Opakovaně vyskakující okno o tom, že WS defender našel malware

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: memphisto, Mods_senior, Security team

asphyxxia
Level 1
Level 1
Příspěvky: 56
Registrován: duben 16
Pohlaví: Žena

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod asphyxxia » 27 čer 2018 22:39

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2018/6/27
Operating System : Windows 8.1 64-bit
Processor : 2X AMD A4-3300M APU with Radeon(tm) HD Graphics
BIOS Mode : Legacy
CUID : 12A950C00EC767E43A4FA0
Scan Type : Skenování systému
Duration : 6m 4s
Scanned Objects : 50254
Detected Objects : 1
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

wszndesktop.exe
Status : Skenováno
Object : %appdata%\seznam.cz\bin\wszndesktop.exe
MD5 : 177C7E1FB4793BFCC6B06D11D8032481
Publisher : Seznam.cz, a.s.
Size : 103080
Version : -
Detection : Adware:Win32/Seznam-DJ!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %appdata%\seznam.cz\bin\wszndesktop.exe
Záznam registru - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cz.seznam.software.szndesktop = "C:\Users\Adela\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q


Cleaning Result
-------------------------------------------------------
Cleaned : 1
Reported as safe : 0
Failed : 0



Reklama
asphyxxia
Level 1
Level 1
Příspěvky: 56
Registrován: duben 16
Pohlaví: Žena

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod asphyxxia » 27 čer 2018 22:42

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:41:33, on 27. 6. 2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18792)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Adela\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\Adela\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~2\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Poslat do On&eNotu - res://C:\PROGRA~2\MICROS~1\Office16\ONBttnIE.dll/105
O9 - Extra button: Poslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Poslat do On&eNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{23990FFD-9393-4FD2-9BD6-98272CAAEFEA}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B98E086-7AE3-4428-8EE3-E0B9DE6FE919}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C8E1521-92EC-47FD-AD09-C12D173DA866}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{8718928D-CBEB-45EA-A621-800A9249001D}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC427FEA-C20A-447F-A6D6-B5E999629016}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{23990FFD-9393-4FD2-9BD6-98272CAAEFEA}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 9088 bytes

asphyxxia
Level 1
Level 1
Příspěvky: 56
Registrován: duben 16
Pohlaví: Žena

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod asphyxxia » 27 čer 2018 22:47

Malware se zatím znovu prostřednictvím WS Defender neobjevil, chtěla bych se ještě zeptat, zdali je nějaká šance zlepšit práci PC při spouštění/restartu? Několikrát ho vždy musím přerestartovávat, opakovaně se objevují BSoD, dokonce častokrát těsně před naběhnutím obrazovky zamrzne v temnotě, a tak ho je třeba vypínačem natvrdo vypnout, nechat odpočinout a zase se pokusit zapnout. Na vině je pravděpodobně senilní grafická karta (chyba se ukazuje jako videofailure.antikmapsys nebo něco takovýho).

Ještě dotaz od laika - měla jsem dosud spuštěný Malwarebytes jako antivir, obejdu se bez něj a postačí jen ten WS Defender?

Moc děkuju za všechno.

A.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39309
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod jaro3 » 28 čer 2018 18:50

Místo WD doporučuji antivir Avira , Avast , Comodo ap.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Adela\AppData\Roaming\Seznam.cz\szninstall.exe" -c


Zadej si téma do sekce BSOD..

+
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

asphyxxia
Level 1
Level 1
Příspěvky: 56
Registrován: duben 16
Pohlaví: Žena

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod asphyxxia » 02 črc 2018 22:35

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Adela (02-07-2018 22:05:07)
Running from C:\Users\Adela\Desktop
Windows 8.1 Pro (Update) (X64) (2016-06-10 04:50:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Adela (S-1-5-21-1277085983-4139081718-311539203-1001 - Administrator - Enabled) => C:\Users\Adela
Administrator (S-1-5-21-1277085983-4139081718-311539203-500 - Administrator - Disabled)
Guest (S-1-5-21-1277085983-4139081718-311539203-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1277085983-4139081718-311539203-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Age of Empires II HD (c) Microsoft Studios version 1 (HKLM-x32\...\QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1) (Version: 1 - )
ALZip (HKLM-x32\...\ALZip_is1) (Version: 6.7 - ESTsoft Corp.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0466 - Disc Soft Ltd)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Heroes of Might & Magic III - HD Edition (HKLM-x32\...\Heroes of Might & Magic III - HD Edition_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Malwarebytes verze 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.8 - F.J. Wechselberger)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM-x32\...\{90160000-001F-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM-x32\...\{90160000-001F-041B-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Seznam Software (HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\SeznamInstall) (Version: 2.1.29 - Seznam.cz)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spotify (HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\Spotify) (Version: 1.0.84.344.gfc674f6f - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.17 - Synaptics Incorporated)
This War of Mine (HKLM-x32\...\This War of Mine_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WhoCrashed 5.54 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.60 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-16] ()
ContextMenuHandlers1: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2007-01-10] (ESTsoft Corp.)
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2007-01-10] (ESTsoft Corp.)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-06-20] (Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-06-20] (Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2007-01-10] (ESTsoft Corp.)
ContextMenuHandlers5: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2007-01-10] (ESTsoft Corp.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-10-16] ()
ContextMenuHandlers6: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll [2007-01-10] (ESTsoft Corp.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02A3A865-4FFA-49A5-98F6-16D6C2C78002} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {11839C8C-A2EC-4A60-8D14-D994C4009493} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
Task: {16BB7FFF-7CD5-4F5D-B4C4-8EF420C12E85} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {25644F91-077A-454B-A4AA-52CC6E532217} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-08-26] (Synaptics Incorporated)
Task: {3CBA3632-34FB-4AD0-AA5E-CD592DC60A06} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {5072C2EE-A5A4-4553-BE63-EDB4050DC85E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
Task: {5F1E1299-761A-48E0-AC46-39CC26DB7BB0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {652F2423-9A4F-4EDE-BC47-E6CCE3A1A25A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {722C7A89-618E-4F19-B647-CC95D3FDAF02} - System32\Tasks\Adela => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Adela /t REG_SZ /d "explorer.exe hxxp://exinariuminix.info" <==== ATTENTION
Task: {9141EE98-D67B-48F5-89BD-A6E2DF0BB72C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {AB289D0C-466F-4B60-B898-9DA3EF561079} - System32\Tasks\AdobeGCInvoker-1.0-HP-Adela => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {AC39B46A-3D0A-4F5E-8FAC-C0330D854EEA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {C9DADB82-391A-4824-865A-571439ABACD3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {D6C99510-8B02-44B0-9163-16A3DE15754A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-01-12] (Microsoft Corporation)
Task: {EB75B699-881F-4F63-9A27-988AD25F7B18} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-10-16 16:40 - 2017-10-16 16:40 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2018-06-27 14:16 - 2018-06-27 21:59 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-06-20 16:18 - 2018-06-20 16:18 - 001186920 _____ () C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dll
2018-06-20 16:19 - 2018-06-20 16:19 - 000756840 _____ () C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll
2018-06-20 16:19 - 2018-06-20 16:19 - 000067584 _____ () C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dll
2018-06-27 01:01 - 2018-06-22 21:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-27 01:01 - 2018-06-22 21:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2016-06-13 19:55 - 2018-07-01 16:51 - 085627792 _____ () C:\Users\Adela\AppData\Roaming\Spotify\libcef.dll
2016-06-13 19:55 - 2018-07-01 16:50 - 003867536 _____ () C:\Users\Adela\AppData\Roaming\Spotify\libglesv2.dll
2016-06-13 19:55 - 2018-07-01 16:50 - 000088464 _____ () C:\Users\Adela\AppData\Roaming\Spotify\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-10-16 15:04 - 2018-06-27 21:02 - 000000753 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1277085983-4139081718-311539203-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adela\Videos\surrealities II paintings&covera&art\schikaneder utonulá.jpeg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6EB3699B-60CA-4672-A19F-7A397E757225}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{A61ADEE3-0202-4E9F-8A91-F39335B13DE4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{4450DD12-F03C-4869-A6F3-F22FEDE4CE38}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{BF10EEF8-05E8-4803-B1A8-BAADACD9CA1C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [TCP Query User{B4BAFD6E-9222-4EF6-8DAB-27DC91CBD007}C:\users\adela\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\adela\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C52AD485-F50E-4123-895D-EF00802C514B}C:\users\adela\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\adela\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{ECD328D6-356F-49AD-8D3F-FA175BE49E94}C:\users\adela\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\adela\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4668AEE0-F825-4DE7-90A0-A9FC443F1B46}C:\users\adela\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\adela\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{0AFFD71A-5F13-46F8-A44E-5663923FFDFB}C:\users\adela\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\adela\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{D57C73AF-4F4C-4D13-AB8F-B475311E9FC0}C:\users\adela\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\adela\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{030400CA-9D5F-40A1-8E06-2845F4393740}C:\users\adela\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\adela\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{413C082B-F077-4730-BB90-D494E43CB6C6}C:\users\adela\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\adela\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{9D45089B-B4EE-4D5B-A013-4604BC1A1DCC}] => (Allow) LPort=1688
FirewallRules: [{AC8D9808-1F68-4BDB-AA86-915F2D3F51F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F0D15AB2-3E50-4CC3-ABA9-21426784FB67}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe

==================== Restore Points =========================

24-06-2018 20:10:37 JRT Pre-Junkware Removal
27-06-2018 22:35:06 Zemana AntiMalware 27. 6. 2018 22:35:03
01-07-2018 20:21:12 Windows Update

==================== Faulty Device Manager Devices =============

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/02/2018 10:02:54 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro c:\program files (x86)\microsoft office\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files (x86)\microsoft office\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/01/2018 09:00:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: game.exe, verze: 0.0.0.0, časové razítko: 0x49e35cf1
Název chybujícího modulu: PhysXLoader.dll, verze: 6.3.9600.18790, časové razítko: 0x598d1b42
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0x1460
Čas spuštění chybující aplikace: 0x01d4116dd366c293
Cesta k chybující aplikaci: C:\Sherlock Holmes versus Jack the Ripper\game.exe
Cesta k chybujícímu modulu: PhysXLoader.dll
ID zprávy: 11bd6815-7d61-11e8-8465-d0df9aa83a48
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/01/2018 09:00:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: game.exe, verze: 0.0.0.0, časové razítko: 0x49e35cf1
Název chybujícího modulu: PhysXLoader.dll, verze: 6.3.9600.18790, časové razítko: 0x598d1b42
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0x11d0
Čas spuštění chybující aplikace: 0x01d4116dc97bc79c
Cesta k chybující aplikaci: C:\Sherlock Holmes versus Jack the Ripper\game.exe
Cesta k chybujícímu modulu: PhysXLoader.dll
ID zprávy: 09fd24af-7d61-11e8-8465-d0df9aa83a48
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/01/2018 08:57:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: game.exe, verze: 0.0.0.0, časové razítko: 0x49e35cf1
Název chybujícího modulu: PhysXLoader.dll, verze: 6.3.9600.18790, časové razítko: 0x598d1b42
Kód výjimky: 0xc0000135
Posun chyby: 0x0009d4c2
ID chybujícího procesu: 0x1250
Čas spuštění chybující aplikace: 0x01d4116d5e5f47c7
Cesta k chybující aplikaci: C:\Sherlock Holmes versus Jack the Ripper\game.exe
Cesta k chybujícímu modulu: PhysXLoader.dll
ID zprávy: 9e26ddb0-7d60-11e8-8465-d0df9aa83a48
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/01/2018 05:37:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro c:\program files (x86)\microsoft office\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files (x86)\microsoft office\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/01/2018 03:00:57 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro c:\program files (x86)\microsoft office\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files (x86)\microsoft office\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/01/2018 02:45:10 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (464) SUS20ClientDataStore: Při zotavení či obnovení databáze došlo k neočekávané chybě -501.

Error: (07/01/2018 02:45:09 PM) (Source: ESENT) (EventID: 465) (User: )
Description: wuaueng.dll (464) SUS20ClientDataStore: Při částečném obnovení byl zjištěn poškozený soubor protokolu C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Záznam s chybou kontrolního součtu je umístěn na pozici END. Data neodpovídající záznamům protokolu se poprvé vyskytla v sektoru 221 (0x000000DD). Soubor je poškozený a nelze jej použít.


System errors:
=============
Error: (07/02/2018 11:10:29 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/02/2018 10:00:57 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/02/2018 10:00:50 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
Description: 0x8000002a42\SystemRoot\System32\Config\RegBack\SYSTEM

Error: (07/02/2018 10:00:07 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/01/2018 11:37:46 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/01/2018 05:12:50 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: Server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/01/2018 05:01:09 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.

Error: (07/01/2018 05:00:37 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: Server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2018-07-01 17:06:39.141
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {7BF2EC0A-B4F5-4790-991F-96B526CE3875}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-07-01 15:21:58.994
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {6FC04A27-3EB8-4088-92F9-9DDF2B42ABF9}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-07-01 14:45:37.844
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {26049B07-2C11-4FFC-B726-662AB67FEA6E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-06-24 16:44:32.386
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {FA5EC8CC-82C6-4C30-91B4-5D5B846D42A7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-06-22 17:06:51.257
Description:
Prohledávání Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {A6B128F0-1E5B-45CE-BF02-FAFBADB8E9B3}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2018-05-30 11:50:24.320
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-30 11:50:01.044
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-30 11:46:58.552
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-30 11:46:58.349
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-30 11:46:58.084
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-05-30 11:45:48.651
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\http.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-26 00:31:22.828
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cdd.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-04-26 00:31:22.749
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cdd.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD A4-3300M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 60%
Total physical RAM: 3552.16 MB
Available physical RAM: 1406.79 MB
Total Virtual: 6240.16 MB
Available Virtual: 2742.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.83 GB) (Free:306.03 GB) NTFS

\\?\Volume{fe7885c0-2ec5-11e6-824f-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 12DB1CCE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=595.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

asphyxxia
Level 1
Level 1
Příspěvky: 56
Registrován: duben 16
Pohlaví: Žena

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod asphyxxia » 02 črc 2018 22:36

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Adela (administrator) on HP (02-07-2018 22:03:37)
Running from C:\Users\Adela\Desktop
Loaded Profiles: Adela (Available Profiles: Adela)
Platform: Windows 8.1 Pro (Update) (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Spotify Ltd) C:\Users\Adela\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Adela\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Adela\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Adela\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Adela\AppData\Roaming\Spotify\Spotify.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\Run: [Spotify Web Helper] => C:\Users\Adela\AppData\Roaming\Spotify\SpotifyWebHelper.exe [781712 2018-07-01] (Spotify Ltd)
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-06-20] (Disc Soft Ltd)
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\MountPoints2: {e284a729-5f5d-11e7-8376-d0df9aa83a48} - "D:\setup.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{23990FFD-9393-4FD2-9BD6-98272CAAEFEA}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{23990FFD-9393-4FD2-9BD6-98272CAAEFEA}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{7B98E086-7AE3-4428-8EE3-E0B9DE6FE919}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7B98E086-7AE3-4428-8EE3-E0B9DE6FE919}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{7C8E1521-92EC-47FD-AD09-C12D173DA866}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{7C8E1521-92EC-47FD-AD09-C12D173DA866}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{AC427FEA-C20A-447F-A6D6-B5E999629016}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{AC427FEA-C20A-447F-A6D6-B5E999629016}: [DhcpNameServer] 8.8.8.8

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0276C733-6AB3-4864-B98F-8A63CE939FB9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0444B917-3AAA-492B-B82A-F758F5BC802F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {07159959-4E18-485D-BDA0-6362A85C9F2E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0959AF9D-0CA2-45FE-827B-DD6C357FD87D} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0AD2FAAD-CDE2-494E-8198-37B32E175447} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {62E0D11C-68EC-4D4D-B6FF-5795EFD8C56A} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {A23F4F25-487E-4564-9C2C-D6562C416291} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {D8BD61A8-5E90-4185-9D79-C9FB655F1B34} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default [2018-07-02]
CHR Extension: (Prezentace) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-27]
CHR Extension: (Dokumenty) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-27]
CHR Extension: (Disk Google) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-27]
CHR Extension: (YouTube) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-06-27]
CHR Extension: (Tabulky) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-27]
CHR Extension: (AdBlock) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-06-27]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-27]
CHR Extension: (Gmail) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-27]
CHR Extension: (Chrome Media Router) - C:\Users\Adela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606632 2018-06-20] (Disc Soft Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-07-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-07-03] (Disc Soft Ltd)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [190696 2018-06-27] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-06-27] (Malwarebytes)
R1 MpKslb3cf1104; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D088B2A-4680-48CD-936A-E476C1C96202}\MpKslb3cf1104.sys [58120 2018-07-01] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-06-27] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-10-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-10-16] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-02 22:03 - 2018-07-02 22:04 - 000014429 _____ C:\Users\Adela\Desktop\FRST.txt
2018-07-02 22:02 - 2018-07-02 22:02 - 002412544 _____ (Farbar) C:\Users\Adela\Desktop\FRST64.exe
2018-07-01 20:50 - 2018-07-01 20:50 - 000000000 ____D C:\Users\Adela\AppData\Roaming\WinRAR
2018-07-01 20:49 - 2018-07-01 20:49 - 000000000 ____D C:\Users\Adela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-01 20:49 - 2018-07-01 20:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-01 20:48 - 2018-07-01 20:49 - 000000000 ____D C:\Program Files (x86)\WinRAR
2018-07-01 20:47 - 2018-07-01 20:47 - 002894824 _____ (Alexander Roshal) C:\Users\Adela\wrar560.exe
2018-07-01 20:43 - 2018-07-01 20:43 - 000003470 _____ C:\Windows\System32\Tasks\Adela
2018-07-01 20:29 - 2018-07-01 20:29 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-07-01 20:22 - 2014-04-16 01:35 - 000028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2018-07-01 20:22 - 2014-04-16 01:34 - 000029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2018-07-01 20:18 - 2018-07-01 20:18 - 000001785 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2018-07-01 20:18 - 2018-07-01 20:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2018-07-01 20:18 - 2018-07-01 20:18 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2018-07-01 20:14 - 2018-07-01 20:14 - 000791712 _____ (Disc Soft Ltd.) C:\Users\Adela\Desktop\DTLiteInstaller.exe
2018-06-28 01:04 - 2018-06-28 01:04 - 023327416 _____ (Falco Software, Inc. ) C:\Program Files (x86)\FalcoImageStudioSetup.exe
2018-06-28 01:04 - 2018-06-28 01:04 - 000000000 ____D C:\Program Files (x86)\AddSoft
2018-06-27 22:00 - 2018-06-27 22:00 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-06-27 22:00 - 2018-06-27 22:00 - 000190696 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-06-27 21:19 - 2018-06-27 21:00 - 000024064 _____ C:\Windows\zoek-delete.exe
2018-06-27 19:44 - 2018-07-01 21:05 - 000000000 ____D C:\Users\Adela\Desktop\Sherlock Holmes vs Jack the Ripper
2018-06-27 19:35 - 2018-06-27 20:05 - 000000000 ____D C:\Fraps
2018-06-27 19:35 - 2018-06-27 19:35 - 000000570 _____ C:\Users\Public\Desktop\Fraps.lnk
2018-06-27 19:35 - 2018-06-27 19:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2018-06-27 14:16 - 2018-06-27 21:59 - 000152184 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-06-27 14:16 - 2018-06-27 14:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-25 10:30 - 2018-07-02 22:04 - 000412890 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-06-25 10:30 - 2018-07-02 22:03 - 000432420 _____ C:\Windows\ZAM.krnl.trace
2018-06-13 21:29 - 2018-06-13 21:29 - 000000000 ____D C:\Users\Adela\AppData\Roaming\dvdcss
2018-06-13 13:47 - 2018-06-28 01:30 - 000000000 ____D C:\Users\Adela\Desktop\praktica

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-02 22:03 - 2017-10-16 17:07 - 000000000 ____D C:\FRST
2018-07-02 22:03 - 2016-06-13 19:54 - 000000000 ____D C:\Users\Adela\AppData\Roaming\Spotify
2018-07-02 10:16 - 2013-08-22 17:36 - 000000000 ____D C:\Windows\rescache
2018-07-02 09:54 - 2016-06-10 06:57 - 000000000 ____D C:\Users\Adela\AppData\Roaming\vlc
2018-07-02 09:24 - 2016-06-25 23:07 - 000000000 ____D C:\Users\Adela\AppData\Roaming\uTorrent
2018-07-01 21:10 - 2016-06-10 06:54 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1277085983-4139081718-311539203-1001
2018-07-01 21:00 - 2017-10-17 11:59 - 000000000 ____D C:\Users\Adela\AppData\Local\CrashDumps
2018-07-01 20:47 - 2016-06-10 06:50 - 000000000 ____D C:\Users\Adela
2018-07-01 20:42 - 2017-07-03 23:03 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2018-07-01 20:42 - 2017-07-03 23:02 - 000000000 ____D C:\Users\Adela\AppData\Roaming\DAEMON Tools Lite
2018-07-01 20:31 - 2017-08-24 11:20 - 000000000 ____D C:\Users\Adela\AppData\Local\Disc_Soft_Ltd
2018-07-01 20:28 - 2013-08-22 17:20 - 000000000 ____D C:\Windows\CbsTemp
2018-07-01 16:51 - 2016-06-13 19:55 - 000000000 ____D C:\Users\Adela\AppData\Local\Spotify
2018-06-28 01:29 - 2016-09-22 00:00 - 000000000 ____D C:\Users\Adela\Desktop\gramy
2018-06-28 01:29 - 2016-08-01 00:33 - 000000000 ____D C:\Users\Adela\Desktop\nick'n'pics
2018-06-28 01:16 - 2016-06-22 12:03 - 002659840 ___SH C:\Users\Adela\Desktop\Thumbs.db
2018-06-27 21:56 - 2018-05-30 11:25 - 000161856 ____N C:\Windows\Minidump\062718-14843-01.dmp
2018-06-27 21:56 - 2016-06-10 07:03 - 000000000 ____D C:\Windows\Minidump
2018-06-27 21:56 - 2013-08-22 16:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-27 21:29 - 2018-05-30 11:25 - 000131394 _____ C:\DUMP2c6f.tmp
2018-06-27 21:17 - 2017-10-16 15:03 - 000000000 ____D C:\zoek_backup
2018-06-27 21:17 - 2013-08-22 17:36 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2018-06-27 20:19 - 2017-10-13 01:30 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-06-27 19:44 - 2018-04-17 19:51 - 000000000 ____D C:\Users\Adela\Desktop\KMSpico.v10.1.7.Final
2018-06-27 16:44 - 2016-06-10 06:50 - 000000000 ____D C:\Users\Adela\AppData\Local\Packages
2018-06-27 14:55 - 2016-06-13 18:47 - 000000000 ____D C:\Users\Adela\Documents\IPSOS
2018-06-27 14:02 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\062718-16359-01.dmp
2018-06-27 14:01 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\062718-15906-01.dmp
2018-06-27 01:01 - 2016-06-10 06:54 - 000002244 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-25 10:36 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\062518-15781-01.dmp
2018-06-25 10:34 - 2018-05-30 11:25 - 001532566 ____N C:\Windows\Minidump\062518-15640-01.dmp
2018-06-25 10:34 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\062518-17562-01.dmp
2018-06-25 01:57 - 2018-05-30 11:25 - 000129346 ____N C:\Windows\Minidump\062518-18531-01.dmp
2018-06-24 19:05 - 2018-05-30 11:25 - 000164374 ____N C:\Windows\Minidump\062418-16421-01.dmp
2018-06-24 18:46 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\062418-16390-01.dmp
2018-06-24 18:45 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\062418-17359-01.dmp
2018-06-24 18:44 - 2018-05-30 11:25 - 000162839 ____N C:\Windows\Minidump\062418-16578-01.dmp
2018-06-24 18:39 - 2018-05-30 11:25 - 000156786 ____N C:\Windows\Minidump\062418-19125-01.dmp
2018-06-24 18:37 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\062418-17109-01.dmp
2018-06-24 18:33 - 2018-05-30 11:25 - 000163392 ____N C:\Windows\Minidump\062418-19453-01.dmp
2018-06-24 18:31 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\062418-16859-01.dmp
2018-06-24 18:11 - 2018-05-30 11:25 - 001527535 ____N C:\Windows\Minidump\062418-17656-01.dmp
2018-06-24 17:48 - 2017-10-10 14:56 - 000000000 ____D C:\AdwCleaner
2018-06-20 11:49 - 2018-05-30 11:25 - 000288066 ____N C:\Windows\Minidump\062018-18031-01.dmp
2018-06-19 22:15 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\061918-15687-01.dmp
2018-06-19 22:13 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\061918-15375-01.dmp
2018-06-19 22:05 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\061918-15187-01.dmp
2018-06-18 23:25 - 2018-05-30 11:25 - 001527143 ____N C:\Windows\Minidump\061818-17937-01.dmp
2018-06-18 23:24 - 2018-05-30 11:25 - 001527143 ____N C:\Windows\Minidump\061818-16156-01.dmp
2018-06-18 19:40 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\061818-17875-01.dmp
2018-06-18 19:39 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\061818-16390-01.dmp
2018-06-18 10:28 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\061818-17734-01.dmp
2018-06-18 10:27 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\061818-16234-01.dmp
2018-06-17 11:34 - 2018-05-30 11:25 - 000125818 ____N C:\Windows\Minidump\061718-17203-01.dmp
2018-06-16 12:39 - 2018-05-30 11:25 - 001527143 ____N C:\Windows\Minidump\061618-17062-01.dmp
2018-06-16 12:38 - 2018-05-30 11:25 - 001527143 ____N C:\Windows\Minidump\061618-15031-01.dmp
2018-06-15 12:56 - 2013-08-22 15:36 - 000000000 ____D C:\Windows\Inf
2018-06-15 12:43 - 2016-06-10 06:52 - 000003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{56AF33C6-0648-40E7-939A-D3233C14575D}
2018-06-13 22:20 - 2014-03-18 17:49 - 001658450 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-13 22:20 - 2014-03-18 17:01 - 000705506 _____ C:\Windows\system32\perfh005.dat
2018-06-13 22:20 - 2014-03-18 17:01 - 000143830 _____ C:\Windows\system32\perfc005.dat
2018-06-12 18:52 - 2018-05-30 11:25 - 000132362 ____N C:\Windows\Minidump\061218-16343-01.dmp
2018-06-12 18:46 - 2018-05-30 11:25 - 001527655 ____N C:\Windows\Minidump\061218-15437-01.dmp

==================== Files in the root of some directories =======

2018-07-01 20:47 - 2018-07-01 20:47 - 002894824 _____ (Alexander Roshal) C:\Users\Adela\wrar560.exe
2018-06-28 01:04 - 2018-06-28 01:04 - 023327416 _____ (Falco Software, Inc. ) C:\Program Files (x86)\FalcoImageStudioSetup.exe

Some files in TEMP:
====================
2018-07-01 20:19 - 2018-07-01 20:19 - 001118920 _____ (Microsoft Corporation) C:\Users\Adela\AppData\Local\Temp\dt_B811.tmp.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-02 10:00

==================== End of FRST.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39309
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod jaro3 » 03 črc 2018 18:38

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
Task: {11839C8C-A2EC-4A60-8D14-D994C4009493} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
Task: {5072C2EE-A5A4-4553-BE63-EDB4050DC85E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
Task: {722C7A89-618E-4F19-B647-CC95D3FDAF02} - System32\Tasks\Adela => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Adela /t REG_SZ /d "explorer.exe hxxp://exinariuminix.info" <==== ATTENTION
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\MountPoints2: {e284a729-5f5d-11e7-8376-d0df9aa83a48} - "D:\setup.exe"
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0276C733-6AB3-4864-B98F-8A63CE939FB9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0444B917-3AAA-492B-B82A-F758F5BC802F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {07159959-4E18-485D-BDA0-6362A85C9F2E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0959AF9D-0CA2-45FE-827B-DD6C357FD87D} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0AD2FAAD-CDE2-494E-8198-37B32E175447} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {62E0D11C-68EC-4D4D-B6FF-5795EFD8C56A} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {A23F4F25-487E-4564-9C2C-D6562C416291} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {D8BD61A8-5E90-4185-9D79-C9FB655F1B34} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
C:\Users\Adela\AppData\Local\Temp\dt_B811.tmp.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Error: (07/01/2018 05:37:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro c:\program files (x86)\microsoft office\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files (x86)\microsoft office\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/01/2018 03:00:57 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro c:\program files (x86)\microsoft office\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files (x86)\microsoft office\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (07/01/2018 02:45:10 PM) (Source: ESENT) (EventID: 454) (User: )
Description: wuaueng.dll (464) SUS20ClientDataStore: Při zotavení či obnovení databáze došlo k neočekávané chybě -501.

Error: (07/01/2018 02:45:09 PM) (Source: ESENT) (EventID: 465) (User: )
Description: wuaueng.dll (464) SUS20ClientDataStore: Při částečném obnovení byl zjištěn poškozený soubor protokolu C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Záznam s chybou kontrolního součtu je umístěn na pozici END. Data neodpovídající záznamům protokolu se poprvé vyskytla v sektoru 221 (0x000000DD). Soubor je poškozený a nelze jej použít.


Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM , změň na 2048.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.
poklepej na Memtest , pak znovu a znovu , do políček všech Memtestů napiš 2048 , pak dej u všech Memtestů "Start".

Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

asphyxxia
Level 1
Level 1
Příspěvky: 56
Registrován: duben 16
Pohlaví: Žena

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod asphyxxia » 04 črc 2018 20:12

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Adela (04-07-2018 15:17:28) Run:1
Running from C:\Users\Adela\Desktop
Loaded Profiles: Adela (Available Profiles: Adela)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
Task: {11839C8C-A2EC-4A60-8D14-D994C4009493} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
Task: {5072C2EE-A5A4-4553-BE63-EDB4050DC85E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
Task: {722C7A89-618E-4F19-B647-CC95D3FDAF02} - System32\Tasks\Adela => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Adela /t REG_SZ /d "explorer.exe hxxp://exinariuminix.info" <==== ATTENTION
HKLM\...\StartupApproved\Run32: => "seznam-listicka-distribuce"
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\StartupApproved\Run: => "cz.seznam.software.autoupdate"
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"
HKU\S-1-5-21-1277085983-4139081718-311539203-1001\...\MountPoints2: {e284a729-5f5d-11e7-8376-d0df9aa83a48} - "D:\setup.exe"
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0276C733-6AB3-4864-B98F-8A63CE939FB9} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0444B917-3AAA-492B-B82A-F758F5BC802F} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {07159959-4E18-485D-BDA0-6362A85C9F2E} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0959AF9D-0CA2-45FE-827B-DD6C357FD87D} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {0AD2FAAD-CDE2-494E-8198-37B32E175447} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {62E0D11C-68EC-4D4D-B6FF-5795EFD8C56A} URL = hxxp://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {A23F4F25-487E-4564-9C2C-D6562C416291} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1277085983-4139081718-311539203-1001 -> {D8BD61A8-5E90-4185-9D79-C9FB655F1B34} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
C:\Users\Adela\AppData\Local\Temp\dt_B811.tmp.exe

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11839C8C-A2EC-4A60-8D14-D994C4009493}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11839C8C-A2EC-4A60-8D14-D994C4009493}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5072C2EE-A5A4-4553-BE63-EDB4050DC85E}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5072C2EE-A5A4-4553-BE63-EDB4050DC85E}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{722C7A89-618E-4F19-B647-CC95D3FDAF02}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{722C7A89-618E-4F19-B647-CC95D3FDAF02}" => removed successfully
C:\Windows\System32\Tasks\Adela => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adela" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\seznam-listicka-distribuce" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce" => removed successfully
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\cz.seznam.software.autoupdate" => removed successfully
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate" => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\cz.seznam.software.szndesktop" => removed successfully
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop" => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e284a729-5f5d-11e7-8376-d0df9aa83a48}" => removed successfully
HKLM\Software\Classes\CLSID\{e284a729-5f5d-11e7-8376-d0df9aa83a48} => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => removed successfully
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0276C733-6AB3-4864-B98F-8A63CE939FB9}" => removed successfully
HKLM\Software\Classes\CLSID\{0276C733-6AB3-4864-B98F-8A63CE939FB9} => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0444B917-3AAA-492B-B82A-F758F5BC802F}" => removed successfully
HKLM\Software\Classes\CLSID\{0444B917-3AAA-492B-B82A-F758F5BC802F} => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07159959-4E18-485D-BDA0-6362A85C9F2E}" => removed successfully
HKLM\Software\Classes\CLSID\{07159959-4E18-485D-BDA0-6362A85C9F2E} => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0959AF9D-0CA2-45FE-827B-DD6C357FD87D}" => removed successfully
HKLM\Software\Classes\CLSID\{0959AF9D-0CA2-45FE-827B-DD6C357FD87D} => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AD2FAAD-CDE2-494E-8198-37B32E175447}" => removed successfully
HKLM\Software\Classes\CLSID\{0AD2FAAD-CDE2-494E-8198-37B32E175447} => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62E0D11C-68EC-4D4D-B6FF-5795EFD8C56A}" => removed successfully
HKLM\Software\Classes\CLSID\{62E0D11C-68EC-4D4D-B6FF-5795EFD8C56A} => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A23F4F25-487E-4564-9C2C-D6562C416291}" => removed successfully
HKLM\Software\Classes\CLSID\{A23F4F25-487E-4564-9C2C-D6562C416291} => not found
"HKU\S-1-5-21-1277085983-4139081718-311539203-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8BD61A8-5E90-4185-9D79-C9FB655F1B34}" => removed successfully
HKLM\Software\Classes\CLSID\{D8BD61A8-5E90-4185-9D79-C9FB655F1B34} => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj" => removed successfully
C:\Users\Adela\AppData\Local\Temp\dt_B811.tmp.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 28682647 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6111152 B
Edge => 0 B
Chrome => 627395113 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3202 B
NetworkService => 11966 B
Adela => 17979263 B

RecycleBin => 5950368458 B
EmptyTemp: => 6.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:20:28 ====

asphyxxia
Level 1
Level 1
Příspěvky: 56
Registrován: duben 16
Pohlaví: Žena

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod asphyxxia » 05 črc 2018 12:44

----------------------------------------------------------------------------
CrystalDiskInfo 7.1.0 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8.1 Pro [6.3 Build 9600] (x64)
Date : 2018/07/05 12:44:48

-- Controller Map ----------------------------------------------------------
+ Standardní řadič SATA AHCI [ATA]
- Hitachi HTS547564A9E384
- hp CDDVDW TS-L633R
- Řadič prostorů úložišť [SCSI]
+ DAEMON Tools Lite Virtual SCSI Bus [SCSI]
- DiscSoft Virtual SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) Hitachi HTS547564A9E384 : 640,1 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) Hitachi HTS547564A9E384
----------------------------------------------------------------------------
Model : Hitachi HTS547564A9E384
Firmware : JEDOA50A
Serial Number : J2180053H9L93C
Disk Size : 640,1 GB (8,4/137,4/640,1/640,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 1250263728
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 22475 hod.
Power On Count : 5090 krát
Temperature : 37 C (98 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 4080h [ON]
AAM Level : ----
Drive Letter : C:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 _99 _62 000000000000 Počet chyb čtení
02 100 100 _40 000000000000 Průchodnost disku
03 253 100 _33 000600000000 Čas na roztočení ploten
04 _97 _97 __0 00000000167D Počet spuštění/zastavení
05 100 100 __5 000000000000 Počet přemapovaných sektorů
07 100 100 _67 000000000000 Počet chybných hledání
08 100 100 _40 000000000000 Čas potřebný na vyhledání
09 _49 _49 __0 0000000057CB Hodin v činnosti
0A 100 100 _60 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _97 _97 __0 0000000013E2 Počet cyklů zapnutí zařízení
B7 100 100 __0 000000000000 Specifický pro výrobce
B8 100 100 _97 000000000000 Ukončovacích chyb
BB 100 100 __0 00BB02720000 Ohlášeno neopravitelných chyb
BC 100 100 __0 00000001006A Časový limit příkazu
BE _63 _50 _45 0000232B0025 Teplota toku vzduchu
BF _74 _74 __0 000000001A77 Počet udalostí zaznamenaných otřesovým senzorem
C0 _99 _99 __0 000000F400F4 Počet vypnutí disku
C1 _25 _25 __0 0000000B77FC Počet cyklů načítání/vymazání
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 100 100 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
DF 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 4A32 3138 3030 3533 4839 4C39 3343
020: 0003 4000 0004 4A45 444F 4135 3041 4869 7461 6368
030: 6920 4854 5335 3437 3536 3441 3945 3338 3420 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0D06 0000 004C 0040
080: 01FC 0028 706B 7C09 6123 7069 BC09 6123 203F 005F
090: 0060 4080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 82B0 4A85 0000 0000 0000 0000 6003 826C 5000 CCA6
110: 43D2 7384 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 000B
130: 0000 0000 2182 1CF1 3A10 0000 4000 0400 0108 0000
140: 0000 0707 0607 0607 0609 0000 0000 0000 0000 0000
150: 0000 0000 4448 4435 0000 2904 0000 5DAD 2518 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 47A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 63 00 00 00 00 00 00 00 02 25
010: 00 64 64 00 00 00 00 00 00 00 03 23 00 FD 64 00
020: 00 00 00 06 00 00 04 32 00 61 61 7D 16 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 00 00 00 07 2F
040: 00 64 64 00 00 00 00 00 00 00 08 25 00 64 64 00
050: 00 00 00 00 00 00 09 32 00 31 31 CB 57 00 00 00
060: 00 00 0A 33 00 64 64 00 00 00 00 00 00 00 0C 32
070: 00 61 61 E2 13 00 00 00 00 00 B7 32 00 64 64 00
080: 00 00 00 00 00 00 B8 33 00 64 64 00 00 00 00 00
090: 00 00 BB 32 00 64 64 00 00 72 02 BB 00 00 BC 32
0A0: 00 64 64 6A 00 01 00 00 00 00 BE 22 00 3F 32 25
0B0: 00 2B 23 00 00 00 BF 32 00 4A 4A 77 1A 00 00 00
0C0: 00 00 C0 32 00 63 63 F4 00 F4 00 00 00 00 C1 32
0D0: 00 19 19 FC 77 0B 00 00 00 00 C4 32 00 64 64 00
0E0: 00 00 00 00 00 00 C5 32 00 64 64 00 00 00 00 00
0F0: 00 00 C6 30 00 64 64 00 00 00 00 00 00 00 C7 36
100: 00 64 64 00 00 00 00 00 00 00 DF 2A 00 64 64 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 2D 00 01 51
170: 03 00 01 00 02 BF 00 00 00 00 00 00 00 00 00 00
180: 00 00 F8 03 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 B0

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 3E 00 00 00 00 00 00 00 00 00 00 02 28
010: 00 00 00 00 00 00 00 00 00 00 03 21 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 05 00 00 00 00 00 00 00 00 00 00 07 43
040: 00 00 00 00 00 00 00 00 00 00 08 28 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 3C 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 B7 00 00 00 00 00
080: 00 00 00 00 00 00 B8 61 00 00 00 00 00 00 00 00
090: 00 00 BB 00 00 00 00 00 00 00 00 00 00 00 BC 00
0A0: 00 00 00 00 00 00 00 00 00 00 BE 2D 00 00 00 00
0B0: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
0C0: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C1 00
0D0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0E0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0F0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
100: 00 00 00 00 00 00 00 00 00 00 DF 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19

asphyxxia
Level 1
Level 1
Příspěvky: 56
Registrován: duben 16
Pohlaví: Žena

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod asphyxxia » 05 črc 2018 12:46

Memtest jsem nechala běžet přes noc a žádnou chybu nehlásil.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 39309
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod jaro3 » 05 črc 2018 19:59

00BB02720000 Ohlášeno neopravitelných chyb
00000001006A Časový limit příkazu
000000001A77 Počet udalostí zaznamenaných otřesovým senzorem


Časový limit - príkaz Command Timeout Počet operací, které byly přerušené kvůli časovému limitu pro pevný disk. Za normálních okolností by se tato hodnota měla rovnat nule. Jestliže je hodnota vyšší než nula, pravděpodobně jsou nějaké problémy s napájením, nebo je datový kabel zoxidovaný.
vyměň datový kabel SATA a dej ho do jiného konektoru SATA.
Pak udělej znovu CDI.

HD Tune
Stáhni si HD Tune
http://www.svethardware.cz/forum/downlo ... ile&id=202

-nainstaluj, spusť program, klikni na záložku Error scan
Spusť Start a počkej , až skončí svojí práci. Pokud budou všechny čtverečky zelené je disk OK , pokud budou některá červená , disk odchází.


Stáhni si Speedfan
http://www.filehippo.com/download_speedfan/
vpravo nahoře Download Latest Version
Nainstaluj a spusť program. V okně Hint , klikni na Close. Počkej určitý čas , až se hodnoty načtou.
Vlož sem prosím obrázek (screen) z toho programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

asphyxxia
Level 1
Level 1
Příspěvky: 56
Registrován: duben 16
Pohlaví: Žena

Re: Opakovaně vyskakující okno o tom, že WS defender našel malware

Příspěvekod asphyxxia » 12 črc 2018 00:28

Ahoj,
vhledem k tomu, že mé PC je notebook, s výměnou kabelu toho asi moc nesvedu.
Jinak HD Tune neukazuje jedinou chybu.
Screenshot ze Speedfan níže.
Děkuju.
Nemáte oprávnění prohlížet přiložené soubory.


Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 1 host