Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Po startu windows se otevře nechtěná stránka

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Příspěvky: 77
Registrován: 16 led 2014 18:01
Bydliště: Biskupice u Luhačovic

Po startu windows se otevře nechtěná stránka

#1 Příspěvek od Pepanecek5 »

kamáradovi se už delší dobou po startu počítače vždy automaticky otevře prohlížeč Google chrome s jednou záložkou, ve které je buď při nejlepším jen reklama na Sazku nebo nějaké kasíno nebo velice často hambaté stránky. Snažil jsem se toho zbavit, ale kompletní reinstal chrome počínaje i smazání složky z %appdata% nepomohlo. Snad mi díky vypísu z FRST pomůžete.

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\\GoogleCrashHandler.exe
(C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\\GoogleCrashHandler64.exe
(C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(C:\ProgramData\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\helper_process.exe <2>
(C:\ProgramData\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe <3>
(C:\ProgramData\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\WargamingErrorMonitor.exe
(DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atieclxx.exe
(explorer.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361901.inf_amd64_204a65b18f2a904a\B361909\atiesrxx.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\afwServ.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [215960 2022-12-16] (Avast Software s.r.o. -> AVAST Software)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3071192 2022-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2022-09-18] (Discord Inc. -> Discord Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1429888023-1104961401-3027777932-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4246376 2022-12-15] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1429888023-1104961401-3027777932-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2176176 2023-01-20] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1429888023-1104961401-3027777932-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File)
HKU\S-1-5-21-1429888023-1104961401-3027777932-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [408888 2021-01-12] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1429888023-1104961401-3027777932-1001\...\Run: [Vykurr] => cmd.exe /c start www.dipladoks.org (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\109.0.5414.75\Installer\chrmstp.exe [2023-01-20] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18DA55DD-EE7A-489E-B8EE-F0781F0F9B3F} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Warning (No File)
Task: {2E27243B-DDE8-4F3B-8914-051663DC5AA2} - System32\Tasks\Opera scheduled Autoupdate 1643206895 => C:\Users\Vykurr\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {33786517-8F1E-40FA-859E-C520D6C14D58} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {412FF10F-BAAC-42DC-ADC9-6031DF30DC3B} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4954008 2022-12-16] (Avast Software s.r.o. -> AVAST Software)
Task: {61D6E016-03E0-4A4D-AE10-192DBEF2EAE8} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {663CA9E0-BC63-40D4-8F25-1CCD6C603470} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Disable (No File)
Task: {6F75FA85-7650-4764-A8A0-2FA5DB47020A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2250576 2022-05-26] (Avast Software s.r.o. -> Avast Software)
Task: {79C43E22-780B-41B7-83A0-2432888D27B1} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {7D1AD222-07EB-4CDA-8DD9-CC2E27429098} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe /UPDATE (No File)
Task: {84CA3892-87C3-4CF9-A1DA-7621BA006EC7} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {8C32C54F-8637-447D-A6AE-0B696E9D5279} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {B27E8DBF-8613-4039-8A26-9CC09A635B9B} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1710472 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {B9F24700-FFFB-41EE-8D46-480BA5490711} - System32\Tasks\Opera scheduled assistant Autoupdate 1643206900 => C:\Users\Vykurr\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Vykurr\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {CA651ED8-BFBE-49C5-A6E2-962FC957922D} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {D05942F7-FC95-4FB1-9B3A-FD7C2C00C4BA} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe /SKIPUAC (No File)
Task: {F8318C0A-3E75-4052-9A1C-1F01D66858A3} - System32\Tasks\Vykurr => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Vykurr /t REG_SZ /d "cmd.exe /c start www.dipladoks.org"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{6c973c7c-fd0c-40a9-8cc3-683db6e49c29}: [DhcpNameServer]
Tcpip\..\Interfaces\{8880b433-dd9f-4c7b-97b3-c9ff7b7def7f}: [DhcpNameServer]
Tcpip\..\Interfaces\{e922a544-de96-4fc0-a827-3bfa1d45638f}: [DhcpNameServer]

Edge Profile: C:\Users\Vykurr\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-02]

FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2021-10-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2021-10-26] (Oracle America, Inc. -> Oracle Corporation)

CHR Profile: C:\Users\Vykurr\AppData\Local\Google\Chrome\User Data\Default [2023-01-23]
CHR Extension: (Dokumenty Google offline) - C:\Users\Vykurr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-23]
CHR Extension: (AdBlock - nejlepší blokátor reklam) - C:\Users\Vykurr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-01-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Vykurr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-01-23]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8553880 2022-12-22] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [597400 2022-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [2038168 2022-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [597400 2022-12-16] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-31] (Avast Software s.r.o. -> AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2023-01-08] (BattlEye Innovations e.K. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [5026104 2021-01-12] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-07-23] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2022-07-11] (Epic Games Inc. -> Epic Games, Inc.)
S3 HnGSteamService; D:\Games\Steam\steamapps\common\Heroes & Generals\hngservice.exe [789192 2023-01-08] (Reto-Moto ApS -> Reto-Moto ApS)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2021-04-18] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2021-04-18] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [15162168 2022-12-12] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 ucldr_battlegrounds_gl; C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe [7152880 2022-01-13] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10420944 2022-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 zksvc; C:\Program Files\Common Files\PUBG\zksvc.exe [8737992 2022-01-31] (PUBG CORPORATION -> PUBG Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [62056 2020-07-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2023-01-23] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [31424 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229208 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [391272 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [297832 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [95960 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [25576 2022-11-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [39648 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [267888 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [555560 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [105248 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [80376 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [852000 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [695496 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [212632 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [318456 2022-12-16] (Microsoft Windows Hardware Compatibility Publisher -> AVAST Software)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [310728 2022-01-11] (Tages SA -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2021-01-12] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2021-01-12] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [42696 2022-01-11] (Tages SA -> )
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12464 2022-12-25] (Macrovision Europe Ltd) [File not signed]
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8736232 2022-08-30] (Riot Games, Inc. -> Riot Games, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2522256 2022-01-31] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-23 21:27 - 2023-01-23 21:27 - 000018621 _____ C:\Users\Vykurr\Desktop\FRST.txt
2023-01-23 21:15 - 2023-01-23 21:15 - 000000166 _____ C:\Users\Vykurr\Desktop\Fixlog.txt
2023-01-23 21:14 - 2023-01-23 21:27 - 000000000 ____D C:\FRST
2023-01-23 21:13 - 2023-01-23 21:13 - 002376704 _____ (Farbar) C:\Users\Vykurr\Desktop\FRST64.exe
2023-01-23 21:09 - 2023-01-23 21:28 - 000062962 _____ C:\WINDOWS\ZAM.krnl.trace
2023-01-23 21:09 - 2023-01-23 21:09 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2023-01-23 21:09 - 2023-01-23 21:09 - 000003542 _____ C:\WINDOWS\system32\Tasks\AMHelper
2023-01-23 21:09 - 2023-01-23 21:09 - 000002648 _____ C:\WINDOWS\system32\Tasks\AMSkipUAC
2023-01-23 21:09 - 2023-01-23 21:09 - 000000000 ____D C:\Users\Vykurr\AppData\Local\Zemana
2023-01-23 21:09 - 2023-01-23 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2023-01-23 21:08 - 2023-01-23 21:09 - 000000000 ____D C:\Users\Vykurr\AppData\Local\AMSDK
2023-01-23 21:08 - 2023-01-23 21:08 - 013922376 _____ (Zemana Ltd. ) C:\Users\Vykurr\Desktop\Zemana.AntiMalware.Setup.exe
2023-01-23 21:05 - 2023-01-23 21:05 - 000000813 _____ C:\Users\Vykurr\Desktop\Riot Client.lnk
2023-01-23 10:30 - 2023-01-23 10:30 - 000000000 ___HD C:\$WinREAgent
2023-01-21 02:05 - 2023-01-21 02:05 - 000000000 ____D C:\Users\Vykurr\AppData\Local\GSS2
2023-01-21 02:05 - 2023-01-21 02:05 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-01-21 02:05 - 2023-01-21 02:05 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2023-01-08 10:18 - 2023-01-08 10:18 - 000000222 _____ C:\Users\Vykurr\Desktop\Heroes & Generals.url
2022-12-25 22:46 - 2022-12-25 22:46 - 000000000 ____D C:\Users\Vykurr\Documents\Command and Conquer Generals Data
2022-12-25 21:50 - 2022-12-25 21:50 - 000000222 _____ C:\Users\Vykurr\Desktop\War Thunder.url

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-01-23 21:27 - 2021-01-02 18:03 - 000000000 ____D C:\Program Files (x86)\Google
2023-01-23 21:25 - 2021-03-04 19:57 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2023-01-23 21:25 - 2021-01-02 18:05 - 000000000 ____D C:\ProgramData\Avast Software
2023-01-23 21:25 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-01-23 21:24 - 2021-05-06 22:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-01-23 21:24 - 2021-05-06 22:26 - 000008192 ___SH C:\DumpStack.log.tmp
2023-01-23 21:24 - 2021-01-09 14:55 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2023-01-23 21:24 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-01-23 21:20 - 2021-05-07 14:59 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-01-23 21:20 - 2019-12-07 15:43 - 000716726 _____ C:\WINDOWS\system32\perfh005.dat
2023-01-23 21:20 - 2019-12-07 15:43 - 000144904 _____ C:\WINDOWS\system32\perfc005.dat
2023-01-23 21:20 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-01-23 21:10 - 2021-05-06 22:28 - 000000000 ____D C:\Users\Vykurr
2023-01-23 21:06 - 2021-05-06 22:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-01-23 21:05 - 2022-01-03 18:34 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2023-01-23 21:03 - 2022-06-09 17:26 - 000000000 ____D C:\WINDOWS\Minidump
2023-01-23 21:00 - 2021-01-03 19:32 - 000000000 ____D C:\Users\Vykurr\AppData\Local\CrashDumps
2023-01-23 20:59 - 2021-01-02 18:14 - 000000000 ____D C:\Users\Vykurr\AppData\Local\D3DSCache
2023-01-23 20:58 - 2021-01-02 18:12 - 000000000 ____D C:\Users\Vykurr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-01-23 20:58 - 2021-01-02 18:05 - 000000000 ____D C:\Program Files (x86)\Steam
2023-01-23 20:56 - 2021-04-23 19:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2023-01-23 20:54 - 2021-01-10 00:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2023-01-23 20:51 - 2021-05-06 22:33 - 000003568 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-01-23 20:51 - 2021-05-06 22:33 - 000003344 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-01-23 20:46 - 2021-05-06 22:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2023-01-23 19:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-01-23 19:25 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-01-23 19:23 - 2021-05-06 22:27 - 000258096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-23 19:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-01-23 19:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-01-23 19:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-01-23 19:22 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-01-23 10:41 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-22 19:11 - 2021-01-29 20:52 - 000000000 ____D C:\Users\Vykurr\AppData\Local\Discord
2023-01-22 19:11 - 2021-01-02 19:11 - 000000000 ____D C:\Users\Vykurr\AppData\Roaming\discord
2023-01-22 13:21 - 2021-01-10 12:37 - 000002236 _____ C:\Users\Vykurr\Desktop\Discord.lnk
2023-01-22 12:51 - 2021-05-06 22:33 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2023-01-22 12:50 - 2021-01-02 17:57 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-01-22 12:50 - 2021-01-02 17:57 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-01-20 20:35 - 2021-05-06 22:29 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-01-20 20:24 - 2021-01-02 18:04 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-20 20:24 - 2021-01-02 18:04 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-01-15 00:19 - 2021-01-03 00:21 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-15 00:16 - 2021-01-03 00:21 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-01-08 16:02 - 2021-01-02 20:38 - 000000000 ____D C:\Users\Vykurr\AppData\Roaming\BitTorrent
2023-01-08 15:54 - 2021-02-08 20:43 - 000000000 ____D C:\Users\Vykurr\AppData\Local\BitTorrentHelper
2023-01-08 11:38 - 2021-02-14 01:33 - 000000000 ____D C:\Users\Vykurr\AppData\LocalLow\Heroes and Generals
2022-12-26 13:57 - 2021-01-02 18:02 - 000000000 ____D C:\Users\Vykurr\Desktop\Saved Pictures
2022-12-25 22:55 - 2021-04-18 14:59 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-12-25 22:47 - 2022-02-20 11:51 - 000012464 _____ (Macrovision Europe Ltd) C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2022-12-25 22:44 - 2022-02-20 11:51 - 000000617 _____ C:\WINDOWS\eReg.dat
2022-12-25 21:50 - 2021-01-02 21:01 - 000000000 ____D C:\Users\Vykurr\Documents\DAVAProject

==================== Files in the root of some directories ========

2021-02-15 11:08 - 2022-12-12 16:48 - 000028672 _____ () C:\Users\Vykurr\AppData\Roaming\crash.bin
2021-08-20 14:32 - 2021-08-20 14:32 - 000000006 _____ () C:\Users\Vykurr\AppData\Local\4040BEE0000f056.dat
2021-08-20 14:31 - 2021-08-20 14:31 - 000000036 _____ () C:\Users\Vykurr\AppData\Local\8051BDD0000f042.dat
2021-03-06 23:11 - 2021-03-06 23:11 - 000002183 _____ () C:\Users\Vykurr\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

==================== Memory info ===========================

BIOS: American Megatrends Inc. Fid 02/27/2014
Motherboard: Gigabyte Technology Co., Ltd. H61M-S2PV
Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 43%
Total physical RAM: 8155.33 MB
Available physical RAM: 4614.02 MB
Total Virtual: 12507.33 MB
Available Virtual: 8696.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.16 GB) (Free:56.74 GB) (Model: Patriot Burst ATA Device) NTFS
Drive d: (Místní disk) (Fixed) (Total:1863 GB) (Free:988.84 GB) (Model: ST2000DM008-2FR102 ATA Device) NTFS

\\?\Volume{25d08de8-38ed-4f4e-b921-2f2c956fb159}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{d9a5ea06-17ca-40f3-a05b-9686da0724f3}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118357
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Po startu windows se otevře nechtěná stránka

#2 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1429888023-1104961401-3027777932-1001\...\Run: [Vykurr] => cmd.exe /c start www.dipladoks.org (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {18DA55DD-EE7A-489E-B8EE-F0781F0F9B3F} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Warning (No File)
Task: {2E27243B-DDE8-4F3B-8914-051663DC5AA2} - System32\Tasks\Opera scheduled Autoupdate 1643206895 => C:\Users\Vykurr\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {79C43E22-780B-41B7-83A0-2432888D27B1} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {7D1AD222-07EB-4CDA-8DD9-CC2E27429098} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe /UPDATE (No File)
Task: {84CA3892-87C3-4CF9-A1DA-7621BA006EC7} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {D05942F7-FC95-4FB1-9B3A-FD7C2C00C4BA} - System32\Tasks\AMSkipUAC => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe /SKIPUAC (No File)
Task: {F8318C0A-3E75-4052-9A1C-1F01D66858A3} - System32\Tasks\Vykurr => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Vykurr /t REG_SZ /d "cmd.exe /c start www.dipladoks.org"

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Log Addition není kompletní, zkuste ho sem dát znovu. Děkuji.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
