Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu - Podozrivý email

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Richi
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 12 dub 2013 11:56

Prosím o kontrolu logu - Podozrivý email

#1 Příspěvek od Richi »

Zdravím,
poprosím o kontrolu logu. Rodičom prišiel email s požiadavkou na platbu pod hrozbou zverejnenia údajov a zašifrovania súborov. Považoval som to za prácu spambota, poprípade scam, ale email bol poslaný z tej istej emailovej adresy, akoby som si sám sebe poslal email, aj gramatika je celkom v poriadku, takže nejde o google preklad.

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2020
Ran by Martina (administrator) on MARTINA-PC (14-01-2020 17:43:06)
Running from C:\Users\Martina\Desktop
Loaded Profiles: Martina (Available Profiles: Martina)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: SlovenÄŤina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Safer Networking Ltd. -> Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) [File not signed] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {07c8eb75-6f41-11e6-becb-50465d8df63b} - E:\Install.exe
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {0d9c1544-78a0-11e9-8fad-50465d8df63b} - E:\Mafia2.part01.exe
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {44038e1c-798d-11e9-83f4-50465d8df63b} - E:\setup.exe
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {aefcf925-929a-11e9-9a5e-50465d8df63b} - E:\LG_PC_Programs.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-27] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3D658A0C-54DD-42B6-8A33-14029EF52FEB} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software s.r.o. -> AVAST Software)
Task: {46FE9FCA-66AF-4C21-85A4-9928DFBF2507} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3250056 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {83B37FDC-C5EB-41DA-9967-0D08D9F9079B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-14] (Adobe Inc. -> Adobe)
Task: {871CED9F-AEAF-4AAA-8C89-8E2E0BF6B0F3} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software s.r.o. -> AVAST Software)
Task: {A44997F5-D214-4299-A303-6B3829A6E5D7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1542536 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {AC4FF70D-B74D-45B9-9F1B-2054E712237A} - System32\Tasks\{28B03894-C247-4549-9B84-CB5B1A0419AD} => C:\Windows\system32\pcalua.exe -a C:\Users\Martina\Downloads\FacebookGameroom.exe -d C:\Users\Martina\Downloads
Task: {B7E39BB2-4741-4CCD-9AFC-7E20759473C6} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {D4D5F044-5B3B-4C86-817D-983D8CC4D32C} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {DF75B802-6122-46FB-A711-CACD5B9549F9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_314_Plugin.exe [1457720 2020-01-14] (Adobe Inc. -> Adobe)
Task: {E43FBD80-CEFF-465F-844B-258AD17D706D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {E7A1B46E-1F63-42AF-8AA3-0EB0D9A0F524} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 195.146.128.62
Tcpip\..\Interfaces\{50999728-2082-4017-AEEE-F70F39AF813F}: [DhcpNameServer] 192.168.1.1 195.146.128.62

Internet Explorer:
==================
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.sk/
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Ltd. -> Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-04] (Oracle America, Inc. -> Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: s0mxvc29.default-1526791077273
FF ProfilePath: C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\s0mxvc29.default-1526791077273 [2020-01-14]
FF Notifications: Mozilla\Firefox\Profiles\s0mxvc29.default-1526791077273 -> hxxps://www.urbanstore.sk; hxxps://postovnezdarma.cz; hxxps://vidcomo.me
FF Extension: (AdBlock) - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\s0mxvc29.default-1526791077273\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2020-01-10]
FF Extension: (Avast SafePrice | Porovnanie, ponuky, kupĂłny) - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\s0mxvc29.default-1526791077273\Extensions\sp@avast.com.xpi [2019-02-19]
FF Extension: (Avast Online Security) - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\s0mxvc29.default-1526791077273\Extensions\wrc@avast.com.xpi [2020-01-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_314.dll [2020-01-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default [2019-10-12]
CHR Extension: (Prezentácie Google) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-17]
CHR Extension: (Dokumenty Google) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-17]
CHR Extension: (Disk Google) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-17]
CHR Extension: (YouTube) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-17]
CHR Extension: (Avast SafePrice) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-21]
CHR Extension: (TabuÄľky Google) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-17]
CHR Extension: (Dokumenty Google v reĹľime offline) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Gmail) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-17]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [217600 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-09-28] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5106064 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [859096 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\77.2.2153.120\elevation_service.exe [970088 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd. -> Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9107968 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [370176 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35512 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [174712 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [224008 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [169408 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [59368 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [211088 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41200 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [145048 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [95168 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73312 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [691528 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394856 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [176760 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [277408 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [86656 2012-05-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [191320 2019-05-24] (Sysprogs OU -> Sysprogs OU)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2016-08-31] (Disc Soft Ltd -> Disc Soft Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-14 17:43 - 2020-01-14 17:44 - 000017510 _____ C:\Users\Martina\Desktop\FRST.txt
2020-01-14 17:42 - 2020-01-14 17:43 - 000000000 ____D C:\FRST
2020-01-14 17:42 - 2020-01-14 17:42 - 002303488 _____ (Farbar) C:\Users\Martina\Desktop\FRST.exe
2020-01-04 15:41 - 2019-11-29 19:20 - 140876009 ____N C:\Users\Martina\Desktop\20191129_191910.mp4
2019-12-25 15:21 - 2019-12-25 15:21 - 001520562 _____ C:\Users\Martina\Desktop\doc03034520191015114905.pdf.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-14 17:28 - 2016-11-18 21:55 - 000000000 ____D C:\Users\Martina\AppData\LocalLow\Mozilla
2020-01-14 12:41 - 2018-03-13 16:41 - 000004470 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-01-14 12:41 - 2017-01-01 09:26 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2020-01-14 12:41 - 2017-01-01 09:26 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2020-01-14 12:41 - 2017-01-01 09:26 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-01-14 12:41 - 2017-01-01 09:26 - 000000000 ____D C:\Windows\system32\Macromed
2020-01-14 12:39 - 2009-07-14 05:34 - 000015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-14 12:39 - 2009-07-14 05:34 - 000015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-14 12:31 - 2017-02-24 18:09 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-01-14 12:26 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-13 19:09 - 2018-09-21 16:27 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-01-13 19:09 - 2017-08-28 15:39 - 000003156 _____ C:\Windows\system32\Tasks\{28B03894-C247-4549-9B84-CB5B1A0419AD}
2020-01-13 19:09 - 2016-08-31 16:16 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-01-10 16:31 - 2019-10-21 17:30 - 000000000 ____D C:\Users\Martina\Desktop\MATEJ Ĺ UPINA
2020-01-10 08:37 - 2018-03-26 07:37 - 000000000 ____D C:\Users\Martina\AppData\Local\AVAST Software
2020-01-10 07:51 - 2019-12-06 16:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-10 07:51 - 2019-08-01 07:10 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2020-01-09 14:17 - 2019-08-28 14:27 - 000000000 ____D C:\Users\Martina\Desktop\MK
2020-01-09 14:16 - 2017-04-29 15:18 - 000000000 ____D C:\Users\Martina\Desktop\Tina fotky
2020-01-08 18:05 - 2016-08-31 16:42 - 000000000 ____D C:\Users\Martina\AppData\Local\Microsoft Help
2020-01-08 18:03 - 2016-08-17 16:33 - 000726316 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-08 18:03 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2020-01-04 18:06 - 2016-09-15 17:31 - 000000000 ____D C:\Users\Martina\AppData\Roaming\vlc
2020-01-04 17:28 - 2017-10-21 09:37 - 000000000 ____D C:\Users\Martina\AppData\Roaming\.minecraft
2019-12-25 16:20 - 2019-11-24 19:16 - 000000000 ____D C:\Users\Martina\Desktop\ZSPĹ 
2019-12-21 11:59 - 2017-04-09 10:57 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2018-02-07 15:19 - 2019-05-18 19:15 - 000007606 _____ () C:\Users\Martina\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-01-08 13:18
==================== End of FRST.txt ========================

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2020
Ran by Martina (14-01-2020 17:44:34)
Running from C:\Users\Martina\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2016-08-17 15:30:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2161742772-3264747898-1850005297-500 - Administrator - Disabled)
Guest (S-1-5-21-2161742772-3264747898-1850005297-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2161742772-3264747898-1850005297-1003 - Limited - Enabled)
Martina (S-1-5-21-2161742772-3264747898-1850005297-1000 - Administrator - Enabled) => C:\Users\Martina

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.314 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 77.2.2153.120 - Autori prehliadaÄŤa Avast Secure Browser)
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Grand Theft Auto IV - Complete Edition (HKLM\...\Grand Theft Auto IV - Complete Edition_is1) (Version:  - )
GTA San Andreas (HKLM\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Mafia 2 - Jimmiho Vendeta 1.0.0.1 (HKLM\...\Mafia 2 - Jimmiho Vendeta 1.0.0.1) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minecraft1.8 (HKLM\...\Minecraft1.8) (Version:  - )
Mozilla Firefox 72.0.1 (x86 sk) (HKLM\...\Mozilla Firefox 72.0.1 (x86 sk)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.1.7311 - Mozilla)
NVIDIA PhysX (HKLM\...\{F9835182-794B-4F24-902A-E2CA9D43380F}) (Version: 9.10.0512 - NVIDIA Corporation)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 9.21a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.70 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2012-09-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Martina\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()

==================== Loaded Modules (Whitelisted) =============

2012-09-23 12:49 - 2012-09-23 12:49 - 000573440 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-28 14:42 - 2012-09-28 14:42 - 000200192 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-28 14:42 - 2012-09-28 14:42 - 000095232 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-09-23 12:49 - 2012-09-23 12:49 - 003854336 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2016-09-02 13:57 - 2016-09-02 13:57 - 000096256 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2019-01-04 10:55 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 195.146.128.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{43C880AC-89E5-43C8-A307-5591F5B675D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3A179FCC-A341-4CB9-BEF5-7648F40C7215}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2D33CF19-86A6-4DB1-BBAC-9831B729D92D}C:\users\martina\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martina\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{6E6A8AFA-431C-4FD4-AB73-01DEC7315319}C:\users\martina\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martina\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{735E3244-F565-4553-ABD7-07B8CB53EDD4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe No File
FirewallRules: [TCP Query User{5B89B722-8610-4902-912C-3F93E61B1D0D}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{B4EAF317-AE85-4451-BD6F-6839F46220DF}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{2D9F3663-5C4D-420F-9463-91F0DDD295F0}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

25-12-2019 12:27:35 Plánovaný kontrolný bod
02-01-2020 00:00:03 Plánovaný kontrolný bod
09-01-2020 11:28:39 Plánovaný kontrolný bod

==================== Faulty Device Manager Devices ============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/14/2020 05:42:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 04:42:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 03:42:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 02:42:44 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 01:42:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 01:20:45 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot - search & destroy\DelZip179.dll" on line 8.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/14/2020 12:42:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 12:36:26 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.


System errors:
=============
Error: (01/14/2020 12:31:39 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: SluĹľba Windows Update sa pri spustenĂ­ zablokovala.

Error: (01/13/2020 11:49:22 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: SluĹľba Windows Update sa pri spustenĂ­ zablokovala.

Error: (01/12/2020 10:47:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: SluĹľba Windows Update sa pri spustenĂ­ zablokovala.

Error: (01/12/2020 10:44:23 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service avast with arguments "/comsvc" in order to run the server:
{6D1FB6CD-9205-365A-907A-8AB76BC52400}

Error: (01/12/2020 10:43:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie sluĹľby SluĹľba %1!s! Update (avast) zlyhalo kvĂ´li nasledujĂşcej chybe: 
Služba neodpovedala na riadiaci alebo spúšťací pokyn načas.

Error: (01/12/2020 10:43:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: PoÄŤas ÄŤakania na pripojenie sluĹľby SluĹľba 30000!s! Update (avast) bol dosiahnutĂ˝ ÄŤasovĂ˝ limit (30000 ms).

Error: (01/10/2020 01:05:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie sluĹľby SBSD Security Center Service zlyhalo kvĂ´li nasledujĂşcej chybe: 
Služba neodpovedala na riadiaci alebo spúšťací pokyn načas.

Error: (01/10/2020 01:05:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: PoÄŤas ÄŤakania na pripojenie sluĹľby SBSD Security Center Service bol dosiahnutĂ˝ ÄŤasovĂ˝ limit (30000 ms).


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1201 09/04/2012
Motherboard: ASUSTeK Computer INC. M5A78L-M LX V2
Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 77%
Total physical RAM: 3326.12 MB
Available physical RAM: 746.25 MB
Total Virtual: 6650.56 MB
Available Virtual: 3795.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:194.39 GB) NTFS

\\?\Volume{837800db-648e-11e6-896e-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 3FE0D987)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Naposledy upravil(a) Richi dne 14 led 2020 18:25, celkem upraveno 1 x.

Conder
Moderátor
Moderátor
Příspěvky: 3845
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu - Podozrivý email

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Richi
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 12 dub 2013 11:56

Re: Prosím o kontrolu logu - Podozrivý email

#3 Příspěvek od Richi »

program nič nenašiel

Kód: Vybrat vše

# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build:    12-17-2019
# Database: 2020-01-13.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-14-2020
# Duration: 00:00:01
# OS:       Windows 7 Home Premium
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1333 octets] - [14/01/2020 18:18:10]
AdwCleaner[S01].txt - [1394 octets] - [14/01/2020 18:19:18]
AdwCleaner[S02].txt - [1455 octets] - [14/01/2020 18:36:37]
AdwCleaner[C02].txt - [1643 octets] - [14/01/2020 18:37:01]
AdwCleaner[S03].txt - [1577 octets] - [14/01/2020 18:46:42]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########


Conder
Moderátor
Moderátor
Příspěvky: 3845
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu - Podozrivý email

#4 Příspěvek od Conder »

Poprosim o obidva nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Richi
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 12 dub 2013 11:56

Re: Prosím o kontrolu logu - Podozrivý email

#5 Příspěvek od Richi »

Spravil som AVASTom scan pred zapnutím PC, taktiež nič nenašiel.

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2020
Ran by Martina (administrator) on MARTINA-PC (15-01-2020 13:08:38)
Running from C:\Users\Martina\Desktop\scan
Loaded Profiles: Martina (Available Profiles: Martina)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ATI Technologies Inc.) [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Safer Networking Ltd. -> Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) [File not signed] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [232840 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) [File not signed]
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {07c8eb75-6f41-11e6-becb-50465d8df63b} - E:\Install.exe
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {0d9c1544-78a0-11e9-8fad-50465d8df63b} - E:\Mafia2.part01.exe
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {44038e1c-798d-11e9-83f4-50465d8df63b} - E:\setup.exe
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {aefcf925-929a-11e9-9a5e-50465d8df63b} - E:\LG_PC_Programs.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKLM\Software\Microsoft\Active Setup\Installed Components: [{30C521FB-255B-46C8-9F0D-EE5AE371C9AA}] -> C:\Program Files\AVAST Software\Browser\Application\77.2.2153.120\Installer\chrmstp.exe [2019-11-27] (AVAST Software s.r.o. -> AVAST Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3D658A0C-54DD-42B6-8A33-14029EF52FEB} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software s.r.o. -> AVAST Software)
Task: {46FE9FCA-66AF-4C21-85A4-9928DFBF2507} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3250056 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {83B37FDC-C5EB-41DA-9967-0D08D9F9079B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-01-14] (Adobe Inc. -> Adobe)
Task: {871CED9F-AEAF-4AAA-8C89-8E2E0BF6B0F3} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software s.r.o. -> AVAST Software)
Task: {A44997F5-D214-4299-A303-6B3829A6E5D7} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1542536 2019-09-18] (AVAST Software s.r.o. -> AVAST Software)
Task: {AC4FF70D-B74D-45B9-9F1B-2054E712237A} - System32\Tasks\{28B03894-C247-4549-9B84-CB5B1A0419AD} => C:\Windows\system32\pcalua.exe -a C:\Users\Martina\Downloads\FacebookGameroom.exe -d C:\Users\Martina\Downloads
Task: {B7E39BB2-4741-4CCD-9AFC-7E20759473C6} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {D4D5F044-5B3B-4C86-817D-983D8CC4D32C} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1857552 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
Task: {DF75B802-6122-46FB-A711-CACD5B9549F9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_314_Plugin.exe [1457720 2020-01-14] (Adobe Inc. -> Adobe)
Task: {E43FBD80-CEFF-465F-844B-258AD17D706D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)
Task: {E7A1B46E-1F63-42AF-8AA3-0EB0D9A0F524} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 195.146.128.62
Tcpip\..\Interfaces\{50999728-2082-4017-AEEE-F70F39AF813F}: [DhcpNameServer] 192.168.1.1 195.146.128.62

Internet Explorer:
==================
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.sk/
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Ltd. -> Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-04] (Oracle America, Inc. -> Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: s0mxvc29.default-1526791077273
FF ProfilePath: C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\s0mxvc29.default-1526791077273 [2020-01-14]
FF Notifications: Mozilla\Firefox\Profiles\s0mxvc29.default-1526791077273 -> hxxps://www.urbanstore.sk; hxxps://postovnezdarma.cz; hxxps://vidcomo.me
FF Extension: (AdBlock) - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\s0mxvc29.default-1526791077273\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2020-01-10]
FF Extension: (Avast SafePrice | Porovnanie, ponuky, kupóny) - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\s0mxvc29.default-1526791077273\Extensions\sp@avast.com.xpi [2019-02-19]
FF Extension: (Avast Online Security) - C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\s0mxvc29.default-1526791077273\Extensions\wrc@avast.com.xpi [2020-01-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_314.dll [2020-01-14] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-02] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default [2019-10-12]
CHR Extension: (Prezentácie Google) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-17]
CHR Extension: (Dokumenty Google) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-17]
CHR Extension: (Disk Google) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-17]
CHR Extension: (YouTube) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-17]
CHR Extension: (Avast SafePrice) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-03-21]
CHR Extension: (Tabuľky Google) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-17]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-03-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-17]
CHR Extension: (Gmail) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-17]
CHR Extension: (Chrome Media Router) - C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-17]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [88136 2019-09-10] (Adobe Inc. -> Adobe Systems)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [217600 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-09-28] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5106064 2019-12-19] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [859096 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-03-26] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files\AVAST Software\Browser\Application\77.2.2153.120\elevation_service.exe [970088 2019-11-05] (AVAST Software s.r.o. -> AVAST Software)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd. -> Safer Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9107968 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [370176 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [35512 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [174712 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [224008 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [169408 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [59368 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [211088 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [41200 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [145048 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [95168 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [73312 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [691528 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394856 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [176760 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [277408 2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [86656 2012-05-14] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [191320 2019-05-24] (Sysprogs OU -> Sysprogs OU)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25104 2016-08-31] (Disc Soft Ltd -> Disc Soft Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-14 18:17 - 2020-01-14 18:18 - 000000000 ____D C:\AdwCleaner
2020-01-14 18:16 - 2020-01-15 13:08 - 000000000 ____D C:\Users\Martina\Desktop\scan
2020-01-14 18:16 - 2020-01-14 18:16 - 008237744 _____ (Malwarebytes) C:\Users\Martina\Desktop\adwcleaner_8.0.1.exe
2020-01-14 17:42 - 2020-01-15 13:09 - 000000000 ____D C:\FRST
2020-01-04 15:41 - 2019-11-29 19:20 - 140876009 ____N C:\Users\Martina\Desktop\20191129_191910.mp4
2019-12-25 15:21 - 2019-12-25 15:21 - 001520562 _____ C:\Users\Martina\Desktop\doc03034520191015114905.pdf.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-15 13:08 - 2017-02-24 18:09 - 000004168 _____ C:\Windows\system32\Tasks\Avast Emergency Update
2020-01-15 13:04 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-15 11:44 - 2009-07-14 05:34 - 000015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-15 11:44 - 2009-07-14 05:34 - 000015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-14 18:53 - 2016-11-18 21:55 - 000000000 ____D C:\Users\Martina\AppData\LocalLow\Mozilla
2020-01-14 12:41 - 2018-03-13 16:41 - 000004470 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-01-14 12:41 - 2017-01-01 09:26 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
2020-01-14 12:41 - 2017-01-01 09:26 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
2020-01-14 12:41 - 2017-01-01 09:26 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-01-14 12:41 - 2017-01-01 09:26 - 000000000 ____D C:\Windows\system32\Macromed
2020-01-13 19:09 - 2018-09-21 16:27 - 000004464 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-01-13 19:09 - 2017-08-28 15:39 - 000003156 _____ C:\Windows\system32\Tasks\{28B03894-C247-4549-9B84-CB5B1A0419AD}
2020-01-13 19:09 - 2016-08-31 16:16 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-01-10 16:31 - 2019-10-21 17:30 - 000000000 ____D C:\Users\Martina\Desktop\MATEJ ŠUPINA
2020-01-10 08:37 - 2018-03-26 07:37 - 000000000 ____D C:\Users\Martina\AppData\Local\AVAST Software
2020-01-10 07:51 - 2019-12-06 16:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-10 07:51 - 2019-08-01 07:10 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2020-01-09 14:17 - 2019-08-28 14:27 - 000000000 ____D C:\Users\Martina\Desktop\MK
2020-01-09 14:16 - 2017-04-29 15:18 - 000000000 ____D C:\Users\Martina\Desktop\Tina fotky
2020-01-08 18:05 - 2016-08-31 16:42 - 000000000 ____D C:\Users\Martina\AppData\Local\Microsoft Help
2020-01-08 18:03 - 2016-08-17 16:33 - 000726316 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-08 18:03 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2020-01-04 18:06 - 2016-09-15 17:31 - 000000000 ____D C:\Users\Martina\AppData\Roaming\vlc
2020-01-04 17:28 - 2017-10-21 09:37 - 000000000 ____D C:\Users\Martina\AppData\Roaming\.minecraft
2019-12-25 16:20 - 2019-11-24 19:16 - 000000000 ____D C:\Users\Martina\Desktop\ZSPŠ
2019-12-21 11:59 - 2017-04-09 10:57 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories ========

2018-02-07 15:19 - 2019-05-18 19:15 - 000007606 _____ () C:\Users\Martina\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-01-08 13:18
==================== End of FRST.txt ========================

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2020
Ran by Martina (15-01-2020 13:10:27)
Running from C:\Users\Martina\Desktop\scan
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2016-08-17 15:30:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2161742772-3264747898-1850005297-500 - Administrator - Disabled)
Guest (S-1-5-21-2161742772-3264747898-1850005297-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2161742772-3264747898-1850005297-1003 - Limited - Enabled)
Martina (S-1-5-21-2161742772-3264747898-1850005297-1000 - Administrator - Enabled) => C:\Users\Martina

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.314 - Adobe)
Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 77.2.2153.120 - Autori prehliadača Avast Secure Browser)
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Grand Theft Auto IV - Complete Edition (HKLM\...\Grand Theft Auto IV - Complete Edition_is1) (Version:  - )
GTA San Andreas (HKLM\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Mafia 2 - Jimmiho Vendeta 1.0.0.1 (HKLM\...\Mafia 2 - Jimmiho Vendeta 1.0.0.1) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Minecraft1.8 (HKLM\...\Minecraft1.8) (Version:  - )
Mozilla Firefox 72.0.1 (x86 sk) (HKLM\...\Mozilla Firefox 72.0.1 (x86 sk)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.1.7311 - Mozilla)
NVIDIA PhysX (HKLM\...\{F9835182-794B-4F24-902A-E2CA9D43380F}) (Version: 9.10.0512 - NVIDIA Corporation)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 9.21a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.70 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2012-09-28] (Advanced Micro Devices, Inc.) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-10-05] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Martina\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()

==================== Loaded Modules (Whitelisted) =============

2012-09-23 12:49 - 2012-09-23 12:49 - 000573440 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-28 14:42 - 2012-09-28 14:42 - 000200192 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-28 14:42 - 2012-09-28 14:42 - 000095232 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-09-23 12:49 - 2012-09-23 12:49 - 003854336 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2016-09-02 13:57 - 2016-09-02 13:57 - 000096256 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2019-01-04 10:55 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 195.146.128.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{43C880AC-89E5-43C8-A307-5591F5B675D5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3A179FCC-A341-4CB9-BEF5-7648F40C7215}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2D33CF19-86A6-4DB1-BBAC-9831B729D92D}C:\users\martina\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martina\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{6E6A8AFA-431C-4FD4-AB73-01DEC7315319}C:\users\martina\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martina\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{735E3244-F565-4553-ABD7-07B8CB53EDD4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe No File
FirewallRules: [TCP Query User{5B89B722-8610-4902-912C-3F93E61B1D0D}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{B4EAF317-AE85-4451-BD6F-6839F46220DF}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [{2D9F3663-5C4D-420F-9463-91F0DDD295F0}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================

25-12-2019 12:27:35 Plánovaný kontrolný bod
02-01-2020 00:00:03 Plánovaný kontrolný bod
09-01-2020 11:28:39 Plánovaný kontrolný bod

==================== Faulty Device Manager Devices ============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/15/2020 11:42:45 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 07:42:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 06:43:20 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 05:42:46 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 04:42:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 03:42:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 02:42:44 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.

Error: (01/14/2020 01:42:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Avast Update Helper -- Error 1316. Zadané konto už existuje.


System errors:
=============
Error: (01/15/2020 11:35:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby SBSD Security Center Service zlyhalo kvôli nasledujúcej chybe: 
Služba neodpovedala na riadiaci alebo spúšťací pokyn načas.

Error: (01/15/2020 11:35:10 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby SBSD Security Center Service bol dosiahnutý časový limit (30000 ms).

Error: (01/14/2020 06:47:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Windows Media Player - služba zdieľania v sieti zlyhalo kvôli nasledujúcej chybe: 
Pretože zlyhalo prihlásenie, službu sa nepodarilo spustiť.

Error: (01/14/2020 06:47:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Službe WMPNetworkSvc sa nepodarilo s aktuálne nakonfigurovaným heslom prihlásiť ako NT AUTHORITY\NetworkService kvôli nasledujúcej chybe: 
Požiadavka nie je podporovaná.


Ak chcete zabezpečiť správne nakonfigurovanie služby, použite modul Služby konzoly MMC (Microsoft Management Console).

Error: (01/14/2020 06:46:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Software Protection sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/14/2020 06:46:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Media Player - služba zdieľania v sieti sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/14/2020 06:46:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Inštalátor systému Windows sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (01/14/2020 06:46:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD FUEL Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1201 09/04/2012
Motherboard: ASUSTeK Computer INC. M5A78L-M LX V2
Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 58%
Total physical RAM: 3326.12 MB
Available physical RAM: 1384.02 MB
Total Virtual: 6650.56 MB
Available Virtual: 4682.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:193.84 GB) NTFS

\\?\Volume{837800db-648e-11e6-896e-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 3FE0D987)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Conder
Moderátor
Moderátor
Příspěvky: 3845
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu - Podozrivý email

#6 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {07c8eb75-6f41-11e6-becb-50465d8df63b} - E:\Install.exe
    HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {0d9c1544-78a0-11e9-8fad-50465d8df63b} - E:\Mafia2.part01.exe
    HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {44038e1c-798d-11e9-83f4-50465d8df63b} - E:\setup.exe
    HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {aefcf925-929a-11e9-9a5e-50465d8df63b} - E:\LG_PC_Programs.exe
    GroupPolicy: Restriction ? <==== ATTENTION
    Task: {AC4FF70D-B74D-45B9-9F1B-2054E712237A} - System32\Tasks\{28B03894-C247-4549-9B84-CB5B1A0419AD} => C:\Windows\system32\pcalua.exe -a C:\Users\Martina\Downloads\FacebookGameroom.exe -d C:\Users\Martina\Downloads
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Richi
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 12 dub 2013 11:56

Re: Prosím o kontrolu logu - Podozrivý email

#7 Příspěvek od Richi »

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-01-2020
Ran by Martina (15-01-2020 17:08:49) Run:1
Running from C:\Users\Martina\Desktop\scan
Loaded Profiles: Martina (Available Profiles: Martina)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {07c8eb75-6f41-11e6-becb-50465d8df63b} - E:\Install.exe
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {0d9c1544-78a0-11e9-8fad-50465d8df63b} - E:\Mafia2.part01.exe
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {44038e1c-798d-11e9-83f4-50465d8df63b} - E:\setup.exe
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\...\MountPoints2: {aefcf925-929a-11e9-9a5e-50465d8df63b} - E:\LG_PC_Programs.exe
GroupPolicy: Restriction ? <==== ATTENTION
Task: {AC4FF70D-B74D-45B9-9F1B-2054E712237A} - System32\Tasks\{28B03894-C247-4549-9B84-CB5B1A0419AD} => C:\Windows\system32\pcalua.exe -a C:\Users\Martina\Downloads\FacebookGameroom.exe -d C:\Users\Martina\Downloads

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count    : 5846
Average  : 
Sum      : 19178316004
Maximum  : 
Minimum  : 
Property : Length


========= End of Powershell: =========

HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07c8eb75-6f41-11e6-becb-50465d8df63b} => removed successfully.
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d9c1544-78a0-11e9-8fad-50465d8df63b} => removed successfully.
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44038e1c-798d-11e9-83f4-50465d8df63b} => removed successfully.
HKU\S-1-5-21-2161742772-3264747898-1850005297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aefcf925-929a-11e9-9a5e-50465d8df63b} => removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4FF70D-B74D-45B9-9F1B-2054E712237A}" => removed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4FF70D-B74D-45B9-9F1B-2054E712237A}" => removed successfully.
C:\Windows\System32\Tasks\{28B03894-C247-4549-9B84-CB5B1A0419AD} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28B03894-C247-4549-9B84-CB5B1A0419AD}" => removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 107141257 B
Java, Flash, Steam htmlcache => 1346 B
Windows/system/drivers => 576413894 B
Edge => 0 B
Chrome => 14003763 B
Firefox => 379854318 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 29634501 B
LocalService => 29766745 B
NetworkService => 29851021 B
Martina => 672309951 B

RecycleBin => 41631 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:18:32 ====

Conder
Moderátor
Moderátor
Příspěvky: 3845
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu - Podozrivý email

#8 Příspěvek od Conder »

:arrow: Logy tiez vyzeraju OK. Su s PC nejake problemy?

:arrow: Ten email bude pravdepodobne iba spam (okrem ineho sfalsovanie odosielatela, ako si pisal nie je nic zlozite).

:arrow: Plocha ma cca 17 GB, co je prilis vela. Odporucam presunut setky subory a zlozky z plochy do dokumentov a na ploche nechat iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Richi
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 12 dub 2013 11:56

Re: Prosím o kontrolu logu - Podozrivý email

#9 Příspěvek od Richi »

S pc nie sú žiadne problémy, všetko vyzerá v poriadku. Preventívne som povedal rodičom nech si v robote zmenia heslá dôležitých účtov a prešiel na platený AV. K tej ploche, už som im to vysvetľoval veľakrát, do mesiaca do bude vyzerať rovnako.
Ďakujem teda za pomoc, asi môžte lock.

Conder
Moderátor
Moderátor
Příspěvky: 3845
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu - Podozrivý email

#10 Příspěvek od Conder »

:arrow: Tak este upraceme po pouzitych nastrojoch:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět