Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

prosim o kontrolu logu - vyskakovaci okna

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
SoonTy
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 09 lis 2005 22:11
Kontaktovat uživatele:

prosim o kontrolu logu - vyskakovaci okna

#1 Příspěvek od SoonTy »

Dobry den, velice Vas prosim okontrolu logu. V prohlizecich vyskakuji okna. Predem dekuji za pomoc.

log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 4-02-2019
Ran by W (administrator) on W-PC (04-02-2019 11:18:40)
Running from C:\Users\W\Desktop
Loaded Profiles: W (Available Profiles: W)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(Acresso) C:\Program Files\Vivid WorkshopData ATI\WorkshopDBServer.exe
(Sun Microsystems, Inc.) C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_32_0_0_114_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [779776 2014-03-13] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {026bfc4a-155f-11e7-9cd1-00219b41bed2} - E:\Startme.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {8f2712a7-2e96-11e4-99ec-00219b41bed2} - F:\Viewer\ppview32.exe agaxzs\auto.ppt
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {9574b6d6-23b7-11e9-8b3a-00219b41bed2} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {ed2524cd-4450-11e7-ada3-00219b41bed2} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Drivers32: [msacm.l3pacm] => C:\Windows\system32\l3codecp.acm [220672 2009-07-14] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [msacm.aacacm] => C:\Windows\system32\AACACM.acm [294912 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\system32\lameACM.acm [756224 2012-02-28] (hxxp://www.mp3dev.org/)
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-08] ( )
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\system32\ac3filter.acm [1679360 2013-04-05] ()
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3649536 2013-03-17] (x264vfw project)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\72.0.3626.81\Installer\chrmstp.exe [2019-01-29] (Google LLC -> Google Inc.)
Startup: C:\Users\W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-01-09]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 77.236.129.130 88.86.107.235
Tcpip\..\Interfaces\{F4677CA5-C69F-417E-8AFC-6816A18C768D}: [DhcpNameServer] 77.236.129.130 88.86.107.235
ManualProxies: 0hxxp://web-quick.com/wpad.dat?d237324aa363cadab7cc6569550bd09136767860

Internet Explorer:
==================
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> DefaultScope {20AB443D-4725-4468-8421-390C3683039A} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {20AB443D-4725-4468-8421-390C3683039A} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {A6D5F998-18F9-473B-B930-4006E4F71A7B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> is enabled.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\W\AppData\Roaming\TomTom\HOME\Profiles\r3glec6n.default [2018-06-11]
FF ProfilePath: C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\g26uf1fk.default [2019-02-04]
FF user.js: detected! => C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\g26uf1fk.default\user.js [2014-04-15]
FF Homepage: Mozilla\Firefox\Profiles\g26uf1fk.default -> hxxp://www.seznam.cz/
FF Session Restore: Mozilla\Firefox\Profiles\g26uf1fk.default -> is enabled.
FF Extension: (Seznam pro Firefox - Email) - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\g26uf1fk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-12-06]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2014-12-15] [Legacy] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3274311375-3095276521-1623220161-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\W\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.seznam.cz/
CHR StartupUrls: Profile 1 -> "hxxp://www.volny.cz/","hxxp://www.seznam.cz/"
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-02-03]
CHR Extension: (Prezentace) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-19]
CHR Extension: (Dokumenty) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-19]
CHR Extension: (Disk Google) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-19]
CHR Extension: (YouTube) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-19]
CHR Extension: (Tabulky) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-19]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-19]
CHR Extension: (QR Code Generator) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2018-10-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2018-10-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-19]
CHR Extension: (Gmail) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-19]
CHR Extension: (Chrome Media Router) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-02]
CHR Profile: C:\Users\W\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2017-04-24] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2017-04-24] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (Hewlett-Packard Company -> HP)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [100232 2012-11-08] (Hewlett-Packard Company -> HP)
R2 HPSLPSVC; C:\Users\W\AppData\Local\Temp\7zS17B2\hpslpsvc32.dll [701288 2013-07-19] (Hewlett Packard -> Hewlett-Packard Co.) <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [154432 2018-12-12] (Huawei Technologies Co., Ltd. -> )
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation -> Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2013-05-16] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation -> Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH -> TeamViewer GmbH)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WorkshopDBService; C:\Program Files\Vivid WorkshopData ATI\WorkshopDBServer.exe [114688 2017-06-14] (Acresso) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [382976 2010-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [14400 2009-07-14] (Microsoft Windows -> Acer Laboratories Inc.)
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [80256 2014-04-15] (Microsoft Windows -> Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] (Microsoft Windows -> AMD Technologies Inc.)
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2014-04-15] (Microsoft Windows -> Advanced Micro Devices)
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [76368 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Microsoft Windows -> Broadcom Corporation)
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Microsoft Windows -> Broadcom Corporation)
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] (Microsoft Windows -> Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] (Microsoft Windows -> Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Microsoft Windows -> Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Microsoft Windows -> Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Microsoft Windows -> Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Microsoft Windows -> Brother Industries Ltd.)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-14] (Microsoft Windows -> CMD Technology, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-08-28] (Disc Soft Ltd -> Disc Soft Ltd)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-29] (Intel Corporation -> Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Microsoft Windows -> Broadcom Corporation)
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] (Microsoft Windows -> Emulex)
R3 GMLXDFltr01; C:\Windows\System32\drivers\GMLXDFltr01.sys [17696 2016-05-27] (Microsoft Windows Hardware Compatibility Publisher -> LXD Development, Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Microsoft Windows -> Hauppauge Computer Works, Inc.)
R3 HECI; C:\Windows\System32\DRIVERS\HECI.sys [45184 2009-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2012-11-08] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] (Microsoft Windows -> Hewlett-Packard Company)
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2014-04-15] (Microsoft Windows -> Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] (Microsoft Windows -> Intel Corp./ICP vortex GmbH)
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] (Microsoft Windows -> LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] (Microsoft Windows -> LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] (Microsoft Windows -> LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] (Microsoft Windows -> LSI Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] (Microsoft Windows -> LSI Corporation)
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] (Microsoft Windows -> LSI Corporation, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation -> Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [16896 2012-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Microsoft Windows -> Ralink Technology Corp.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [21638 2008-08-22] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] (Microsoft Windows -> IBM Corporation)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [18176 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [23168 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2014-04-15] (Microsoft Windows -> NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2014-04-15] (Microsoft Windows -> NVIDIA Corporation)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [19072 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] (Microsoft Windows -> QLogic Corporation)
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] (Microsoft Windows -> QLogic Corporation)
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Microsoft Windows -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] (Microsoft Windows -> Silicon Integrated Systems)
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] (Microsoft Windows -> Promise Technology)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2014-06-06] (Microsoft Windows Hardware Compatibility Publisher -> TeamViewer GmbH)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8192 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] (Microsoft Windows -> VIA Technologies Inc.,Ltd)
S3 eapihdrv; \??\C:\Users\W\AppData\Local\Temp\ehdrv.sys [X] <==== ATTENTION
S1 efhdshit; \??\C:\Windows\system32\drivers\efhdshit.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S1 qjfgucbk; \??\C:\Windows\system32\drivers\qjfgucbk.sys [X]
S1 sauugxsj; \??\C:\Windows\system32\drivers\sauugxsj.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-04 11:18 - 2019-02-04 11:19 - 000027234 _____ C:\Users\W\Desktop\FRST.txt
2019-02-04 11:18 - 2019-02-04 11:18 - 001790976 _____ (Farbar) C:\Users\W\Desktop\FRST.exe
2019-02-04 11:16 - 2019-02-04 11:18 - 000000000 ____D C:\FRST
2019-02-04 11:16 - 2019-02-04 11:16 - 001790976 _____ (Farbar) C:\Users\W\Downloads\FRST.exe
2019-02-04 09:36 - 2019-02-04 09:36 - 000000000 ____D C:\Users\W\Desktop\product key viewer
2019-01-31 09:37 - 2019-01-31 09:37 - 000000953 _____ C:\Users\Public\Desktop\HiSuite.lnk
2019-01-31 09:37 - 2019-01-31 09:37 - 000000000 ____D C:\Users\W\Documents\HiSuite
2019-01-31 09:37 - 2019-01-31 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2019-01-31 09:36 - 2019-01-31 09:37 - 000000000 ____D C:\Program Files\HiSuite
2019-01-31 09:36 - 2018-12-12 11:32 - 001837296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll
2019-01-31 09:36 - 2018-12-12 11:32 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2019-01-31 09:36 - 2018-12-12 11:32 - 000851176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll
2019-01-31 09:36 - 2018-12-12 11:32 - 000249856 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
2019-01-31 09:36 - 2018-12-12 11:32 - 000199680 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys
2019-01-31 09:36 - 2018-12-12 11:32 - 000113792 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys
2019-01-31 09:36 - 2018-12-12 11:32 - 000102272 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys
2019-01-31 09:36 - 2018-12-12 11:32 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2019-01-31 09:36 - 2018-12-12 11:32 - 000015360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys
2019-01-31 09:35 - 2019-01-31 09:38 - 000000000 ____D C:\Users\W\AppData\Local\HiSuite

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-04 11:05 - 2014-09-02 10:34 - 000000000 ____D C:\Users\W\Documents\Soubory aplikace Outlook
2019-02-04 10:00 - 2014-04-14 11:18 - 001611044 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-04 10:00 - 2009-07-14 09:44 - 000677214 _____ C:\Windows\system32\perfh005.dat
2019-02-04 10:00 - 2009-07-14 09:44 - 000146112 _____ C:\Windows\system32\perfc005.dat
2019-02-04 10:00 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-02-04 08:46 - 2009-07-14 05:34 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-04 08:46 - 2009-07-14 05:34 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-04 08:38 - 2017-06-14 16:19 - 000000000 ____D C:\ProgramData\organiser
2019-02-04 08:38 - 2014-06-25 12:33 - 000000000 ____D C:\Program Files\TeamViewer
2019-02-04 08:38 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-02 14:18 - 2015-04-22 11:52 - 000000000 ____D C:\Users\W\Desktop\inz
2019-02-02 12:38 - 2015-03-19 16:06 - 000000000 ____D C:\Users\W\Documents\já
2019-01-31 10:03 - 2014-04-14 12:43 - 000000000 ____D C:\Users\W\AppData\Roaming\vlc
2019-01-29 23:50 - 2014-04-14 12:46 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-29 23:50 - 2014-04-14 12:46 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-29 13:21 - 2018-12-27 12:42 - 000987136 ___SH C:\Users\W\Documents\Thumbs.db
2019-01-23 10:22 - 2015-10-16 11:31 - 000000000 ____D C:\Users\W\Documents\_pojistky
2019-01-18 11:33 - 2015-04-13 16:42 - 000000000 ____D C:\Users\W\Documents\_PGS
2019-01-09 08:31 - 2014-04-14 13:00 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2019-01-09 08:31 - 2014-04-14 13:00 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-01-09 08:31 - 2014-04-14 13:00 - 000000000 ____D C:\Windows\system32\Macromed
2019-01-09 08:00 - 2017-11-20 19:57 - 000000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2014-10-06 14:25 - 2006-11-01 11:05 - 000154424 _____ () C:\Users\W\Volumeid.exe
2014-05-30 08:17 - 2014-05-30 08:17 - 000000089 _____ () C:\Users\W\AppData\Local\fusioncache.dat
2014-05-07 17:16 - 2015-05-22 15:45 - 000013030 _____ () C:\Users\W\AppData\Local\PDOXUSRS.NET

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-02 00:39

==================== End of FRST.txt ============================
Přílohy
Addition.rar
(14.37 KiB) Staženo 104 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#2 Příspěvek od Rudy »

Zdravím!
Opět firemní PC?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SoonTy
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 09 lis 2005 22:11
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#3 Příspěvek od SoonTy »

Dobrý den Rudy, počítač je již můj soukromý - dostal jsem ho jako kompenzaci za nevyplacené mzdy. Momentálně jsem nezaměstnán.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#4 Příspěvek od Rudy »

OK. Spusťte tedy tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SoonTy
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 09 lis 2005 22:11
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#5 Příspěvek od SoonTy »

děkuji za pochopení. tady je log:

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-01-31.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-05-2019
# Duration: 00:00:04
# OS: Windows 7 Ultimate
# Cleaned: 6
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files\Seznam.cz
Deleted C:\Users\W\AppData\Roaming\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted HKCU\Software\Seznam.cz

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted slunecnice.cz

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1620 octets] - [05/02/2019 10:19:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#6 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SoonTy
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 09 lis 2005 22:11
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#7 Příspěvek od SoonTy »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 4-02-2019
Ran by W (administrator) on W-PC (05-02-2019 12:29:43)
Running from C:\Users\W\Desktop
Loaded Profiles: W (Available Profiles: W)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Software602 a.s.) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(Google Inc.) C:\Program Files\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\System32\HPSIsvc.exe
() C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 15\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(Acresso) C:\Program Files\Vivid WorkshopData ATI\WorkshopDBServer.exe
(Sun Microsystems, Inc.) C:\Program Files\Vivid WorkshopData ATI\jre\bin\java.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-10] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [779776 2014-03-13] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {026bfc4a-155f-11e7-9cd1-00219b41bed2} - E:\Startme.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {8f2712a7-2e96-11e4-99ec-00219b41bed2} - F:\Viewer\ppview32.exe agaxzs\auto.ppt
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {9574b6d6-23b7-11e9-8b3a-00219b41bed2} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {ed2524cd-4450-11e7-ada3-00219b41bed2} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Drivers32: [msacm.l3pacm] => C:\Windows\system32\l3codecp.acm [220672 2009-07-14] (Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [msacm.aacacm] => C:\Windows\system32\AACACM.acm [294912 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\system32\lameACM.acm [756224 2012-02-28] (hxxp://www.mp3dev.org/)
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-08] ( )
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\system32\ac3filter.acm [1679360 2013-04-05] ()
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3649536 2013-03-17] (x264vfw project)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\72.0.3626.81\Installer\chrmstp.exe [2019-01-29] (Google LLC -> Google Inc.)
Startup: C:\Users\W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-01-09]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 77.236.129.130 88.86.107.235
Tcpip\..\Interfaces\{F4677CA5-C69F-417E-8AFC-6816A18C768D}: [DhcpNameServer] 77.236.129.130 88.86.107.235
ManualProxies: 0hxxp://web-quick.com/wpad.dat?d237324aa363cadab7cc6569550bd09136767860

Internet Explorer:
==================
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> DefaultScope {20AB443D-4725-4468-8421-390C3683039A} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {20AB443D-4725-4468-8421-390C3683039A} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {A6D5F998-18F9-473B-B930-4006E4F71A7B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle America, Inc. -> Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> is enabled.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\W\AppData\Roaming\TomTom\HOME\Profiles\r3glec6n.default [2018-06-11]
FF ProfilePath: C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\g26uf1fk.default [2019-02-05]
FF user.js: detected! => C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\g26uf1fk.default\user.js [2014-04-15]
FF Homepage: Mozilla\Firefox\Profiles\g26uf1fk.default -> hxxp://www.seznam.cz/
FF Session Restore: Mozilla\Firefox\Profiles\g26uf1fk.default -> is enabled.
FF Extension: (Seznam pro Firefox - Email) - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\g26uf1fk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2017-12-06]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2014-12-15] [Legacy] [not signed]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_114.dll [2019-01-09] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3274311375-3095276521-1623220161-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\W\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2017-05-18] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.seznam.cz/
CHR StartupUrls: Profile 1 -> "hxxp://www.volny.cz/","hxxp://www.seznam.cz/"
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-02-05]
CHR Extension: (Prezentace) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-10-19]
CHR Extension: (Dokumenty) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-10-19]
CHR Extension: (Disk Google) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-19]
CHR Extension: (YouTube) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-10-19]
CHR Extension: (Tabulky) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-10-19]
CHR Extension: (Vzdálená plocha Chrome) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-19]
CHR Extension: (QR Code Generator) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2018-10-19]
CHR Extension: (Dokumenty Google offline) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-10-19]
CHR Extension: (Chrome Remote Desktop) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\inomeogfingihgjfjlpeplalcfajhgai [2018-10-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-10-19]
CHR Extension: (Gmail) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-10-19]
CHR Extension: (Chrome Media Router) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-05]
CHR Profile: C:\Users\W\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s. -> Software602 a.s.)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 chromoting; C:\Program Files\Google\Chrome Remote Desktop\71.0.3578.15\remoting_host.exe [73048 2018-10-18] (Google Inc -> Google Inc.)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2017-04-24] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2017-04-24] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (Hewlett-Packard Company -> HP)
R2 HPSIService; C:\Windows\system32\HPSIsvc.exe [100232 2012-11-08] (Hewlett-Packard Company -> HP)
R2 HPSLPSVC; C:\Users\W\AppData\Local\Temp\7zS17B2\hpslpsvc32.dll [701288 2013-07-19] (Hewlett Packard -> Hewlett-Packard Co.) <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [154432 2018-12-12] (Huawei Technologies Co., Ltd. -> )
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation -> Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2013-05-16] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation -> Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11644656 2018-09-10] (TeamViewer GmbH -> TeamViewer GmbH)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WorkshopDBService; C:\Program Files\Vivid WorkshopData ATI\WorkshopDBServer.exe [114688 2017-06-14] (Acresso) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADIHdAudAddService; C:\Windows\System32\drivers\ADIHdAud.sys [382976 2010-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [14400 2009-07-14] (Microsoft Windows -> Acer Laboratories Inc.)
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [80256 2014-04-15] (Microsoft Windows -> Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] (Microsoft Windows -> AMD Technologies Inc.)
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2014-04-15] (Microsoft Windows -> Advanced Micro Devices)
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [76368 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] (Microsoft Windows -> Adaptec, Inc.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Microsoft Windows -> Broadcom Corporation)
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Microsoft Windows -> Broadcom Corporation)
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] (Microsoft Windows -> Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] (Microsoft Windows -> Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] (Microsoft Windows -> Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Microsoft Windows -> Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Microsoft Windows -> Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Microsoft Windows -> Brother Industries Ltd.)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-14] (Microsoft Windows -> CMD Technology, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-08-28] (Disc Soft Ltd -> Disc Soft Ltd)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-29] (Intel Corporation -> Intel Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Microsoft Windows -> Broadcom Corporation)
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] (Microsoft Windows -> Emulex)
R3 GMLXDFltr01; C:\Windows\System32\drivers\GMLXDFltr01.sys [17696 2016-05-27] (Microsoft Windows Hardware Compatibility Publisher -> LXD Development, Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Microsoft Windows -> Hauppauge Computer Works, Inc.)
R3 HECI; C:\Windows\System32\DRIVERS\HECI.sys [45184 2009-09-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2012-11-08] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] (Microsoft Windows -> Hewlett-Packard Company)
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2014-04-15] (Microsoft Windows -> Intel Corporation)
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] (Microsoft Windows -> Intel Corp./ICP vortex GmbH)
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] (Microsoft Windows -> LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] (Microsoft Windows -> LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] (Microsoft Windows -> LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] (Microsoft Windows -> LSI Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [230120 2019-02-05] (Malwarebytes Corporation -> Malwarebytes)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] (Microsoft Windows -> LSI Corporation)
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] (Microsoft Windows -> LSI Corporation, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation -> Microsoft Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [16896 2012-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Microsoft Windows -> Ralink Technology Corp.)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [21638 2008-08-22] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] (Microsoft Windows -> IBM Corporation)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [18176 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [23168 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2014-04-15] (Microsoft Windows -> NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2014-04-15] (Microsoft Windows -> NVIDIA Corporation)
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [19072 2012-06-11] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] (Microsoft Windows -> QLogic Corporation)
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] (Microsoft Windows -> QLogic Corporation)
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] (Microsoft Windows -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] (Microsoft Windows -> Silicon Integrated Systems)
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] (Microsoft Windows -> Promise Technology)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2014-06-06] (Microsoft Windows Hardware Compatibility Publisher -> TeamViewer GmbH)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8192 2012-01-09] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] (Microsoft Windows -> VIA Technologies Inc.,Ltd)
S3 eapihdrv; \??\C:\Users\W\AppData\Local\Temp\ehdrv.sys [X] <==== ATTENTION
S1 efhdshit; \??\C:\Windows\system32\drivers\efhdshit.sys [X]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2018-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S1 qjfgucbk; \??\C:\Windows\system32\drivers\qjfgucbk.sys [X]
S1 sauugxsj; \??\C:\Windows\system32\drivers\sauugxsj.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-05 12:29 - 2019-02-05 12:30 - 000026854 _____ C:\Users\W\Desktop\FRST.txt
2019-02-05 12:29 - 2019-02-05 12:29 - 000000000 ____D C:\Users\W\Desktop\čištění
2019-02-05 10:50 - 2019-02-05 10:50 - 000230120 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-02-04 11:18 - 2019-02-04 11:18 - 001790976 _____ (Farbar) C:\Users\W\Desktop\FRST.exe
2019-02-04 11:16 - 2019-02-05 12:29 - 000000000 ____D C:\FRST
2019-02-04 11:16 - 2019-02-04 11:16 - 001790976 _____ (Farbar) C:\Users\W\Downloads\FRST.exe
2019-02-04 09:36 - 2019-02-04 09:36 - 000000000 ____D C:\Users\W\Desktop\product key viewer
2019-01-31 09:37 - 2019-01-31 09:37 - 000000953 _____ C:\Users\Public\Desktop\HiSuite.lnk
2019-01-31 09:37 - 2019-01-31 09:37 - 000000000 ____D C:\Users\W\Documents\HiSuite
2019-01-31 09:37 - 2019-01-31 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiSuite
2019-01-31 09:36 - 2019-01-31 09:37 - 000000000 ____D C:\Program Files\HiSuite
2019-01-31 09:36 - 2018-12-12 11:32 - 001837296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFUpdate_01009.dll
2019-01-31 09:36 - 2018-12-12 11:32 - 001461992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2019-01-31 09:36 - 2018-12-12 11:32 - 000851176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusbcoinstaller2.dll
2019-01-31 09:36 - 2018-12-12 11:32 - 000249856 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbnet.sys
2019-01-31 09:36 - 2018-12-12 11:32 - 000199680 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_quusbmdm.sys
2019-01-31 09:36 - 2018-12-12 11:32 - 000113792 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_cdcacm.sys
2019-01-31 09:36 - 2018-12-12 11:32 - 000102272 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\hw_usbdev.sys
2019-01-31 09:36 - 2018-12-12 11:32 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2019-01-31 09:36 - 2018-12-12 11:32 - 000015360 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbccgpfilter.sys
2019-01-31 09:35 - 2019-01-31 09:38 - 000000000 ____D C:\Users\W\AppData\Local\HiSuite

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-02-05 12:05 - 2014-05-22 16:36 - 000000000 ____D C:\Users\W\AppData\Local\CrashDumps
2019-02-05 10:49 - 2018-10-26 09:59 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2019-02-05 10:30 - 2009-07-14 05:34 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-02-05 10:30 - 2009-07-14 05:34 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-02-05 10:22 - 2017-06-14 16:19 - 000000000 ____D C:\ProgramData\organiser
2019-02-05 10:22 - 2014-06-25 12:33 - 000000000 ____D C:\Program Files\TeamViewer
2019-02-05 10:21 - 2017-11-20 19:57 - 000000000 ____D C:\Program Files\CCleaner
2019-02-05 10:21 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-02-05 10:19 - 2018-02-23 12:50 - 000000000 ____D C:\AdwCleaner
2019-02-05 10:18 - 2014-09-02 10:34 - 000000000 ____D C:\Users\W\Documents\Soubory aplikace Outlook
2019-02-05 09:57 - 2018-12-27 12:42 - 001026048 ___SH C:\Users\W\Documents\Thumbs.db
2019-02-04 10:00 - 2014-04-14 11:18 - 001611044 _____ C:\Windows\system32\PerfStringBackup.INI
2019-02-04 10:00 - 2009-07-14 09:44 - 000677214 _____ C:\Windows\system32\perfh005.dat
2019-02-04 10:00 - 2009-07-14 09:44 - 000146112 _____ C:\Windows\system32\perfc005.dat
2019-02-04 10:00 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2019-02-02 14:18 - 2015-04-22 11:52 - 000000000 ____D C:\Users\W\Desktop\inz
2019-02-02 12:38 - 2015-03-19 16:06 - 000000000 ____D C:\Users\W\Documents\já
2019-01-31 10:03 - 2014-04-14 12:43 - 000000000 ____D C:\Users\W\AppData\Roaming\vlc
2019-01-29 23:50 - 2014-04-14 12:46 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-01-29 23:50 - 2014-04-14 12:46 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-01-23 10:22 - 2015-10-16 11:31 - 000000000 ____D C:\Users\W\Documents\_pojistky
2019-01-18 11:33 - 2015-04-13 16:42 - 000000000 ____D C:\Users\W\Documents\_PGS
2019-01-09 08:31 - 2014-04-14 13:00 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2019-01-09 08:31 - 2014-04-14 13:00 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-01-09 08:31 - 2014-04-14 13:00 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2014-10-06 14:25 - 2006-11-01 11:05 - 000154424 _____ () C:\Users\W\Volumeid.exe
2014-05-30 08:17 - 2014-05-30 08:17 - 000000089 _____ () C:\Users\W\AppData\Local\fusioncache.dat
2014-05-07 17:16 - 2015-05-22 15:45 - 000013030 _____ () C:\Users\W\AppData\Local\PDOXUSRS.NET

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2019-02-02 00:39

==================== End of FRST.txt ============================
Přílohy
Addition.rar
(14.59 KiB) Staženo 107 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {026bfc4a-155f-11e7-9cd1-00219b41bed2} - E:\Startme.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {8f2712a7-2e96-11e4-99ec-00219b41bed2} - F:\Viewer\ppview32.exe agaxzs\auto.ppt
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {9574b6d6-23b7-11e9-8b3a-00219b41bed2} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {ed2524cd-4450-11e7-ada3-00219b41bed2} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S3 eapihdrv; \??\C:\Users\W\AppData\Local\Temp\ehdrv.sys [X] <==== ATTENTION
S1 qjfgucbk; \??\C:\Windows\system32\drivers\qjfgucbk.sys [X]
S1 sauugxsj; \??\C:\Windows\system32\drivers\sauugxsj.sys [X]
S1 efhdshit; \??\C:\Windows\system32\drivers\efhdshit.sys [X]
Task: {13630E78-B80C-4AB1-9282-190C788C6C48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-10-19] (Google Inc -> Google Inc.)
Task: {E66926FB-BD85-41C9-9CA6-5AF7ECB155F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-10-19] (Google Inc -> Google Inc.)
Task: {F938B3B5-BA02-4B80-A784-2D477BFC0854} - System32\Tasks\{9F315435-BDD6-4DBB-B011-69BF7E0CC56D} => C:\Windows\system32\pcalua.exe -a C:\Users\W\Downloads\WinSetupFromUSB-1-5.exe -d C:\Users\W\Downloads

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SoonTy
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 09 lis 2005 22:11
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#9 Příspěvek od SoonTy »

Fix result of Farbar Recovery Scan Tool (x86) Version: 4-02-2019
Ran by W (05-02-2019 15:12:49) Run:1
Running from C:\Users\W\Desktop
Loaded Profiles: W (Available Profiles: W)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {026bfc4a-155f-11e7-9cd1-00219b41bed2} - E:\Startme.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {8f2712a7-2e96-11e4-99ec-00219b41bed2} - F:\Viewer\ppview32.exe agaxzs\auto.ppt
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {9574b6d6-23b7-11e9-8b3a-00219b41bed2} - G:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {ed2524cd-4450-11e7-ada3-00219b41bed2} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S3 eapihdrv; \??\C:\Users\W\AppData\Local\Temp\ehdrv.sys [X] <==== ATTENTION
S1 qjfgucbk; \??\C:\Windows\system32\drivers\qjfgucbk.sys [X]
S1 sauugxsj; \??\C:\Windows\system32\drivers\sauugxsj.sys [X]
S1 efhdshit; \??\C:\Windows\system32\drivers\efhdshit.sys [X]
Task: {13630E78-B80C-4AB1-9282-190C788C6C48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-10-19] (Google Inc -> Google Inc.)
Task: {E66926FB-BD85-41C9-9CA6-5AF7ECB155F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2018-10-19] (Google Inc -> Google Inc.)
Task: {F938B3B5-BA02-4B80-A784-2D477BFC0854} - System32\Tasks\{9F315435-BDD6-4DBB-B011-69BF7E0CC56D} => C:\Windows\system32\pcalua.exe -a C:\Users\W\Downloads\WinSetupFromUSB-1-5.exe -d C:\Users\W\Downloads

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully.
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => removed successfully.
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{026bfc4a-155f-11e7-9cd1-00219b41bed2} => removed successfully.
HKLM\Software\Classes\CLSID\{026bfc4a-155f-11e7-9cd1-00219b41bed2} => not found
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f2712a7-2e96-11e4-99ec-00219b41bed2} => removed successfully.
HKLM\Software\Classes\CLSID\{8f2712a7-2e96-11e4-99ec-00219b41bed2} => not found
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9574b6d6-23b7-11e9-8b3a-00219b41bed2} => removed successfully.
HKLM\Software\Classes\CLSID\{9574b6d6-23b7-11e9-8b3a-00219b41bed2} => not found
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed2524cd-4450-11e7-ada3-00219b41bed2} => removed successfully.
HKLM\Software\Classes\CLSID\{ed2524cd-4450-11e7-ada3-00219b41bed2} => not found
"HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE" => removed successfully.
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2} => removed successfully.
HKLM\Software\Classes\CLSID\{80c554b9-c7f8-4a21-9471-06d606da78a2} => not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => removed successfully.
HKLM\System\CurrentControlSet\Services\eapihdrv => removed successfully.
eapihdrv => service removed successfully.
HKLM\System\CurrentControlSet\Services\qjfgucbk => removed successfully.
qjfgucbk => service removed successfully.
HKLM\System\CurrentControlSet\Services\sauugxsj => removed successfully.
sauugxsj => service removed successfully.
HKLM\System\CurrentControlSet\Services\efhdshit => removed successfully.
efhdshit => service removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13630E78-B80C-4AB1-9282-190C788C6C48}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13630E78-B80C-4AB1-9282-190C788C6C48}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E66926FB-BD85-41C9-9CA6-5AF7ECB155F4}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E66926FB-BD85-41C9-9CA6-5AF7ECB155F4}" => removed successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F938B3B5-BA02-4B80-A784-2D477BFC0854}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F938B3B5-BA02-4B80-A784-2D477BFC0854}" => removed successfully.
C:\Windows\System32\Tasks\{9F315435-BDD6-4DBB-B011-69BF7E0CC56D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9F315435-BDD6-4DBB-B011-69BF7E0CC56D}" => removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 166154373 B
Java, Flash, Steam htmlcache => 1308 B
Windows/system/drivers => 599771 B
Edge => 0 B
Chrome => 274150224 B
Firefox => 15135225 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83693 B
LocalService => 0 B
NetworkService => 12993713 B
W => 505192248 B

RecycleBin => 190554756 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:14:05 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#10 Příspěvek od Rudy »

OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SoonTy
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 09 lis 2005 22:11
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#11 Příspěvek od SoonTy »

v exploreru se množství oteviranych nechtenych stranek zmenšilo, ale oteviraji se stále. Často s instalaci updateu JAVA. u chromu se po zadani hledaneho vyrazu do radku adresy často objevi stranka secure-surf.net . když ji prepisu a zadam třeba google, tak se mi pod hlavnim panelem a listou zalozek objevi takovy panel secure search pro zadani textu. Cely panel (stranku) musim zavrit, pak otevřít novy a zase to chvilku jede

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#12 Příspěvek od Rudy »

Vyčistíme ještě samotné prohlížeče. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize




autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;





Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... [oz]=8.1.0
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SoonTy
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 09 lis 2005 22:11
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#13 Příspěvek od SoonTy »

zoek se nechce koretne spustit - po zapnuti programu to pise chybu skriptu a volba Ano/Ne. Po zvolení jakékoliv mohu vložit skript, ale po spusteni skriptu to zase hodi stejnou hlasku
Přílohy
Bez názvu.jpg
Bez názvu.jpg (32.08 KiB) Zobrazeno 2933 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#14 Příspěvek od Rudy »

Zkuste to v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

SoonTy
Návštěvník
Návštěvník
Příspěvky: 81
Registrován: 09 lis 2005 22:11
Kontaktovat uživatele:

Re: prosim o kontrolu logu - vyskakovaci okna

#15 Příspěvek od SoonTy »

chová se to stále stejně. Zoek sputím, ale hned vyskočí okno a pak nejde ani program korektně zavřít...

Odpovědět