Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

explorer - vyskakovaci okna

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
SoonTy
Návštěvník
Návštěvník
Příspěvky: 73
Registrován: 09 lis 2005 22:11
Kontaktovat uživatele:

explorer - vyskakovaci okna

#1 Příspěvek od SoonTy »

dobry den,

na jednom firemnim PC ma kolega problém s vyskakovacími okny. Prikladam log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23.02.2018
Ran by DD (administrator) on DD-PC (23-02-2018 21:22:40)
Running from C:\Users\DD\Desktop
Loaded Profiles: DD (Available Profiles: DD)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Intel) C:\Program Files\Intel\AMT\LMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel) C:\Program Files\Intel\AMT\UNS.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(forum.viry.cz) C:\Users\DD\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [atchk] => C:\Program Files\Intel\AMT\atchk.exe [401408 2009-12-01] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTracking] => "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [8003664 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Users\W\AppData\Roaming\Microsoft\wgaabjtf\bbbbbbbb.exe [289280 2014-04-15] ()
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: E - E:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {026bfc4a-155f-11e7-9cd1-00219b41bed2} - E:\Startme.exe
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\...\MountPoints2: {ed2524cd-4450-11e7-ada3-00219b41bed2} - E:\HiSuiteDownLoader.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\DD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk [2015-01-09]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 77.236.192.130
Tcpip\..\Interfaces\{B49B0752-B0C2-413E-9396-1CBD01643D87}: [DhcpNameServer] 8.8.8.8 77.236.192.130
ManualProxies: 0hxxp://web-quick.com/wpad.dat?d237324aa363cadab7cc6569550bd09136767860

Internet Explorer:
==================
HKU\S-1-5-21-3274311375-3095276521-1623220161-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.cz/
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> DefaultScope {20AB443D-4725-4468-8421-390C3683039A} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3274311375-3095276521-1623220161-1000 -> {A6D5F998-18F9-473B-B930-4006E4F71A7B} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)




Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&s ... utEncoding?}
CHR Profile: C:\Users\DD\AppData\Local\Google\Chrome\User Data\Default [2018-02-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\W\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2009-12-01] (Intel Corporation) [File not signed]
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-09-20] (Macrovision Europe Ltd.) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
R2 HPSLPSVC; C:\Users\DD\AppData\Local\Temp\7zS17B2\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.) <==== ATTENTION
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2013-05-16] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WorkshopDBService; C:\Program Files\Vivid WorkshopData ATI\WorkshopDBServer.exe [114688 2017-06-14] (Acresso) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-08-28] (Disc Soft Ltd)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-29] (Intel Corporation)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [13824 2012-11-08] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [21638 2008-08-22] () [File not signed]
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2014-06-06] (TeamViewer GmbH)
S3 eapihdrv; \??\C:\Users\W\AppData\Local\Temp\ehdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-23 21:22 - 2018-02-23 21:24 - 000017755 _____ C:\Users\DD\Desktop\FRST.txt
2018-02-23 21:22 - 2018-02-23 21:22 - 000000000 ____D C:\FRST
2018-02-23 21:20 - 2018-02-23 21:20 - 001763328 _____ (Farbar) C:\Users\DD\Desktop\FRST.exe
2018-02-23 21:18 - 2018-02-23 21:18 - 000112640 _____ (forum.viry.cz) C:\Users\DD\Desktop\FRSTLauncher.exe
2018-02-23 21:05 - 2018-02-23 21:05 - 000111068 _____ C:\Users\DD\Documents\cc_20180223_210456.reg
2018-02-23 20:55 - 2018-02-23 20:55 - 011217088 _____ (Piriform Ltd) C:\Users\DD\Downloads\ccsetup540pro.exe
2018-02-23 12:50 - 2018-02-23 21:09 - 000000000 ____D C:\AdwCleaner
2018-02-23 12:16 - 2018-02-23 12:17 - 008222496 _____ (Malwarebytes) C:\Users\DD\Desktop\adwcleaner_7.0.8.0.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-23 21:20 - 2009-07-14 05:34 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-23 21:20 - 2009-07-14 05:34 - 000014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-23 21:11 - 2017-06-14 16:19 - 000000000 ____D C:\ProgramData\organiser
2018-02-23 21:10 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-23 21:09 - 2014-06-25 12:33 - 000000000 ____D C:\Program Files\TeamViewer
2018-02-23 20:58 - 2014-05-22 16:36 - 000000000 ____D C:\Users\DD\AppData\Local\CrashDumps
2018-02-23 20:58 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2018-02-23 20:56 - 2017-11-20 19:57 - 000000000 ____D C:\Program Files\CCleaner
2018-02-23 20:55 - 2017-11-20 19:57 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-23 20:52 - 2014-09-02 10:34 - 000000000 ____D C:\Users\DD\Documents\Soubory aplikace Outlook
2018-02-23 15:26 - 2016-10-20 10:36 - 000000000 ____D C:\Users\DD\Documents\_taxi
2018-02-22 15:50 - 2009-07-14 05:53 - 000032522 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-02-16 10:20 - 2016-07-22 13:17 - 000000000 ____D C:\Users\DD\Documents\__nove
2018-02-06 18:31 - 2014-04-14 13:00 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-02-06 18:31 - 2014-04-14 13:00 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-02-06 18:31 - 2014-04-14 13:00 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-05 11:49 - 2015-10-16 11:31 - 000000000 ____D C:\Users\DD\Documents\_pojistky

==================== Files in the root of some directories =======

2014-10-06 14:25 - 2006-11-01 11:05 - 000154424 _____ () C:\Users\DD\Volumeid.exe
2014-05-30 08:17 - 2014-05-30 08:17 - 000000089 _____ () C:\Users\DD\AppData\Local\fusioncache.dat
2014-05-07 17:16 - 2015-05-22 15:45 - 000013030 _____ () C:\Users\DD\AppData\Local\PDOXUSRS.NET

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\DD\Desktop" je 56346 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Naposledy upravil(a) SoonTy dne 04 úno 2019 11:12, celkem upraveno 2 x.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 113779
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: explorer - vyskakovaci okna

#2 Příspěvek od Rudy »

Zdravím!
Lituji, ale toto fórum neslouží pro firemní klientelu, ale pro home usery: https://forum.viry.cz/viewtopic.php?f=12&t=5601 (bod 6). Pro firemní PC slouží IT oddělení, případně nasmlovaní IT odborníci. Neděláme práci za někoho, kdo je za ni placen.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět