ____D C:\Windows\system32\Intel
2020-03-05 09:05 - 2020-03-05 11:57 - 000000000 ____D C:\ProgramData\Synaptics
2020-03-05 09:05 - 2020-03-05 09:05 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_wbf_vfs_0050_01_09_00.Wdf
2020-03-05 08:53 - 2020-03-05 08:53 - 000000000 ____D C:\Users\Stepa\AppData\Roaming\Macromedia
2020-03-05 08:52 - 2020-03-05 08:52 - 000000000 ____D C:\Windows\system32\Tasks\S-1-5-21-2539823547-3203320787-3523532562-1001
2020-03-05 08:44 - 2020-03-05 08:44 - 000000000 ____D C:\Windows\SysWOW64\sda
2020-03-05 08:43 - 2020-03-05 08:43 - 000017316 _____ C:\Windows\system32\results.xml
2020-03-05 08:42 - 2020-03-05 11:57 - 000000000 __SHD C:\Users\Stepa\IntelGraphicsProfiles
2020-03-05 08:42 - 2020-03-05 08:42 - 000000000 ____D C:\Program Files\Intel
2020-03-05 08:42 - 2020-03-05 08:42 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2020-03-05 08:42 - 2020-03-05 08:42 - 000000000 ____D C:\Program Files (x86)\Intel
2020-03-05 08:42 - 2020-03-05 08:42 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2020-03-05 08:42 - 2018-02-09 17:59 - 000140256 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2020-03-05 08:42 - 2018-02-09 17:59 - 000116704 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2020-03-05 08:42 - 2017-07-14 11:13 - 000718336 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-03-05 08:42 - 2017-07-14 11:13 - 000425984 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-03-05 08:42 - 2017-07-14 11:12 - 000850432 _____ C:\Windows\system32\vulkan-1.dll
2020-03-05 08:42 - 2017-07-14 11:12 - 000526848 _____ C:\Windows\system32\vulkaninfo.exe
2020-03-05 08:41 - 2020-03-05 08:42 - 000000000 ____D C:\Intel
2020-03-05 08:35 - 2020-03-05 08:35 - 000043632 _____ (Intel Corporation) C:\Windows\system32\Drivers\pmxdrv.sys
2020-03-05 08:30 - 2020-03-05 08:40 - 000000000 ____D C:\Other File
2020-03-05 08:30 - 2020-02-08 13:07 - 063837728 _____ (Electronic Arts) C:\Users\Stepa\Documents\OriginThinSetup.exe
2020-03-05 08:30 - 2020-01-14 22:15 - 295230368 _____ (Hewlett-Packard ) C:\Users\Stepa\Documents\2017HDGfxDriver.exe
2020-03-05 08:29 - 2020-02-16 02:15 - 000000399 _____ C:\Users\Stepa\Documents\DISM_hew_repair.txt
2020-03-05 08:29 - 2020-02-13 18:29 - 000000069 _____ C:\Users\Stepa\Documents\DNS GOOGLE.txt
2020-03-05 08:29 - 2020-02-08 22:30 - 031365056 _____ (HP Inc.) C:\Users\Stepa\Documents\sp100251chip.exe
2020-03-05 08:29 - 2020-02-08 22:29 - 009343544 _____ (HP Inc.) C:\Users\Stepa\Documents\sp101296-bios.exe
2020-03-05 08:06 - 2020-03-05 08:06 - 000000000 ____D C:\Users\Stepa\AppData\Local\Comms
2020-03-05 08:05 - 2020-03-05 08:06 - 000000000 ____D C:\ProgramData\Packages
2020-03-05 07:54 - 2020-03-05 07:53 - 000748816 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2020-03-05 07:53 - 2020-03-05 07:53 - 000000000 ____D C:\Users\Stepa\AppData\Local\OneDrive
2020-03-05 07:52 - 2020-03-05 07:54 - 000000000 ___RD C:\Users\Stepa\OneDrive
2020-03-05 07:52 - 2020-03-05 07:52 - 000000000 ___HD C:\OneDriveTemp
2020-03-05 07:52 - 2020-03-05 07:52 - 000000000 ____D C:\Users\Stepa\AppData\Local\PlaceholderTileLogoFolder
2020-03-05 07:50 - 2020-03-05 07:50 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2020-03-05 07:49 - 2020-03-05 08:28 - 000000000 ____D C:\Users\Stepa\AppData\Local\ConnectedDevicesPlatform
2020-03-05 07:49 - 2020-03-05 08:06 - 000000000 ____D C:\Users\Stepa\AppData\Local\Packages
2020-03-05 07:49 - 2020-03-05 07:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-03-05 07:49 - 2020-03-05 07:49 - 000000000 ___RD C:\Users\Stepa\3D Objects
2020-03-05 07:49 - 2020-03-05 07:49 - 000000000 ___HD C:\Users\Stepa\MicrosoftEdgeBackups
2020-03-05 07:49 - 2020-03-05 07:49 - 000000000 ____D C:\Users\Stepa\AppData\Roaming\Adobe
2020-03-05 07:49 - 2020-03-05 07:49 - 000000000 ____D C:\Users\Stepa\AppData\Local\VirtualStore
2020-03-05 07:49 - 2020-03-05 07:49 - 000000000 ____D C:\Users\Stepa\AppData\Local\Publishers
2020-03-05 07:49 - 2020-03-05 07:49 - 000000000 ____D C:\Users\Stepa\AppData\Local\PackageStaging
2020-03-05 07:49 - 2020-03-05 07:49 - 000000000 ____D C:\Users\Stepa\AppData\Local\MicrosoftEdge
2020-03-05 07:48 - 2020-03-05 12:02 - 001606106 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-05 07:47 - 2020-03-05 09:45 - 000000000 ____D C:\Users\Stepa
2020-03-05 07:47 - 2020-03-05 07:47 - 000000020 ___SH C:\Users\Stepa\ntuser.ini
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Šablony
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Soubory cookie
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Poslední
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Okolní tiskárny
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Okolní síť
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Nabídka Start
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Dokumenty
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Documents\Obrázky
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Documents\Hudba
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Documents\Filmy
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\Data aplikací
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2020-03-05 07:47 - 2020-03-05 07:47 - 000000000 _SHDL C:\Users\Stepa\AppData\Local\Data aplikací
2020-03-05 07:45 - 2020-01-09 22:24 - 002874368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Public\Documents\Obrázky
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Public\Documents\Hudba
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Public\Documents\Filmy
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Šablony
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Soubory cookie
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Poslední
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Okolní tiskárny
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Okolní síť
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Nabídka Start
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Dokumenty
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Documents\Obrázky
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Documents\Hudba
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Documents\Filmy
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\Data aplikací
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Šablony
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Soubory cookie
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Poslední
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Okolní tiskárny
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Okolní síť
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Nabídka Start
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Dokumenty
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Documents\Obrázky
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Documents\Hudba
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Documents\Filmy
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\Data aplikací
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\ProgramData\Šablony
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\ProgramData\Plocha
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\ProgramData\Nabídka Start
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\ProgramData\Dokumenty
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\ProgramData\Data aplikací
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 _SHDL C:\Documents and Settings
2020-03-05 07:43 - 2020-03-05 07:43 - 000000000 ____D C:\Windows\minidump
2020-03-05 07:42 - 2020-03-05 11:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-05 07:42 - 2020-03-05 09:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-03-05 07:42 - 2020-03-05 07:42 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-03-05 07:41 - 2020-03-05 07:43 - 000000000 ____D C:\Windows\Panther
2020-03-05 07:41 - 2020-03-05 07:42 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-03-05 07:41 - 2020-03-05 07:41 - 000258096 _____ C:\Windows\system32\FNTCACHE.DAT
2020-03-05 07:41 - 2020-03-05 07:41 - 000000000 ____D C:\Windows\ServiceProfiles

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-05 12:02 - 2019-03-19 12:55 - 000685252 _____ C:\Windows\system32\perfh005.dat
2020-03-05 12:02 - 2019-03-19 12:55 - 000137918 _____ C:\Windows\system32\perfc005.dat
2020-03-05 12:02 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2020-03-05 11:59 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-05 11:57 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-03-05 11:24 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-03-05 11:03 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2020-03-05 09:33 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2020-03-05 09:31 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2020-03-05 09:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-03-05 09:00 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SystemResources
2020-03-05 09:00 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\spool
2020-03-05 09:00 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\setup
2020-03-05 09:00 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2020-03-05 08:50 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Drivers\DriverData
2020-03-05 08:43 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2020-03-05 08:06 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-05 08:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ServiceState
2020-03-05 07:47 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\USOPrivate
2020-03-05 07:43 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows NT
2020-03-05 07:42 - 2019-03-19 05:52 - 000000000 ___RD C:\Windows\PrintDialog
2020-03-05 07:42 - 2019-03-19 05:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-03-05 07:42 - 2019-03-19 05:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-03-05 07:41 - 2019-03-19 05:49 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== Files in the root of some directories ========

2020-03-05 11:53 - 2020-03-05 11:57 - 001388448 _____ () C:\Users\Public\ASR.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================







Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020
Ran by Stepa (05-03-2020 12:05:01)
Running from C:\Users\Stepa\Desktop
Windows 10 Home Version 1909 18363.592 (X64) (2020-03-05 06:43:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2539823547-3203320787-3523532562-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2539823547-3203320787-3523532562-503 - Limited - Disabled)
Guest (S-1-5-21-2539823547-3203320787-3523532562-501 - Limited - Disabled)
Stepa (S-1-5-21-2539823547-3203320787-3523532562-1001 - Administrator - Enabled) => C:\Users\Stepa
WDAGUtilityAccount (S-1-5-21-2539823547-3203320787-3523532562-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4836 - Intel Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.2.11280.0_x86__8wekyb3d8bbwe [2020-03-05] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation) [MS Ad]
Pošta a Kalendář -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2539823547-3203320787-3523532562-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Stepa\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2539823547-3203320787-3523532562-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Stepa\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2539823547-3203320787-3523532562-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Stepa\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2539823547-3203320787-3523532562-1001_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-05] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\ki126576.inf_amd64_42623e9e7b07ec7e\igfxDTCM.dll [2018-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-05] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2020-03-05 11:57 - 000000852 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2539823547-3203320787-3523532562-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.42.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-03-2020 11:02:00 Windows Update
05-03-2020 11:17:38 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/05/2020 11:33:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Users\Stepa\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Popis = JRT Pre-Junkware Removal; Chyba = 0x8007043c).

Error: (03/05/2020 07:59:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OneDrive.exe, verze: 19.232.1124.8, časové razítko: 0x3c98ea6e
Název chybujícího modulu: Qt5Qml.dll, verze: 5.11.1.0, časové razítko: 0x5dba0b3f
Kód výjimky: 0xc0000005
Posun chyby: 0x001099dd
ID chybujícího procesu: 0x1790
Čas spuštění chybující aplikace: 0x01d5f2baae54201a
Cesta k chybující aplikaci: C:\Users\Stepa\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Cesta k chybujícímu modulu: C:\Users\Stepa\AppData\Local\Microsoft\OneDrive\19.232.1124.0008\Qt5Qml.dll
ID zprávy: f5e9dfd5-0a74-4259-a539-bb6a037442d8
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/05/2020 07:49:35 AM) (Source: ESENT) (EventID: 455) (User: )
Description: StartMenuExperienceHost (4124,R,98) TILEREPOSITORYS-1-5-21-2539823547-3203320787-3523532562-1001: Při otevírání souboru protokolu C:\Users\Stepa\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (03/05/2020 07:49:35 AM) (Source: ESENT) (EventID: 522) (User: )
Description: StartMenuExperienceHost (4124,P,98) TILEREPOSITORYS-1-5-21-2539823547-3203320787-3523532562-1001: Pokus o otevření zařízení s názvem \\.\C:, který obsahuje C:\, se nepodařil a došlo k systémové chybě 5 (0x00000005): Přístup byl odepřen. . Operace se nepodaří a dojde k chybě -1032 (0xfffffbf8).

Error: (03/05/2020 07:45:52 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Při aktualizaci stavu Windows Defender na SECURITY_PRODUCT_STATE_ON došlo k chybě.


System errors:
=============
Error: (03/05/2020 11:57:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba cphs byla ukončena s následující chybou:
%%2147942659 = Žádná další data nejsou k dispozici.

Error: (03/05/2020 11:57:38 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\IntelWifiIhv04.dll

Error: (03/05/2020 11:57:38 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\IntelWifiIhv04.dll

Error: (03/05/2020 11:57:32 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\Windows\system32\IntelWifiIhv04.dll

Error: (03/05/2020 11:57:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (03/05/2020 11:57:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Content Protection HDCP Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/05/2020 11:57:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Synaptics FP WBF Policy Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/05/2020 11:57:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnh Caller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2020-03-05 08:00:50.079
Description:
Řízený přístup ke složkám zablokoval pro C:\Windows\System32\chkdsk.exe provádění změn v paměti.
Čas detekce: 2020-03-05T07:00:50.078Z
Uživatel: DESKTOP-UU673P7\Stepa
Cesta: \Device\HarddiskVolume4
Název procesu: C:\Windows\System32\chkdsk.exe
Verze bezpečnostních informací: 1.311.578.0
Verze modulu: 1.1.16800.2
Verze produktu: 4.18.1902.5

Date: 2020-03-05 11:49:52.439
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.311.582.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16800.2
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.

Date: 2020-03-05 11:39:50.597
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2020-03-05 11:38:01.655
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2020-03-05 11:32:24.466
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.311.582.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16800.2
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.

Date: 2020-03-05 11:22:22.589
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

==================== Memory info ===========================

BIOS: Insyde F.52 06/14/2019
Motherboard: HP 80DF
Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
Percentage of memory in use: 26%
Total physical RAM: 8074.41 MB
Available physical RAM: 5905.43 MB
Total Virtual: 20362.41 MB
Available Virtual: 18383.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.84 GB) (Free:202.39 GB) NTFS

\\?\Volume{f9e14808-0708-4288-bc14-512846ce4aba}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{ae773c70-5ade-41f6-8503-a70ce2f1386e}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B72CE8ED)

Partition: GPT.

==================== End of Addition.txt =======================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu - zřejmě Virus v Boot sektoru

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Kde presne sa vytvaraju skryte zlozky? Vies uviest nejaky priklad tych chyb?

:arrow: Urob v Malwarebytes uplny sken (v PC by uz mal byt nainstalovany):
  • Ovor Malwarebytes a klikni na "Vyhledavac"
  • Klikni na "Pokrocile kontroly" a potom na "Nastavit kontrolu"
  • Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Skenovani na rootkity"
  • Klikni na "Sken" a pockaj na dokoncenie
  • Po dokonceni klikni na "Zobrazit zpravu" -> "Export" -> "Kopirovat do schranky"
  • Skopirovany log vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět