Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

mkeeper.exe

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
cozar
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 28 dub 2019 17:15

mkeeper.exe

#1 Příspěvek od cozar »

Zdravím,všimol som si,že mi chrome neotvorí niektoré stránky,napíše chybu 404 stránka nedostupná,dalej myš sa správa čudne,niekedy akoby som klikol 2x,inokedy musím klikať viackrát.Skenoval som PC cez Malwarebytes,TDSS,Adwcleaner-žiadna hrozba,iba pri skenovaní cez Superantispyware som si všimol,že skenuje aj program mkeeper.exe,ale výsledok žiadna hrozba.Trocha som prebehol web a tento program by mohol biť príčinou problémov.V logoch z FRST som ho nevidel,dá sa odstrániť?Prikladám log z FRST.Dakujem

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-04-2019
Ran by Admin (28-04-2019 18:01:23)
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Home Premium (X86) (2014-05-14 15:59:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-3283008170-1091209039-3508290470-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3283008170-1091209039-3508290470-500 - Administrator - Disabled)
bonus (S-1-5-21-3283008170-1091209039-3508290470-1003 - Limited - Enabled) => C:\Users\bonus
Guest (S-1-5-21-3283008170-1091209039-3508290470-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 32.0.0.171 - Adobe)
Aktualizácia ovládača aplikácie Centrum zariadení Windows Mobile (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
ArcSoft TotalMedia 3.5 (HKLM\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.282 - ArcSoft)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 8.0.0.225 - Atheros)
Balík Compatibility Pack pre systém Office 2007 (HKLM\...\{90120000-0020-041B-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Centrum zariadení Windows Mobile (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Electrum (HKU\S-1-5-21-3283008170-1091209039-3508290470-1000\...\Electrum) (Version: 2.9.0 - Electrum Technologies GmbH)
FastShare.cz verzia 2.3.1 (HKLM\...\FastShare.cz_is1) (Version: 2.3.1 - )
File Waster (HKLM\...\File Waster) (Version: 6.7.2 - JCMatt software)
Google Chrome (HKLM\...\Google Chrome) (Version: 74.0.3729.108 - Spoločnosť Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 211 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Ladicka (HKLM\...\Ladicka) (Version: - )
Litecoin Core (32-bit) (HKU\S-1-5-21-3283008170-1091209039-3508290470-1000\...\Litecoin Core (32-bit)) (Version: 0.14.2 - Litecoin Core project)
Malwarebytes verzia 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-041B-0000-0000000FF1CE}) (Version: 12.0.6334.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Slovak) (HKLM\...\{95120000-00AF-041B-0000-0000000FF1CE}) (Version: 12.0.4518.1039 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{9085041B-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
Opera Stable 58.0.3135.132 (HKLM\...\Opera 58.0.3135.132) (Version: 58.0.3135.132 - Opera Software)
Revo Uninstaller 2.0.6 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.6 - VS Revo Group, Ltd.)
SMI Grabber Device (HKLM\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.29 - Somagic)
SPEEDLINK REFLECT (HKLM\...\{ED1674F5-5165-49BF-B546-AE5343111540}) (Version: 1.0.3.7 - SPEEDLINK)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
Total Commander Ultima Prime 5.6.0.0 (HKLM\...\TC UP) (Version: 5.6.0.0 - Robert Łajka & Paweł Porwisz)
TP-LINK Wireless Client Utility (HKLM\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.531 - Nullsoft, Inc)
WinRAR 5.00 (32-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XMedia Recode version 3.1.9.1 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.1 - XMedia Recode)
yBook (HKLM\...\yBook_is1) (Version: - Spacejock Software)
Zemana AntiMalware verzia 3.1.66 (HKLM\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.1.66 - Zemana)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll [2011-11-16] () [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [TCUPShellExt] -> {544F5441-4C43-4D44-5550-5348454C4C00} => C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll [2011-11-16] () [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-08-22] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2011-11-16 00:01 - 2011-11-16 00:01 - 000433664 _____ () [File not signed] C:\Program Files\TC UP\PLUGINS\Library\TCUPShellExt.dll
2019-04-28 12:06 - 2019-04-28 12:06 - 000011264 _____ () [File not signed] C:\Users\Admin\AppData\Local\Temp\nsz387F.tmp\System.dll
2019-04-28 12:06 - 2019-04-28 12:06 - 000008704 _____ () [File not signed] C:\Users\Admin\AppData\Local\Temp\nsz387F.tmp\newadvsplash.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43797470.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68608787.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43797470.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68608787.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: TCUP_XnView.File.scr => "C:\Program Files\TC UP\PLUGINS\Media\XnView\xnview.exe" "%1" <==== ATTENTION
HKU\S-1-5-21-3283008170-1091209039-3508290470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice => Applications\wordpad.exe
HKU\S-1-5-21-3283008170-1091209039-3508290470-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice => TCUP_XnView.File.scr

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2016-12-02 12:39 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\ProgramData\Oracle\Java\javapath;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0
HKU\S-1-5-21-3283008170-1091209039-3508290470-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{3857ADBE-DD7F-4913-A971-313026C8E0E0}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe () [File not signed]
FirewallRules: [UDP Query User{9959CA17-6367-4587-A54B-E0EB8EAF9CCE}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe () [File not signed]
FirewallRules: [{C7DB1C1F-8053-4572-9B12-30D4F5F248E5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3804F62E-7BAF-4E9C-BD39-45374BC3BEA0}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe () [File not signed]
FirewallRules: [UDP Query User{F507CF3E-4FF2-4EAF-9DCE-FDC78F637C4F}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe () [File not signed]
FirewallRules: [TCP Query User{62FE9AC4-04D2-4883-BCE0-FBE6AF2ACE5A}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe () [File not signed]
FirewallRules: [UDP Query User{53768E3B-568D-4B3D-A850-2A51D7B44BBE}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe () [File not signed]
FirewallRules: [TCP Query User{1BD3BBB0-79E8-4897-92A0-DF084215A596}C:\program files\tc up\plugins\media\operausb\opera.exe] => (Block) C:\program files\tc up\plugins\media\operausb\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [UDP Query User{687214B6-F881-480C-9DBE-82750B104CA0}C:\program files\tc up\plugins\media\operausb\opera.exe] => (Block) C:\program files\tc up\plugins\media\operausb\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{838EA8EA-9F6C-4E59-AA91-781197511E2C}] => (Allow) C:\Program Files\Opera\58.0.3135.127\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{8F1B4BA1-3FDA-4711-823F-9BDDE0BCA909}] => (Allow) C:\Program Files\Opera\58.0.3135.132\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{7A5B4984-B204-4271-AC9F-01CDA6C1886B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)

==================== Restore Points =========================

27-04-2019 19:01:04 Windows Update
28-04-2019 10:42:21 Revo Uninstaller's restore point - Malwarebytes verzia 3.6.1.2711
28-04-2019 10:46:07 Revo Uninstaller's restore point - Malwarebytes verzia 3.6.1.2711
28-04-2019 11:30:34 Revo Uninstaller's restore point - Malwarebytes verzia 3.6.1.2711

==================== Faulty Device Manager Devices =============

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2019 11:59:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (04/28/2019 11:59:33 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (04/28/2019 11:36:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dcc

Start Time: 01d4fda510f5af83

Termination Time: 31

Application Path: C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp

Report Id:

Error: (04/28/2019 11:29:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18ec

Start Time: 01d4fd9e63228147

Termination Time: 31

Application Path: C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp

Report Id:

Error: (04/28/2019 12:33:45 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\TC UP\PLUGINS\Media\wincontig\WinContig64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/28/2019 12:33:40 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll".Error in manifest or policy file "c:\program files\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (04/27/2019 09:10:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\TC UP\PLUGINS\Media\wincontig\WinContig64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/27/2019 09:10:21 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll".Error in manifest or policy file "c:\program files\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (04/28/2019 03:17:48 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Počas čakania na odpoveď transakcie od služby ShellHWDetection bol dosiahnutý časový limit (30000 ms).

Error: (04/28/2019 12:06:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/28/2019 12:06:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/28/2019 12:06:49 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/28/2019 12:06:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/28/2019 12:06:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/28/2019 12:06:34 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (04/28/2019 12:06:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


Windows Defender:
===================================
Date: 2018-10-18 07:00:28.180
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{1AFFE90C-F475-4538-B8FC-9C13060A563D}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

==================== Memory info ===========================

BIOS: Dell Inc. ACRSYS - 7 03/03/2006
Motherboard: Dell Inc. 0G5611
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 91%
Total physical RAM: 1014.14 MB
Available physical RAM: 86.33 MB
Total Virtual: 2214.14 MB
Available Virtual: 243.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:73.14 GB) (Free:29.6 GB) NTFS
Drive d: () (Fixed) (Total:75.81 GB) (Free:24.65 GB) NTFS

\\?\Volume{cfa95067-db7f-11e3-88d8-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 5B21B962)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=75.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-04-2019
Ran by Admin (administrator) on ADMIN-PC (Dell Inc. OptiPlex GX280 ) (28-04-2019 17:59:51)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & bonus)
Platform: Microsoft Windows 7 Home Premium (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft, Inc. -> ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Krzysztof Kowalczyk -> Krzysztof Kowalczyk) D:\pr\SumatraPDFPortable\App\sumatrapdf\SumatraPDF.exe
(Rare Ideas, LLC -> PortableApps.com) D:\pr\SumatraPDFPortable\SumatraPDFPortable.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-3283008170-1091209039-3508290470-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8065456 2019-04-28] (Support.com, Inc. -> SUPERAntiSpyware)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\74.0.3729.108\Installer\chrmstp.exe [2019-04-24] (Google LLC -> Google Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27EE764E-579D-4DDB-88B6-2B1ECE04C2A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-08-09] (Google Inc -> Google Inc.)
Task: {2BE9C896-2C85-4075-BF00-117AA3BBB56B} - System32\Tasks\Opera scheduled Autoupdate 1445445039 => C:\Program Files\Opera\launcher.exe [1252440 2019-04-21] (Opera Software AS -> Opera Software)
Task: {6196134D-7683-438D-9326-8DA6EC15EA55} - System32\Tasks\{DCF7E970-E9A2-43C4-970C-AC1F87006FDB} => C:\Program Files\Google\Chrome\Application\chrome.exe
Task: {79D02226-64EE-4442-8F60-503B697D184F} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_171_pepper.exe [1452600 2019-04-28] (Adobe Inc. -> Adobe)
Task: {7BC9FD8C-14BD-4342-AE60-2D1194BCC165} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-08-09] (Google Inc -> Google Inc.)
Task: {AE7D4183-6DC3-4841-9168-B5A7711A879B} - System32\Tasks\{AF6E502B-D020-47B2-B125-6952D6E0D3AA} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {F387B14E-EC18-4A36-874F-5BBE89F2C721} - System32\Tasks\AMHelper => C:\Program Files\Zemana\AntiMalware\AntiMalware.exe [638536 2019-04-11] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{96DF9491-4C86-486C-B706-B6ECA1DEFBCC}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C5E7B502-C854-4B44-AF4A-5A3767F3D71F}: [DhcpNameServer] 195.28.64.99 195.80.175.66
Tcpip\..\Interfaces\{DABA7904-C6F2-4AEF-8DB2-D370F6E8058B}: [DhcpNameServer] 192.168.1.11

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3283008170-1091209039-3508290470-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3283008170-1091209039-3508290470-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.sk/
SearchScopes: HKLM -> DefaultScope {440E185E-7D3D-4CF0-B3BF-350109621E66} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-04-28] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-28] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-28] (Google Inc -> Google LLC)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2019-04-28]
CHR Extension: (Prezentácie) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-23]
CHR Extension: (Dokumenty) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-23]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-09]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-09]
CHR Extension: (Tabuľky) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-23]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-10]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-04-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-13] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft, Inc. -> ArcSoft Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [5073376 2018-09-19] (Malwarebytes Corporation -> Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (ArcSoft, Inc. -> Arcsoft, Inc.)
R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [208824 2019-04-28] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [1218048 2009-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4808192 2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [145920 2014-10-09] (Microsoft Windows Hardware Compatibility Publisher -> ITE )
S3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (Microsoft Windows Hardware Compatibility Publisher -> ATK0100)
S3 nmwcd; C:\Windows\System32\drivers\ccdcmb.sys [18176 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbo.sys [23168 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtnicxp.sys [43008 2009-07-14] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [139776 2009-07-14] (Microsoft Windows -> Realtek Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SMIGrabber3C; C:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [805888 2011-01-26] (SOMAGIC (HANGZHOU) TECHNOLOGY CO., LTD. -> Windows (R) Win 7 DDK provider)
S3 smserial; C:\Windows\System32\DRIVERS\smserial.sys [1068032 2009-07-14] (Microsoft Windows -> Motorola Inc.)
R3 smwdm; C:\Windows\System32\drivers\smwdm.sys [260224 2005-11-29] (Microsoft Windows Hardware Compatibility Publisher -> Analog Devices, Inc.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [134272 2016-01-19] (Acronis, Inc -> Acronis)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [971552 2016-01-19] (Acronis, Inc -> Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2016-01-19] (Acronis, Inc -> Acronis)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8192 2011-08-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 USBET; C:\Windows\System32\DRIVERS\ETdrv.sys [5127424 2014-04-24] (Etron Technology, Inc. -> Etron)
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [24680 2011-01-26] (Ghisler Software GmbH -> CaptainFlint Software)
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-28 17:59 - 2019-04-28 18:00 - 000013008 _____ C:\Users\Admin\Desktop\FRST.txt
2019-04-28 17:53 - 2019-04-28 17:55 - 000191870 _____ C:\TDSSKiller.3.1.0.28_28.04.2019_17.53.59_log.txt
2019-04-28 16:20 - 2019-04-28 16:21 - 001788416 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2019-04-28 15:42 - 2019-04-28 18:00 - 000679508 _____ C:\Windows\ZAM.krnl.trace
2019-04-28 15:42 - 2019-04-28 15:43 - 000000000 ____D C:\Users\Admin\AppData\Local\AMSDK
2019-04-28 15:42 - 2019-04-28 15:42 - 000208824 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2019-04-28 15:42 - 2019-04-28 15:42 - 000002000 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2019-04-28 15:42 - 2019-04-28 15:42 - 000000000 ____D C:\Users\Admin\AppData\Local\Zemana
2019-04-28 15:42 - 2019-04-28 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2019-04-28 15:42 - 2019-04-28 15:42 - 000000000 ____D C:\Program Files\Zemana
2019-04-28 13:12 - 2019-04-28 13:13 - 011630280 _____ (Zemana Ltd. ) C:\Users\Admin\Downloads\AntiMalware_Setup.exe
2019-04-28 12:06 - 2019-04-28 12:06 - 000000000 ____D C:\Program Files\Common Files\Oracle
2019-04-28 12:00 - 2019-04-28 12:00 - 007025360 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_7.3.exe
2019-04-28 11:45 - 2019-04-28 11:45 - 007025360 _____ (Malwarebytes) C:\Users\Admin\Desktop\adwcleaner_7.3.exe
2019-04-28 11:40 - 2019-04-28 11:42 - 000192378 _____ C:\TDSSKiller.3.1.0.28_28.04.2019_11.40.25_log.txt
2019-04-28 11:38 - 2019-04-28 11:38 - 004962800 _____ C:\Users\Admin\Downloads\tdsskiller.zip
2019-04-28 11:37 - 2019-04-28 11:38 - 000000366 _____ C:\TDSSKiller.3.1.0.12_28.04.2019_11.37.48_log.txt
2019-04-28 10:40 - 2019-04-28 10:40 - 000001191 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2019-04-28 10:40 - 2019-04-28 10:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2019-04-27 12:56 - 2019-04-27 12:57 - 000196359 _____ C:\Users\Admin\Downloads\McBain - Prizraky.pdb
2019-04-27 12:46 - 2019-04-27 12:47 - 000263731 _____ C:\Users\Admin\Downloads\80 milionu oci - McBain.epub
2019-04-21 18:05 - 2019-04-21 18:58 - 969440358 _____ C:\Users\Admin\Downloads\Mission Impossible Fallout (2018) CZ.avi
2019-04-21 17:34 - 2019-04-21 18:02 - 523481330 _____ C:\Users\Admin\Downloads\Pravidla pomsty (2018) č.dabing.mp4
2019-04-20 19:45 - 2019-04-20 19:46 - 009963898 _____ C:\Users\Admin\Downloads\Frank_ Herbert_DUNA komplet.zip
2019-04-20 19:42 - 2019-04-20 19:43 - 000297855 _____ C:\Users\Admin\Downloads\To velike zle mesto - McBain, Ed.epub
2019-04-14 23:53 - 2019-04-14 23:53 - 000945969 _____ C:\Users\Admin\Downloads\P40_Warhawk_Tiled.pdf
2019-04-14 23:52 - 2019-04-14 23:52 - 002641685 _____ C:\Users\Admin\Downloads\P40_Warhawk.pdf
2019-04-14 23:35 - 2019-04-14 23:35 - 002776876 _____ C:\Users\Admin\Downloads\ClippedJ3Blue.pdf
2019-04-14 23:34 - 2019-04-14 23:34 - 002785477 _____ C:\Users\Admin\Downloads\ClippedJ3Bluetiled.pdf
2019-04-14 23:30 - 2019-04-14 23:30 - 002380760 _____ C:\Users\Admin\Downloads\PA12SuperCruiser_p1.pdf
2019-04-14 23:29 - 2019-04-14 23:29 - 002389361 _____ C:\Users\Admin\Downloads\PA12SuperCruiser_p1_tiled.pdf
2019-04-14 23:18 - 2019-04-14 23:19 - 001092290 _____ C:\Users\Admin\Downloads\A0 full sheet images.pdf
2019-04-12 20:04 - 2019-04-12 21:13 - 753683232 _____ C:\Users\Admin\Downloads\Smrtelné stroje 2018 CZ dabing.Akční Dobrodružný, Fantasy, Sci-Fi, Thriller.mkv
2019-03-31 14:13 - 2019-03-31 14:14 - 000903477 _____ C:\Users\Admin\Downloads\SU-27 návod na stavbu.pdf

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-04-28 17:59 - 2016-12-02 10:50 - 000000000 ____D C:\FRST
2019-04-28 16:23 - 2009-07-14 06:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-04-28 16:23 - 2009-07-14 06:34 - 000014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-04-28 12:06 - 2015-03-09 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-04-28 12:06 - 2015-03-08 17:05 - 000000000 ____D C:\Program Files\Java
2019-04-28 12:02 - 2015-03-09 22:19 - 000097144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2019-04-28 12:00 - 2001-01-01 03:37 - 000000000 ____D C:\Users\Admin\AppData\Local\Adobe
2019-04-28 11:59 - 2015-10-21 17:15 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2019-04-28 11:59 - 2015-10-21 17:15 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2019-04-28 11:59 - 2014-08-30 15:29 - 000778150 _____ C:\Windows\system32\PerfStringBackup.INI
2019-04-28 11:59 - 2014-05-18 19:50 - 000000000 ____D C:\Windows\system32\Macromed
2019-04-28 11:59 - 2009-07-14 04:37 - 000000000 ____D C:\Windows\inf
2019-04-28 11:54 - 2016-12-02 13:26 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2019-04-28 11:54 - 2009-07-14 06:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-04-28 11:47 - 2016-08-31 15:26 - 000000000 ____D C:\AdwCleaner
2019-04-28 11:40 - 2016-12-02 13:13 - 000000000 ____D C:\Users\Admin\Desktop\tdss
2019-04-24 06:31 - 2017-08-09 00:14 - 000002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-04-24 06:31 - 2017-08-09 00:14 - 000002141 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-04-21 16:45 - 2015-10-21 18:12 - 000000000 ____D C:\Program Files\Opera
2019-04-15 22:19 - 2014-12-15 19:57 - 000000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2014-12-15 20:48 - 2017-06-22 06:39 - 000007605 _____ () C:\Users\Admin\AppData\Local\resmon.resmoncfg

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-04-27 19:04
==================== End of FRST.txt ============================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: mkeeper.exe

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

cozar
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 28 dub 2019 17:15

Re: mkeeper.exe

#3 Příspěvek od cozar »

Prikladam log:

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-04-23.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-28-2019
# Duration: 00:00:02
# OS: Windows 7 Home Premium
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1337 octets] - [28/04/2019 11:47:04]
AdwCleaner[C00].txt - [1503 octets] - [28/04/2019 11:47:38]
AdwCleaner[S01].txt - [1379 octets] - [28/04/2019 17:56:23]
AdwCleaner[S02].txt - [1440 octets] - [28/04/2019 18:59:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

cozar
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 28 dub 2019 17:15

Re: mkeeper.exe

#4 Příspěvek od cozar »

Malá zmena-stránky sa už otvárajú,ale myš stále blbne a pri skenovaní Superantispyware je stále mkeeper viď: https://ctrlv.cz/RZWV

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: mkeeper.exe

#5 Příspěvek od Rudy »

OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
C:\Users\Admin\AppData\Local\Temp
Task: {AE7D4183-6DC3-4841-9168-B5A7711A879B} - System32\Tasks\{AF6E502B-D020-47B2-B125-6952D6E0D3AA} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {F387B14E-EC18-4A36-874F-5BBE89F2C721} - System32\Tasks\AMHelper => C:\Program Files\Zemana\AntiMalware\AntiMalware.exe [638536 2019-04-11] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
SearchScopes: HKLM -> DefaultScope {440E185E-7D3D-4CF0-B3BF-350109621E66} URL =
C:\Users\Admin\Downloads\AntiMalware_Setup.exe
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
C:\ProgramData\Microsoft\Windows\MKeeperStat\mkeeper.exe

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

cozar
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 28 dub 2019 17:15

Re: mkeeper.exe

#6 Příspěvek od cozar »

:( :( Problém pretrváva-myš blbne(aj preto 2 smajlíky) a Superantispyware stále kontroluje mkeeper.
Prikladám log:

Fix result of Farbar Recovery Scan Tool (x86) Version: 28-04-2019
Ran by Admin (28-04-2019 20:18:13) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & bonus)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CloseProcesses:
C:\Users\Admin\AppData\Local\Temp
Task: {AE7D4183-6DC3-4841-9168-B5A7711A879B} - System32\Tasks\{AF6E502B-D020-47B2-B125-6952D6E0D3AA} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {F387B14E-EC18-4A36-874F-5BBE89F2C721} - System32\Tasks\AMHelper => C:\Program Files\Zemana\AntiMalware\AntiMalware.exe [638536 2019-04-11] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
SearchScopes: HKLM -> DefaultScope {440E185E-7D3D-4CF0-B3BF-350109621E66} URL =
C:\Users\Admin\Downloads\AntiMalware_Setup.exe
S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
C:\ProgramData\Microsoft\Windows\MKeeperStat\mkeeper.exe

EmptyTemp:
End
*****************

Processes closed successfully.

"C:\Users\Admin\AppData\Local\Temp" folder move:

Could not move "C:\Users\Admin\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE7D4183-6DC3-4841-9168-B5A7711A879B}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE7D4183-6DC3-4841-9168-B5A7711A879B}" => removed successfully.
C:\Windows\System32\Tasks\{AF6E502B-D020-47B2-B125-6952D6E0D3AA} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AF6E502B-D020-47B2-B125-6952D6E0D3AA}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F387B14E-EC18-4A36-874F-5BBE89F2C721}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F387B14E-EC18-4A36-874F-5BBE89F2C721}" => removed successfully.
C:\Windows\System32\Tasks\AMHelper => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AMHelper" => removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\Users\Admin\Downloads\AntiMalware_Setup.exe => moved successfully
HKLM\System\CurrentControlSet\Services\catchme => removed successfully.
catchme => service removed successfully.
"C:\ProgramData\Microsoft\Windows\MKeeperStat\mkeeper.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 91917801 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 242252918 B
Edge => 0 B
Chrome => 25525278 B
Firefox => 0 B
Opera => 120864230 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83377 B
LocalService => 132043 B
NetworkService => 799016 B
Admin => 3693428 B
bonus => 300514737 B

RecycleBin => 4788249 B
EmptyTemp: => 753.9 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-04-2019 20:22:16)

C:\Users\Admin\AppData\Local\Temp => moved successfully

==== End of Fixlog 20:22:16 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: mkeeper.exe

#7 Příspěvek od Rudy »

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Utilitu stáhněte, spusťte, nechte pracovat a po skončení akce smažte vše, co najde.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět