VIRY.CZ

Zdravím
mám problém, že mi PC automaticky zapne proxy server, nevím jak se zřejmě viru zbavit. Spustil jsem ADW cleaner a anti Malwarebytes, sice něco označili a problém trvá pořád

předem díky za rady

přikládám log z FRST a LOG Addition v příloze:¨

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Piskovi (administrator) on DESKTOP-T3ENPIT (12-08-2018 13:41:14)
Running from C:\Users\Piskovi\Desktop
Loaded Profiles: Piskovi & (Available Profiles: Piskovi)
Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Threat Expert Ltd.) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
(PC Tools) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
(PC Tools) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(PC Tools) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11806.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [ISTray] => C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe [2717816 2012-11-01] (PC Tools)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk [2018-04-13]
ShortcutTarget: PDFCreator.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator.exe (pdfforge hxxp://www.pdfforge.org/)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182241433] => Proxy is enabled.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182241433] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182310814] => Proxy is enabled.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182310814] => http=127.0.0.1:8080;https=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 10.255.255.10 10.255.255.20 192.168.1.1
Tcpip\..\Interfaces\{5e869274-8b17-460a-9f1f-0f68293917e9}: [DhcpNameServer] 10.255.255.10 10.255.255.20 192.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3752748468-3011474251-3921347417-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182241433\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182310814\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
URLSearchHook: HKU\S-1-5-21-3752748468-3011474251-3921347417-1001 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
URLSearchHook: HKU\S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182241433 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
URLSearchHook: HKU\S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182310814 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: PC Tools Browser Guard BHO -> {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -> C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23] (Threat Expert Ltd.)

FireFox:
========
FF DefaultProfile: gvksgkys.default
FF ProfilePath: C:\Users\Piskovi\AppData\Roaming\Mozilla\Firefox\Profiles\gvksgkys.default [2018-08-12]
FF Homepage: Mozilla\Firefox\Profiles\gvksgkys.default -> www.seznam.cz
FF NetworkProxy: Mozilla\Firefox\Profiles\gvksgkys.default -> type", 0
FF Extension: (AdBlock) - C:\Users\Piskovi\AppData\Roaming\Mozilla\Firefox\Profiles\gvksgkys.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-07-30]
FF Extension: (Video DownloadHelper) - C:\Users\Piskovi\AppData\Roaming\Mozilla\Firefox\Profiles\gvksgkys.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-08-02]
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF Extension: (Browser Guard Toolbar) - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2018-04-13] [Legacy] [not signed]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/?clid=22668"
CHR NewTab: Default -> Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/newTab.html"
CHR Profile: C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default [2018-08-11]
CHR Extension: (Prezentace) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-13]
CHR Extension: (Dokumenty) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-13]
CHR Extension: (Disk Google) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-13]
CHR Extension: (Seznam doplněk - Email) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2018-06-27]
CHR Extension: (Seznam doplněk - Esko-) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd [2018-06-27]
CHR Extension: (YouTube) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-13]
CHR Extension: (Tabulky) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-13]
CHR Extension: (Dokumenty Google offline) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-13]
CHR Extension: (AdBlock) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-13]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2018-06-27]
CHR Extension: (Gmail) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-13]
CHR Extension: (Chrome Media Router) - C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08]
CHR Profile: C:\Users\Piskovi\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [580728 2012-10-23] (Threat Expert Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [403416 2012-10-31] (PC Tools)
R2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1162360 2012-11-01] (PC Tools)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DxVGrb; C:\WINDOWS\system32\drivers\DxVGrb.sys [222464 2012-01-10] (Dexetek )
R3 johci; C:\WINDOWS\System32\drivers\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-07-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-26] (Malwarebytes)
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2018-04-12] (Intel Corporation)
R3 PCTBD; C:\WINDOWS\System32\Drivers\PCTBD64.sys [77144 2012-10-23] (PC Tools)
R0 PCTCore; C:\WINDOWS\System32\drivers\PCTCore64.sys [413448 2012-10-22] (PC Tools)
R0 pctDS; C:\WINDOWS\System32\drivers\pctDS64.sys [453896 2012-02-28] (PC Tools)
R0 pctEFA; C:\WINDOWS\System32\drivers\pctEFA64.sys [1096176 2012-02-28] (PC Tools)
R1 pctgntdi; C:\Windows\System32\drivers\pctgntdi64.sys [347016 2012-10-31] (PC Tools)
R3 pctplsm; C:\Windows\System32\drivers\pctplsm64.sys [87968 2012-11-01] (PC Tools)
R1 PCTSD; C:\WINDOWS\System32\Drivers\PCTSD64.sys [253256 2012-11-01] (PC Tools)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-12 13:41 - 2018-08-12 13:43 - 000016081 _____ C:\Users\Piskovi\Desktop\FRST.txt
2018-08-12 13:37 - 2018-08-12 13:41 - 000000000 ____D C:\FRST
2018-08-12 13:33 - 2018-08-12 13:34 - 002412544 _____ (Farbar) C:\Users\Piskovi\Desktop\FRST64.exe
2018-08-12 13:33 - 2018-08-12 13:33 - 000000000 _____ C:\Users\Piskovi\Desktop\FRSTLauncher.exe
2018-08-12 12:51 - 2018-08-12 13:38 - 000000000 ____D C:\Users\Piskovi\Desktop\Rakousko červenec 18
2018-07-26 18:21 - 2018-07-26 18:21 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-26 18:21 - 2018-07-26 18:21 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-07-26 18:21 - 2018-07-26 18:21 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-26 18:21 - 2018-07-26 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-26 18:21 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-26 18:20 - 2018-07-26 18:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-26 18:20 - 2018-07-26 18:20 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-26 18:13 - 2018-07-26 18:15 - 000000000 ____D C:\AdwCleaner
2018-07-26 18:13 - 2018-07-26 18:13 - 074288784 _____ (Malwarebytes ) C:\Users\Piskovi\Downloads\mb3-setup-1878.1878-3.5.1.2522.exe
2018-07-26 18:12 - 2018-07-26 18:12 - 007395536 _____ (Malwarebytes) C:\Users\Piskovi\Downloads\AdwCleaner.exe
2018-07-21 10:41 - 2018-08-10 17:21 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-21 10:41 - 2018-08-10 17:21 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-21 10:40 - 2018-07-21 10:40 - 000003472 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-21 10:40 - 2018-07-21 10:40 - 000003348 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-21 10:39 - 2018-07-21 10:39 - 001130840 _____ (Google Inc.) C:\Users\Piskovi\Downloads\ChromeSetup.exe
2018-07-21 10:16 - 2018-07-21 10:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3752748468-3011474251-3921347417-1001
2018-07-19 18:25 - 2018-07-23 09:28 - 000000000 ____D C:\Users\Piskovi\Desktop\Svatba Aneta a Adam

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-08-12 13:42 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-12 12:07 - 2018-04-13 20:39 - 000000000 ____D C:\ProgramData\TEMP
2018-08-12 12:06 - 2018-05-27 10:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-12 08:01 - 2018-05-27 10:40 - 000003656 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2018-08-12 07:59 - 2018-04-13 20:47 - 000000000 ____D C:\Users\Piskovi\AppData\LocalLow\Mozilla
2018-08-10 18:58 - 2018-04-13 20:42 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-08-10 18:58 - 2018-04-13 20:42 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-08-10 18:58 - 2018-04-13 20:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-30 08:08 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-30 08:08 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-30 08:07 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-26 21:05 - 2018-05-27 10:33 - 001689050 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-26 21:05 - 2018-04-12 17:51 - 000716276 _____ C:\WINDOWS\system32\perfh005.dat
2018-07-26 21:05 - 2018-04-12 17:51 - 000144534 _____ C:\WINDOWS\system32\perfc005.dat
2018-07-26 21:05 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-26 21:03 - 2018-07-06 10:07 - 000000442 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-07-26 18:21 - 2018-04-13 20:40 - 003289113 _____ C:\WINDOWS\system32\Drivers\Cat.DB
2018-07-26 18:17 - 2018-05-27 10:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-26 18:15 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-21 10:41 - 2018-04-13 20:51 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-21 10:19 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-19 13:27 - 2018-07-12 08:24 - 000000000 ____D C:\ProgramData\Packages
2018-07-15 09:57 - 2018-05-27 18:03 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-13 21:25 - 2018-05-27 10:18 - 000000000 ____D C:\Users\Piskovi

==================== Files in the root of some directories =======

2018-04-13 20:43 - 2018-04-13 20:43 - 000000003 _____ () C:\Users\Piskovi\AppData\Local\updater.log
2018-04-13 20:43 - 2018-06-28 20:16 - 000000425 _____ () C:\Users\Piskovi\AppData\Local\UserProducts.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-27 10:13

==================== End of FRST.txt ============================

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 7.2.2.0
# -------------------------------
# Build: 07-17-2018
# Database: 2018-08-13.2
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-16-2018
# Duration: 00:02:05
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2492 octets] - [26/07/2018 18:14:36]
AdwCleaner[C00].txt - [2436 octets] - [26/07/2018 18:15:21]
AdwCleaner[S01].txt - [1363 octets] - [16/08/2018 17:56:49]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182241433] => Proxy is enabled.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182241433] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182310814] => Proxy is enabled.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182310814] => http=127.0.0.1:8080;https=127.0.0.1:8080
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\WINDOWS\System32\Tasks\AutoKMS
Task: {8B1F0208-6939-43E9-B250-A3BC56728FF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {9498D20C-8CB0-4FB5-9A9A-BDEE5D56288F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2018-04-13] ()
Task: {FD8E6D6F-567E-448C-A395-C79961E31E64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [171]

EmptyTemo:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Piskovi (16-08-2018 19:09:16) Run:1
Running from C:\Users\Piskovi\Desktop
Loaded Profiles: Piskovi (Available Profiles: Piskovi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <==== ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyServer: [HKLM-x32] => http=127.0.0.1:8080;https=127.0.0.1:8080
AutoConfigURL: [HKLM] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182241433] => Proxy is enabled.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182241433] => http=127.0.0.1:8080;https=127.0.0.1:8080
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182310814] => Proxy is enabled.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182310814] => http=127.0.0.1:8080;https=127.0.0.1:8080
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
C:\WINDOWS\System32\Tasks\AutoKMS
Task: {8B1F0208-6939-43E9-B250-A3BC56728FF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {9498D20C-8CB0-4FB5-9A9A-BDEE5D56288F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2018-04-13] ()
Task: {FD8E6D6F-567E-448C-A395-C79961E31E64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [171]

EmptyTemo:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL" => not found
"HKU\S-1-5-21-3752748468-3011474251-3921347417-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\S-1-5-21-3752748468-3011474251-3921347417-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => removed successfully
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182241433] => Proxy is enabled. => Error: No automatic fix found for this entry.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182241433] => http=127.0.0.1:8080;https=127.0.0.1:8080 => Error: No automatic fix found for this entry.
ProxyEnable: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182310814] => Proxy is enabled. => Error: No automatic fix found for this entry.
ProxyServer: [S-1-5-21-3752748468-3011474251-3921347417-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262018182310814] => http=127.0.0.1:8080;https=127.0.0.1:8080 => Error: No automatic fix found for this entry.
"HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\" => removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B1F0208-6939-43E9-B250-A3BC56728FF9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B1F0208-6939-43E9-B250-A3BC56728FF9}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9498D20C-8CB0-4FB5-9A9A-BDEE5D56288F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9498D20C-8CB0-4FB5-9A9A-BDEE5D56288F}" => removed successfully
"C:\WINDOWS\System32\Tasks\AutoKMS" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD8E6D6F-567E-448C-A395-C79961E31E64}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD8E6D6F-567E-448C-A395-C79961E31E64}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully
EmptyTemo: => Error: No automatic fix found for this entry.

The system needed a reboot.

==== End of Fixlog 19:09:17 ====

Proxy server již samovolně nepřipojuje

Udělal jsem ve skriptu překlep, za což se omlouvám. Spusťte fixování ještě jednou s tímto skriptem:

Start

CloseProcesses:
EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte. Děkuji. Vše ostatní bylo smazáno.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.08.2018 02
Ran by Piskovi (20-08-2018 15:25:04) Run:2
Running from C:\Users\Piskovi\Desktop
Loaded Profiles: Piskovi (Available Profiles: Piskovi)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
EmptyTemp:
End
*****************

Processes closed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 56122094 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 155648 B
Edge => 1108308 B
Chrome => 569209415 B
Firefox => 388378726 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 888130 B
LocalService => 22714 B
LocalService => 0 B
NetworkService => 2724 B
NetworkService => 0 B
Piskovi => 51223450 B

RecycleBin => 16879229 B
EmptyTemp: => 1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:26:21 ====

Teď bylo smazáno vše, co bylo třeba. Nastala nějaká změna?

Proxy server již samovolně nepřipojuje. Vypadá to, že je to vyléčeno, děkuji moc.

Rádo se stalo!

VIRY.CZ

samostatně spuští proxy server

samostatně spuští proxy server

Re: samostatně spuští proxy server

Re: samostatně spuští proxy server

Re: samostatně spuští proxy server

Re: samostatně spuští proxy server

Re: samostatně spuští proxy server

Re: samostatně spuští proxy server

Re: samostatně spuští proxy server

Re: samostatně spuští proxy server

Re: samostatně spuští proxy server