Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

controla pc

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
simy13
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 26 kvě 2021 20:35

controla pc

#1 Příspěvek od simy13 »

dobrý večer prosím o kontrolu počítače vyskakující okna nechtěne posílám frst logAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2021
Ran by pc (29-11-2021 20:23:02)
Running from C:\Users\pc\Desktop
Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) (2021-01-16 13:52:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-591005949-3795881383-2982760695-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-591005949-3795881383-2982760695-503 - Limited - Disabled)
Guest (S-1-5-21-591005949-3795881383-2982760695-501 - Limited - Disabled)
pc (S-1-5-21-591005949-3795881383-2982760695-1001 - Administrator - Enabled) => C:\Users\pc
WDAGUtilityAccount (S-1-5-21-591005949-3795881383-2982760695-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2111.2126 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.7.25887 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.58.25058 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.13.0.11216 - Avira Operations GmbH & Co. KG) Hidden
Backup and Sync from Google (HKLM\...\{685BAD50-A3AA-4B91-A15B-77F9DC7346D4}) (Version: 3.57.4043.4118 - Google, Inc.)
Batman Arkham Origins version 1.0.0.0 (HKLM-x32\...\Batman Arkham Origins_is1) (Version: 1.0.0.0 - Mr DJ)
BIOMUTANT (HKLM-x32\...\BIOMUTANT_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.78 - Piriform)
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: 2.2.0.0205 - Foxit Software)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 53.0.8.0 - Google LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Hellbound (HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Hellbound) (Version: - HOODLUM)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{BCDD692B-172D-440A-9A1B-501C71D72CC8}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
K-Lite Mega Codec Pack 10.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - )
Kontrola stavu osobního počítače s Windows (HKLM\...\{88EC8D4A-54AB-4A7F-BDE9-4AD906D9D11F}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\OneDriveSetup.exe) (Version: 20.201.1005.0009 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B981965-2FBC-433C-B4B3-E183EE97CD29}) (Version: 2.83.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 94.0.2 (x64 cs)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 76.0 - Mozilla)
NVIDIA Ovladač HD audia 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Prince of Persia - The Two Thrones (HKLM-x32\...\1207659091_is1) (Version: 1.1 v2 - GOG.com)
Rayman Legends (HKLM-x32\...\UmF5bWFuTGVnZW5kcw==_is1) (Version: 1 - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skully (HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Skully) (Version: - HOODLUM)
The Saboteur (HKLM-x32\...\1403000599_is1) (Version: 2.1.0.4 - GOG.com)
The Saboteur Čeština (HKLM-x32\...\The Saboteur Čeština 1.2.0) (Version: 1.2.0 - BonusWeb)
Tomb Raider - The Angel of Darkness (HKLM-x32\...\1207659089_is1) (Version: 20171016 - GOG.com)
Tony Vočko a případ růžového tapíra (HKLM-x32\...\{EC27DF14-030F-4BF2-B323-723FF7F0D4AB}_is1) (Version: 1.0 - RelikZ)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 126.1.10597 - Ubisoft)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Unlocker (HKLM-x32\...\{5577A25D-E4FE-4BFB-A660-E0D766BC4EDD}) (Version: 1.9.2 - ajua Custom Installers)
Vampirem (HKLM-x32\...\Vampirem_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version: - )

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.3.262.0_x64__v10z8vjag6ke6 [2021-11-19] (HP Inc.)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3554304 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [258560 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\WINDOWS\system32\ff_vfw.dll [127488 2013-08-14] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3649536 2013-03-17] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [243200 2011-06-24] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112640 2013-08-14] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-11-29 19:05 - 2021-11-29 19:05 - 000114176 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_ctypes.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000172544 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_elementtree.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 002255872 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_hashlib.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000032256 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_multiprocessing.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000046080 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_psutil_windows.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000047616 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_socket.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 002825216 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_ssl.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000026112 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\_yappi.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000080896 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\bz2.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000015872 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\common.time34.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000007680 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\hashobjs_ext.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000301568 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\PIL._imaging.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000168448 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\pyexpat.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 001084416 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\pysqlite2._sqlite.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000548864 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\pythoncom27.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 000137728 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\pywintypes27.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 000010752 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\select.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000020992 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\thumbnails_ext.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000689664 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\unicodedata.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000119808 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\usb_ext.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000128512 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32api.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000438784 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32com.shell.shell.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000011776 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32crypt.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000023040 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32event.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000149504 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32file.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000223232 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32gui.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000048128 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32inet.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000029696 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32pdh.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000027648 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32pipe.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000044032 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32process.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000020480 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32profile.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000136192 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32security.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000026624 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\win32ts.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000034304 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\windows.conditional.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000037888 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\windows.connectivity.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000071680 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\windows.device_monitor.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000103936 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\windows.volumes.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000019968 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\windows.winwrap.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 001325056 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._controls_.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 001489408 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._core_.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 001007104 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._gdi_.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000103424 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._html2.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 000916992 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._misc_.pyd
2021-11-29 19:05 - 2021-11-29 19:05 - 001039872 _____ () [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wx._windows_.pyd
2009-11-17 21:58 - 2009-11-17 21:58 - 000342656 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
2009-11-17 21:58 - 2009-11-17 21:58 - 000559232 _____ (Hewlett Packard -> Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2011-04-29 10:34 - 2011-04-29 10:34 - 000934400 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2011-04-29 10:34 - 2011-04-29 10:34 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2011-04-29 18:08 - 2011-04-29 18:08 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2010-08-06 10:15 - 2010-08-06 10:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000054784 _____ (Hewlett-Packard) [File not signed] C:\WINDOWS\SYSTEM32\hpzipr12.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 003043328 _____ (Python Software Foundation) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\python27.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxbase30u_net_vc90_x64.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxbase30u_vc90_x64.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxmsw30u_adv_vc90_x64.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxmsw30u_core_vc90_x64.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxmsw30u_html_vc90_x64.dll
2021-11-29 19:05 - 2021-11-29 19:05 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\pc\AppData\Local\Temp\_MEI94162\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-05-07 17:01 - 2021-05-24 20:18 - 000002480 _____ C:\WINDOWS\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site

2020-07-18 07:47 - 2020-07-18 07:47 - 000000374 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-591005949-3795881383-2982760695-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\luis royo wallpaper 9.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{658F35B1-839A-49DE-8AC3-A19E394A9205}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{DB249C55-CD66-46C6-AF15-111ED2CB68BE}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{8400D88A-CC4A-4489-8445-53C4AAF9BB0C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FC73ADF5-7360-4EA6-A38D-C712B6B1E2DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{463C951F-D8EC-49CD-8817-B9C245007F5A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4F23A84-2D83-47A3-BB27-A3F1BF10F42E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D2084A04-C463-40F0-8A4B-AD2115AA69D1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63B878E9-043A-4C32-AE45-20AC85F133F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F9841C4F-1715-466C-B820-6DB61F024157}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
FirewallRules: [{63D5F674-0F91-4CF0-9742-90FE28320534}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
FirewallRules: [TCP Query User{B37CD51F-3EFE-42CF-A741-976412DC326D}C:\program files (x86)\rayman legends\rayman legends.exe] => (Block) C:\program files (x86)\rayman legends\rayman legends.exe (Ubisoft Chengdu Co., Ltd. -> )
FirewallRules: [UDP Query User{DABCFF11-4FB7-470F-BD2E-D74CC80D740E}C:\program files (x86)\rayman legends\rayman legends.exe] => (Block) C:\program files (x86)\rayman legends\rayman legends.exe (Ubisoft Chengdu Co., Ltd. -> )
FirewallRules: [{9635D2FE-9ECF-4786-A61E-F05F28BCFB1A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{13F23B79-56BB-4704-AB15-98F5DF9DD240}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0160A890-7392-4298-9E49-43CC5F45A75B}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{88BECD09-4095-4B69-8C9B-003875D51DC5}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{5172A3AB-C121-46DD-9737-47012E449026}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

26-11-2021 14:49:12 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: PC Camera
Description: PC Camera
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/29/2021 06:52:55 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (11/28/2021 01:31:53 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (11/26/2021 09:56:28 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/26/2021 09:56:27 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/26/2021 09:35:00 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (11/26/2021 02:36:08 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (11/23/2021 10:09:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: firefox.exe, verze: 94.0.2.7993, časové razítko: 0x6197bf0a
Název chybujícího modulu: firefox.exe, verze: 94.0.2.7993, časové razítko: 0x6197bf0a
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003a2c0
ID chybujícího procesu: 0x1c3c
Čas spuštění chybující aplikace: 0x01d7e0ae74fd3428
Cesta k chybující aplikaci: C:\Program Files\Mozilla Firefox\firefox.exe
Cesta k chybujícímu modulu: C:\Program Files\Mozilla Firefox\firefox.exe
ID zprávy: bcdb92e6-28cb-4bdc-aa23-022554f68a0f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/23/2021 10:09:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: firefox.exe, verze: 94.0.2.7993, časové razítko: 0x6197bf0a
Název chybujícího modulu: firefox.exe, verze: 94.0.2.7993, časové razítko: 0x6197bf0a
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000003a2c0
ID chybujícího procesu: 0x1ed4
Čas spuštění chybující aplikace: 0x01d7e0ae6f8d91c4
Cesta k chybující aplikaci: C:\Program Files\Mozilla Firefox\firefox.exe
Cesta k chybujícímu modulu: C:\Program Files\Mozilla Firefox\firefox.exe
ID zprávy: 8c0e3326-9be2-4c59-9529-9e5f9dbadbf3
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (11/29/2021 06:08:28 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/29/2021 01:56:58 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/28/2021 06:17:59 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/28/2021 02:31:40 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/26/2021 11:59:09 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/24/2021 07:08:21 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.

Error: (11/24/2021 07:03:41 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/24/2021 06:41:51 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Při vytváření přihlašovacích údajů TLS Klient se stala závažná chyba. Stav interní chyby je 10013.


Windows Defender:
================
Date: 2021-02-02 16:35:04
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {A3964236-309C-48F8-A8F5-541A79E6CEC3}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-02 16:24:54
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {990F0FA3-4E9D-45FA-9DD2-677A669554CE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-02 16:14:16
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/GameHack
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe; file:_C:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe; file:_D:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-BUIQGPN\pc
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.331.33.0, AS: 1.331.33.0, NIS: 1.331.33.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-02 16:13:59
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {021DB1EC-4EE5-4E5A-A12E-3D17722759E1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-02 15:49:34
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: PUA:Win32/GameHack
Závažnost: Nízké
Kategorie: Potenciálně nežádoucí software
Cesta: file:_C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe; file:_D:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-BUIQGPN\pc
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.331.33.0, AS: 1.331.33.0, NIS: 1.331.33.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

CodeIntegrity:
===============
Date: 2021-10-01 17:10:00
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Intel Corp. BLH6710H.86A.0119.2011.0523.1030 05/23/2011
Motherboard: Intel Corporation DH67CL
Processor: Intel(R) Pentium(R) CPU G860 @ 3.00GHz
Percentage of memory in use: 66%
Total physical RAM: 8169.45 MB
Available physical RAM: 2744.11 MB
Total Virtual: 9961.45 MB
Available Virtual: 1437.26 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:291.92 GB) (Free:25.26 GB) NTFS
Drive d: () (Fixed) (Total:172.79 GB) (Free:93.64 GB) NTFS

\\?\Volume{81168116-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{81168116-0000-0000-0000-801d49000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 81168116)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=291.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=520 MB) - (Type=27)
Partition 4: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: controla pc

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

simy13
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 26 kvě 2021 20:35

Re: controla pc

#3 Příspěvek od simy13 »

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-07-2021
# Duration: 00:00:10
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1249 octets] - [06/04/2019 22:39:54]
AdwCleaner[S01].txt - [1310 octets] - [21/03/2021 20:02:09]
AdwCleaner[C01].txt - [1496 octets] - [21/03/2021 20:03:04]
AdwCleaner[S02].txt - [1432 octets] - [20/05/2021 06:41:07]
AdwCleaner[C02].txt - [1618 octets] - [20/05/2021 06:41:50]
AdwCleaner[S03].txt - [1820 octets] - [25/05/2021 12:13:26]
AdwCleaner[C03].txt - [1972 octets] - [25/05/2021 12:13:59]
AdwCleaner[S04].txt - [1832 octets] - [26/05/2021 21:27:33]
AdwCleaner[C04].txt - [2022 octets] - [26/05/2021 21:27:49]
AdwCleaner[S05].txt - [1954 octets] - [27/05/2021 05:59:34]
AdwCleaner[C05].txt - [2144 octets] - [27/05/2021 05:59:55]
AdwCleaner[S06].txt - [1920 octets] - [02/09/2021 20:21:57]
AdwCleaner[C06].txt - [2106 octets] - [02/09/2021 20:22:30]
AdwCleaner[S07].txt - [2198 octets] - [07/12/2021 20:56:43]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C07].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: controla pc

#4 Příspěvek od Rudy »

Toto je OK. Přidejte ještě obsah souboru frst.txt (je na ploše) a pak dočistíme od zbytečností.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

simy13
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 26 kvě 2021 20:35

Re: controla pc

#5 Příspěvek od simy13 »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-11-2021
Ran by pc (administrator) on DESKTOP-BUIQGPN (29-11-2021 20:16:48)
Running from C:\Users\pc\Desktop
Loaded Profiles: pc
Platform: Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG -> Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\53.0.8.0\crashpad_handler.exe <2>
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe <7>
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett Packard -> Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2111.1001.3.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2111.1001.3.0_x64__8wekyb3d8bbwe\XboxPcApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.11001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.59.11001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.10202.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [269cb9d1f0c741c63247e1d77e6f3f30] => C:\WINDOWS\system32\.. [0 2021-11-23] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49952424 2021-10-19] (Google LLC -> )
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [] => [X]
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpfpp70v: C:\Windows\System32\spool\prtprocs\x64\hpfpp70v.dll [248320 2009-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\hpf3l70v.dll: C:\WINDOWS\system32\hpf3l70v.dll [136704 2009-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-16] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2020-05-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-29] () [File not signed] <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {020B8D4F-ED6C-48BF-A706-92C3EDA12CEA} - System32\Tasks\ebtools => C:\Program Files (x86)\EUROBYTE TOOLS\vp4.exe [302976 2021-03-01] (EUROBYTE SOFTWARE s.r.o. -> OEM)
Task: {0FABBC8C-8AEF-48D8-8871-753D43761435} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29851288 2021-10-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {281E568C-0480-4449-8924-7237C56CD085} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {6FAE0226-890D-4314-BCB9-D455DB44FEDD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {8D68F718-A2F0-4B69-8CCF-DA61A8732A0A} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {B801D9EA-FFD7-4934-9D43-47B421E171A2} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1673272 2021-11-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {BEFD7BD7-FD32-4988-961B-945621A32EA3} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [237952 2021-11-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {BFBF306C-2F78-4FF3-8FDA-73D95BF36BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)
Task: {E3A062A3-6759-4C8E-9778-34FD8FCAB1D2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27616328 2021-03-18] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EC10146E-D00E-4384-8E9F-84ED36D86EF5} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-18] (Piriform Software Ltd -> Piriform)
Task: {F6BB5510-A28C-4034-AF85-DF98D6A003BB} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2648424 2021-11-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {F9F0FA52-F2E7-4497-9B0A-CAA949D11636} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {FB9D81C3-BBB1-4011-A130-2DFBD1AF8465} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ATTENTION (Restriction - Zones)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{56e852ca-19c1-4a7c-8ee5-466a0ea91c03}: [DhcpNameServer] 192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\pc\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-14]

FireFox:
========
FF DefaultProfile: dc063tec.default
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\dc063tec.default [2021-06-02]
FF Extension: (Avira Password Manager) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\dc063tec.default\Extensions\passwordmanager@avira.com [2020-05-08]
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315 [2021-11-29]
FF Extension: (Blokátor reklam AdGuard) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315\Extensions\adguardadblocker@adguard.com.xpi [2021-08-26]
FF Extension: (To Google Translate) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2021-06-22]
FF Extension: (Linkificator) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\reez1ulx.default-release-1616317886315\Extensions\linkificator@markapola.xpi [2021-03-22]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2021-08-25]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Spouštěč aplikací pro Disk (od Googlu)) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-07-25]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-25]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-25]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\pc\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2021-07-19]
CHR HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

Opera:
=======
OPR Profile: C:\Users\pc\AppData\Roaming\Opera Software\Opera Stable [2021-06-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1206648 2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [538000 2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485048 2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485048 2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574672 2021-07-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989160 2021-08-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384480 2021-08-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [272448 2021-11-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [275088 2021-11-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [25720 2020-08-18] (Avira Operations GmbH & Co. KG -> Olof Lagerkvist)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-01-16] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2021-02-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22848 2021-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [209088 2021-11-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2021-02-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2021-02-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2021-02-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [95376 2020-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Olof Lagerkvist)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-01-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-01-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-01-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-29 20:16 - 2021-11-29 20:18 - 000019820 _____ C:\Users\pc\Desktop\FRST.txt
2021-11-29 20:16 - 2021-11-29 20:16 - 000000000 ____D C:\Users\pc\Downloads\FRST-OlderVersion
2021-11-29 20:16 - 2021-11-29 20:16 - 000000000 ____D C:\Users\pc\Desktop\FRST-OlderVersion
2021-11-29 19:07 - 2021-11-29 19:14 - 1386656960 _____ C:\Users\pc\Downloads\Snoubenec.nebo.milenec.Hab.2020.480p.webrip.cz.dabing.5.1.avi
2021-11-27 14:30 - 2021-11-27 14:46 - 1993558390 _____ C:\Users\pc\Downloads\Venom.2.Carnage.prichazi.Venom.Let.There.Be.Carnage.2021.1080p.WEBRip.x264.CZ.titulky.mkv
2021-11-24 16:23 - 2021-11-24 17:45 - 3547685207 _____ C:\Users\pc\Downloads\Chlapec kteremu ríkaji Vanoce - A.Boy.Called.Christmas.2021.1080p.WEBRip.CZ.dabing.5.1.mkv
2021-11-22 21:21 - 2021-11-22 22:24 - 1338967089 _____ C:\Users\pc\Downloads\Kovboj.Bebop-Lovec.odmen.S01E06.1080p.WEBRip.CS.dabing.5.1(1).mkv
2021-11-14 18:46 - 2021-11-14 18:46 - 000000000 ____D C:\Users\pc\Downloads\The_Saboteur_CZ(1)
2021-11-14 10:42 - 2021-11-14 10:42 - 001765698 _____ C:\Users\pc\Downloads\94706a4de4efbf85c040d142d6a5b21c6190d48fc95a88.47700651.png.pdf
2021-11-12 16:38 - 2021-11-12 16:38 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-12 16:37 - 2021-11-12 16:37 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-12 16:37 - 2021-11-12 16:37 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-12 16:36 - 2021-11-12 16:36 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-12 15:50 - 2021-11-12 15:50 - 000000000 ___HD C:\$WinREAgent
2021-11-04 19:08 - 2021-11-04 19:08 - 000000000 ____D C:\Users\pc\AppData\Roaming\The Saboteur Čeština
2021-11-04 19:08 - 2021-11-04 19:08 - 000000000 ____D C:\ProgramData\Caphyon
2021-11-04 19:08 - 2021-11-04 19:08 - 000000000 ____D C:\Program Files\Electronic Arts
2021-11-04 19:07 - 2021-11-04 19:07 - 000000000 ____D C:\Users\pc\AppData\Roaming\BonusWeb
2021-11-04 19:06 - 2021-11-04 19:06 - 000000000 ____D C:\Users\pc\Downloads\The Saboteur Čeština
2021-11-03 19:16 - 2021-11-03 19:16 - 000466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2021-11-03 19:16 - 2021-11-03 19:16 - 000444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2021-11-03 19:16 - 2021-11-03 19:16 - 000122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2021-11-03 19:16 - 2021-11-03 19:16 - 000109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2021-11-03 19:16 - 2021-11-03 19:16 - 000000000 ____D C:\Program Files (x86)\OpenAL
2021-11-03 18:20 - 2021-11-03 18:20 - 000001708 _____ C:\Users\Public\Desktop\Tomb Raider - The Angel of Darkness.lnk
2021-11-03 18:20 - 2021-11-03 18:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tomb Raider - The Angel of Darkness [GOG.com]
2021-11-03 18:15 - 2021-11-03 18:15 - 000000000 ____D C:\Users\pc\Downloads\Tomb.Raider.The.Angel.of.Darkness
2021-11-03 17:24 - 2021-11-03 17:24 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-03 17:24 - 2021-11-03 17:24 - 000000000 ____D C:\Program Files\PCHealthCheck

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-29 20:19 - 2020-05-08 02:15 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-29 20:18 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-29 20:17 - 2021-05-28 15:45 - 000000000 ____D C:\FRST
2021-11-29 20:16 - 2021-05-28 15:45 - 002311680 _____ (Farbar) C:\Users\pc\Desktop\FRST64.exe
2021-11-29 20:16 - 2021-05-28 15:44 - 002311680 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2021-11-29 19:07 - 2020-05-07 17:07 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-29 19:06 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-11-29 19:06 - 2018-07-05 12:19 - 000000000 ____D C:\Users\pc\AppData\LocalLow\Mozilla
2021-11-29 18:58 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-29 18:57 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-29 18:53 - 2020-05-08 02:15 - 000000000 ____D C:\Program Files\CCleaner
2021-11-29 18:51 - 2021-10-11 13:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-29 18:51 - 2021-01-16 14:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-29 18:51 - 2021-01-16 14:25 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-29 18:51 - 2020-05-07 17:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-29 18:51 - 2020-05-07 16:27 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-29 18:50 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-29 18:42 - 2021-01-16 14:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-24 21:24 - 2021-01-16 14:33 - 000000000 ____D C:\Users\pc
2021-11-24 16:17 - 2020-06-06 16:49 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-24 16:17 - 2020-06-06 16:49 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-11-23 22:26 - 2021-01-27 19:37 - 000000000 ____D C:\Users\pc\AppData\Local\ElevatedDiagnostics
2021-11-23 22:25 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-23 22:09 - 2021-10-13 22:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-23 22:09 - 2020-05-07 17:07 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-22 21:09 - 2021-01-16 14:43 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-22 21:09 - 2019-12-07 15:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-11-22 21:09 - 2019-12-07 15:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-11-22 18:27 - 2021-10-01 16:25 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-11-22 18:27 - 2021-10-01 16:25 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-11-22 18:27 - 2021-10-01 16:25 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-11-22 18:27 - 2021-10-01 16:25 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-11-21 14:17 - 2020-05-07 17:01 - 000000000 ____D C:\ProgramData\Packages
2021-11-20 08:54 - 2021-01-16 14:51 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-11-19 06:48 - 2021-04-16 21:41 - 000001078 _____ C:\Users\Public\Desktop\Avira.lnk
2021-11-19 06:48 - 2021-04-16 21:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-11-19 06:48 - 2021-02-02 19:05 - 000003644 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2021-11-19 06:45 - 2021-05-29 19:15 - 002224592 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2021-11-19 06:45 - 2021-05-29 19:15 - 000332224 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2021-11-19 06:45 - 2021-05-29 19:15 - 000217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2021-11-19 06:45 - 2021-05-29 19:15 - 000197048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2021-11-19 06:45 - 2021-05-29 19:15 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2021-11-19 06:45 - 2021-05-29 19:15 - 000061904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemodcontrol.exe
2021-11-17 14:50 - 2021-01-21 21:17 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6ec0cff30e22e
2021-11-17 14:50 - 2021-01-16 14:51 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-16 21:37 - 2020-05-08 02:08 - 000000000 ____D C:\Users\pc\AppData\Roaming\vlc
2021-11-16 21:31 - 2020-05-08 02:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-16 21:31 - 2020-05-08 02:15 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-12 20:16 - 2021-01-16 14:26 - 000266504 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-12 20:12 - 2019-12-07 15:47 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-11-12 20:12 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-11-12 20:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-12 20:12 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-12 16:47 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-12 15:45 - 2020-05-07 20:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-12 15:40 - 2020-05-07 20:09 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-03 19:22 - 2020-05-08 02:17 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-03 19:16 - 2021-02-02 22:44 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2021-11-03 19:14 - 2020-06-26 15:09 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2021-11-03 18:23 - 2021-01-16 09:49 - 000000000 ____D C:\Users\pc\AppData\Local\D3DSCache
2021-11-03 18:19 - 2021-10-12 16:09 - 000000000 ____D C:\GOG Games
2021-11-01 20:35 - 2021-02-02 18:22 - 000209088 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

==================== Files in the root of some directories ========

2021-05-16 20:27 - 2021-05-17 17:31 - 000012288 _____ () C:\Users\pc\AppData\Roaming\emp.bin

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: controla pc

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-29] () [File not signed] <==== ATTENTION
Task: {FB9D81C3-BBB1-4011-A130-2DFBD1AF8465} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)
Task: {BFBF306C-2F78-4FF3-8FDA-73D95BF36BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\Users\pc\AppData\Local\Temp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
FirewallRules: [{F9841C4F-1715-466C-B820-6DB61F024157}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
FirewallRules: [{63D5F674-0F91-4CF0-9742-90FE28320534}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe
C:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe

EmptyTemp:
Hosts:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

simy13
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 26 kvě 2021 20:35

Re: controla pc

#7 Příspěvek od simy13 »

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-12-2021
Ran by pc (15-12-2021 22:38:30) Run:2
Running from C:\Users\pc\Desktop
Loaded Profiles: pc
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat [2019-12-29] () [File not signed] <==== ATTENTION
Task: {FB9D81C3-BBB1-4011-A130-2DFBD1AF8465} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)
Task: {BFBF306C-2F78-4FF3-8FDA-73D95BF36BE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-05-08] (Google Inc -> Google LLC)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\Users\pc\AppData\Local\Temp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
SearchScopes: HKU\S-1-5-21-591005949-3795881383-2982760695-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src ... ORM=IESR02
FirewallRules: [{F9841C4F-1715-466C-B820-6DB61F024157}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
FirewallRules: [{63D5F674-0F91-4CF0-9742-90FE28320534}] => (Allow) C:\Program Files (x86)\Mr DJ\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe => No File
C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe
C:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe

EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-591005949-3795881383-2982760695-1001\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\update.bat => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB9D81C3-BBB1-4011-A130-2DFBD1AF8465}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB9D81C3-BBB1-4011-A130-2DFBD1AF8465}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BFBF306C-2F78-4FF3-8FDA-73D95BF36BE0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFBF306C-2F78-4FF3-8FDA-73D95BF36BE0}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\Users\pc\AppData\Local\Temp => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-591005949-3795881383-2982760695-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9841C4F-1715-466C-B820-6DB61F024157}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63D5F674-0F91-4CF0-9742-90FE28320534}" => removed successfully
"C:\Users\pc\Downloads\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe" => not found
"C:\Wolfenstein.The.Old.Blood-CODEX\codex-wolfenstein.the.old.blood\setup.exe" => not found
Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92513418 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 147456 B
Firefox => 1159682521 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 39822 B
NetworkService => 39822 B
pc => 5290698 B

RecycleBin => 1437375643 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-12-2021 20:59:07)

C:\Windows\System32\Drivers\etc\hosts => Could not move
Could not restore Hosts.

==== End of Fixlog 20:59:08 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: controla pc

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

simy13
Návštěvník
Návštěvník
Příspěvky: 14
Registrován: 26 kvě 2021 20:35

Re: controla pc

#9 Příspěvek od simy13 »

děkuji vše se zdá být v pořádku :thumbsup:

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118199
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: controla pc

#10 Příspěvek od Rudy »

To jsem rád a nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno