Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nechcené pop-ups

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Nechcené pop-ups

#1 Příspěvek od Peelie »

Keď otvorím browser, tak mi naskakujú pop-ups kde sú napríklad hlášky Toto ma zarobilo a dole je názov webstránky napríklad wolve.pro, alebo apkreal.com.Ako to odstrániť?

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15197
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Nechcené pop-ups

#2 Příspěvek od JaRon »

FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Nechcené pop-ups

#3 Příspěvek od Peelie »

Díky moc.

Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Nechcené pop-ups

#4 Příspěvek od Peelie »

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.1
# -------------------------------
# Build: 09-03-2018
# Database: 2018-09-17.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-18-2018
# Duration: 00:00:01
# OS: Windows 7 Home Premium
# Cleaned: 5
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Martin\AppData\Roaming\Hola

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Hola
Deleted HKLM\Software\Wow6432Node\Hola
Deleted HKLM\Software\Hola
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1551 octets] - [18/09/2018 11:23:36]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15197
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Nechcené pop-ups

#5 Příspěvek od JaRon »

v navode bol zoek a JRT :(
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Nechcené pop-ups

#6 Příspěvek od Peelie »

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Home Premium x64
Ran by Martin (Administrator) on ut 18. 09. 2018 at 13:24:14,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 21

Successfully deleted: C:\Users\Martin\AppData\Roaming\babylon (Folder)
Successfully deleted: C:\Windows\hgfs.sys (File)
Successfully deleted: C:\Windows\prleth.sys (File)
Successfully deleted: C:\Windows\system32\drivers\windivert64.sys (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GE8G4O8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PTW27LJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NCB5KJY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77ZE3IBY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RSH283E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP90G58B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VD6GYJ5I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3FPIZ70 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GE8G4O8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PTW27LJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6NCB5KJY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77ZE3IBY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RSH283E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP90G58B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VD6GYJ5I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y3FPIZ70 (Temporary Internet Files Fold

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{06E5CE54-26A7-489F-A9ED-8B53B6FC8C6A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ut 18. 09. 2018 at 13:27:20,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zoek mi nechce spustiť.

Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Nechcené pop-ups

#7 Příspěvek od Peelie »

Spustilo, ale žiaden log nie je.

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15197
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Nechcené pop-ups

#8 Příspěvek od JaRon »

zoek nechaj bezat cca 30min, ak nebude ziadny výsledok, restartuj PC a napis, ci su este problemy :???:
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Nechcené pop-ups

#9 Příspěvek od Peelie »

Žiaľ pokračuje to naďalej. Teraz, keď som otvoril Operu vyskočili 4 obdlžniky,kde bolo dole wolve.pro

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15197
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Nechcené pop-ups

#10 Příspěvek od JaRon »

Zoek Operu necisti, robia problem aj ine prehliadace ?
Vloz oba log FRST
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Nechcené pop-ups

#11 Příspěvek od Peelie »

Sorry, tie veci robí nie Opera, ale Vivaldi.Opera je čistá.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by Martin (administrator) on MARTIN-PC (19-09-2018 09:55:53)
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5844788-BED4-4849-99BF-940E9B612EC4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {A8A2381B-85B6-4030-B763-863A4F470EAD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc.)

FireFox:
========
FF DefaultProfile: ef26py92.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default [2018-02-04]
FF Homepage: Mozilla\SeaMonkey\Profiles\ii5mfmc2.default -> www.google.com
FF NewTab: Mozilla\SeaMonkey\Profiles\ii5mfmc2.default -> about:newtab
FF Extension: (DOM Inspector) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\inspector@mozilla.org [2016-09-22] [Legacy]
FF Extension: (ChatZilla) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-09-30] [Legacy]
FF Extension: (NoScript) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-09-23] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-08] [Legacy]
FF Extension: (JavaScript Debugger) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-09-22] [Legacy]
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default [2018-09-06]
FF Homepage: Mozilla\Firefox\Profiles\ef26py92.default -> about:home
FF Extension: (Popup Blocker Ultimate) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2018-02-03]
FF Extension: (No Name) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a8zub8k1.default [2018-02-04]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Martin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2018-09-04]
CHR Extension: (Dokumenty) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-27]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-27]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-27]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-04]
CHR HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (AdBlock) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-06-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [895056 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [226000 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [226000 2018-08-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148568 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [436848 2018-08-17] (Avira Operations GmbH & Co. KG)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-04-22] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [73240 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [199920 2018-08-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153040 2018-08-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2018-08-27] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2018-08-27] (Avira Operations GmbH & Co. KG)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [197240 2017-12-03] (360.cn)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0121.sys [38432 2016-09-18] (SoftEther Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-06-28] (Anchorfree Inc.)
U5 UnlockerDriver5; D:\Nový priečinok\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2016-10-13] (Wondershare)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 DeepATS; \??\C:\Program Files (x86)\360\360Safe\deepscan\AtS64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S2 WinDivert1.2; \??\C:\Windows\system32\drivers\WinDivert64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-19 09:55 - 2018-09-19 09:58 - 000012931 _____ C:\Users\Martin\Downloads\FRST.txt
2018-09-19 09:55 - 2018-09-19 09:55 - 000001119 _____ C:\Users\Martin\Desktop\FRST64 - odkaz.lnk
2018-09-19 09:55 - 2018-09-19 09:55 - 000000000 ____D C:\FRST
2018-09-19 09:53 - 2018-09-19 09:53 - 002413568 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2018-09-18 12:55 - 2018-09-18 12:57 - 081980476 _____ C:\Users\Martin\Downloads\Uncut - November 2018.pdf
2018-09-18 10:19 - 2018-09-18 10:19 - 000194821 _____ C:\Users\Martin\Downloads\ZS s MS Sar. Dravce 2.pdf
2018-09-18 09:58 - 2018-09-19 09:58 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-09-18 09:58 - 2018-08-27 15:28 - 000199920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000153040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000073240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2018-09-17 14:05 - 2018-09-18 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-09-17 14:05 - 2018-09-18 09:58 - 000000000 ____D C:\Program Files (x86)\Avira
2018-09-17 14:04 - 2018-09-18 09:58 - 000000000 ____D C:\ProgramData\Avira
2018-09-08 17:58 - 2018-09-08 18:00 - 000000000 ____D C:\Users\Martin\AppData\Local\ZPN Connect
2018-09-06 14:11 - 2018-09-17 10:27 - 000004084 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1536235891
2018-09-06 14:11 - 2018-09-06 14:11 - 000001252 _____ C:\Users\Martin\Desktop\Prehliadač Opera.lnk
2018-09-06 14:11 - 2018-09-06 14:11 - 000001252 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prehliadač Opera.lnk
2018-09-06 12:11 - 2018-09-06 12:11 - 018946676 _____ C:\Users\Martin\Downloads\2018-10-01 Q Magazine.pdf
2018-09-06 11:06 - 2018-09-06 11:06 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-09-04 14:59 - 2018-09-04 14:59 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-09-04 14:59 - 2018-09-04 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-09-04 14:54 - 2018-09-04 14:55 - 000000000 ____D C:\Program Files (x86)\GUM9FD7.tmp
2018-09-04 14:53 - 2018-09-04 15:04 - 000000000 ____D C:\Users\Martin\AppData\Local\AVAST Software
2018-09-04 14:53 - 2018-09-04 14:53 - 000001964 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Passwords.lnk
2018-09-04 14:52 - 2018-09-04 14:52 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-09-04 14:52 - 2018-09-04 14:52 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-09-04 14:52 - 2018-09-04 14:52 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-09-04 14:29 - 2018-09-04 14:29 - 000000000 ____D C:\Users\Martin\AppData\Local\Avira Operations Gmbh & Co. KG
2018-09-04 14:28 - 2018-09-04 14:28 - 000000000 ____D C:\Windows\System32\Tasks\Avira
2018-09-04 14:27 - 2018-09-04 14:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2018-09-04 13:32 - 2018-09-04 13:32 - 000000000 ____D C:\Users\Martin\AppData\Local\mbam
2018-09-04 13:12 - 2018-09-04 13:12 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashRpt
2018-08-26 12:21 - 2018-08-26 12:32 - 019380921 _____ C:\Users\Martin\Downloads\mojo-october-2018.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-19 09:54 - 2009-07-14 06:45 - 000021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-19 09:54 - 2009-07-14 06:45 - 000021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-19 09:52 - 2015-10-04 19:50 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2018-09-19 09:51 - 2009-07-14 07:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-19 09:51 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-09-19 09:47 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-18 13:58 - 2014-07-28 18:35 - 000000000 ____D C:\Users\Martin
2018-09-18 13:50 - 2014-08-23 21:09 - 000000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2018-09-18 10:00 - 2016-01-14 18:08 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Seznam.cz
2018-09-17 14:04 - 2015-12-11 19:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-16 11:44 - 2014-07-28 19:11 - 000000000 ____D C:\Program Files\WinRAR
2018-09-16 09:20 - 2014-07-29 13:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-15 15:04 - 2014-08-16 20:49 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2018-09-12 13:52 - 2016-04-08 15:54 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-09-12 13:52 - 2015-10-04 19:50 - 000003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-09-12 13:52 - 2014-07-29 13:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-12 13:52 - 2014-07-29 13:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-12 13:52 - 2014-07-29 13:15 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 12:52 - 2018-03-13 15:52 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-08 18:39 - 2014-08-24 12:31 - 000000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2018-09-04 14:59 - 2015-05-09 15:30 - 000001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-09-04 14:59 - 2015-05-09 15:30 - 000001066 _____ C:\ProgramData\Desktop\VLC media player.lnk
2018-08-30 10:56 - 2017-06-18 21:49 - 000003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1497815344
2018-08-21 10:16 - 2009-07-14 07:08 - 000032516 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-05-08 06:05 - 2014-05-08 06:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\159 dk orange bl 4.ADO
2015-02-12 07:07 - 2015-02-12 07:07 - 000000213 _____ () C:\Users\Martin\AppData\Roaming\3BSYBS1_DDVW_ErrLog.txt
2013-10-02 04:55 - 2013-10-02 04:55 - 000000940 _____ () C:\Users\Martin\AppData\Roaming\admon.graphics.extension.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 000003523 _____ () C:\Users\Martin\AppData\Roaming\Adobe-Japan1-0
2013-10-02 04:54 - 2013-10-02 04:54 - 000000453 _____ () C:\Users\Martin\AppData\Roaming\Aqtau
2013-10-02 04:54 - 2013-10-02 04:54 - 000000065 _____ () C:\Users\Martin\AppData\Roaming\Bangui
2014-05-08 06:05 - 2014-05-08 06:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\BMC blue 4.ADO
2010-07-19 23:16 - 2010-07-19 23:16 - 000004751 _____ () C:\Users\Martin\AppData\Roaming\b_no.jpg
2013-10-02 04:54 - 2013-10-02 04:54 - 000000549 _____ () C:\Users\Martin\AppData\Roaming\Catamarca
2013-10-02 04:55 - 2013-10-02 04:55 - 000001978 _____ () C:\Users\Martin\AppData\Roaming\caution.tif
2014-05-08 07:44 - 2014-05-08 07:44 - 000002828 _____ () C:\Users\Martin\AppData\Roaming\CNS2-V
2013-10-02 04:56 - 2013-10-02 04:56 - 000001266 _____ () C:\Users\Martin\AppData\Roaming\compact.list.item.spacing.xml
2014-05-08 06:05 - 2014-05-08 06:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\Cool Gray 9 bl 4.ADO
2015-05-20 03:28 - 2015-05-20 03:28 - 000002176 _____ () C:\Users\Martin\AppData\Roaming\C_Enabled.png
2011-03-21 18:48 - 2011-03-21 18:48 - 000000512 _____ () C:\Users\Martin\AppData\Roaming\data2.cab
2013-10-02 04:55 - 2013-10-02 04:55 - 000002654 _____ () C:\Users\Martin\AppData\Roaming\dbtoepub
2013-10-02 04:56 - 2013-10-02 04:56 - 000001013 _____ () C:\Users\Martin\AppData\Roaming\double.sided.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000004817 _____ () C:\Users\Martin\AppData\Roaming\dsc_checkup_tile.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000004997 _____ () C:\Users\Martin\AppData\Roaming\dsc_drivers_tile.png
2014-05-08 07:44 - 2014-05-08 07:44 - 000002862 _____ () C:\Users\Martin\AppData\Roaming\dut1995phon.env
2015-05-20 03:28 - 2015-05-20 03:28 - 000004279 _____ () C:\Users\Martin\AppData\Roaming\dxdiag.png
2007-01-16 02:00 - 2007-01-16 02:00 - 000003294 _____ () C:\Users\Martin\AppData\Roaming\Extravagancy.Y
2015-05-20 03:28 - 2015-05-20 03:28 - 000001592 _____ () C:\Users\Martin\AppData\Roaming\forward32.png
2013-10-02 04:54 - 2013-10-02 04:54 - 000001676 _____ () C:\Users\Martin\AppData\Roaming\Gibraltar
2013-10-02 04:56 - 2013-10-02 04:56 - 000005030 _____ () C:\Users\Martin\AppData\Roaming\graphics.xsl
2014-05-08 07:44 - 2014-05-08 07:44 - 000000672 _____ () C:\Users\Martin\AppData\Roaming\gre.fca
2013-10-02 04:54 - 2013-10-02 04:54 - 000000137 _____ () C:\Users\Martin\AppData\Roaming\Guatemala
2015-05-20 03:28 - 2015-05-20 03:28 - 000003291 _____ () C:\Users\Martin\AppData\Roaming\history_report_gray.png
2013-10-02 04:56 - 2013-10-02 04:56 - 000000941 _____ () C:\Users\Martin\AppData\Roaming\htmlhelp.autolabel.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 000000963 _____ () C:\Users\Martin\AppData\Roaming\ignore.image.scaling.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000002116 _____ () C:\Users\Martin\AppData\Roaming\internetProperties.png
1987-02-02 02:00 - 1987-02-02 02:00 - 000046203 _____ () C:\Users\Martin\AppData\Roaming\Introvert.j6a
2013-10-02 04:56 - 2013-10-02 04:56 - 000001015 _____ () C:\Users\Martin\AppData\Roaming\javahelp.encoding.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000004676 _____ () C:\Users\Martin\AppData\Roaming\lid_closure.png
2014-05-08 06:05 - 2014-05-08 06:05 - 000000117 _____ () C:\Users\Martin\AppData\Roaming\More Saturated.hdt
2013-10-02 04:54 - 2013-10-02 04:54 - 000000097 _____ () C:\Users\Martin\AppData\Roaming\Nairobi
2013-10-02 04:56 - 2013-10-02 04:56 - 000001093 _____ () C:\Users\Martin\AppData\Roaming\navig.graphics.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000001519 _____ () C:\Users\Martin\AppData\Roaming\not_applicable_2.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000001315 _____ () C:\Users\Martin\AppData\Roaming\pcdrfingerprintreader.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 000000781 _____ () C:\Users\Martin\AppData\Roaming\phone.png
2014-05-08 06:08 - 2014-05-08 06:08 - 000001433 _____ () C:\Users\Martin\AppData\Roaming\Plastic - Violet Purple, Strong & Flexible.3PP
2014-05-08 07:44 - 2014-05-08 07:44 - 000000972 _____ () C:\Users\Martin\AppData\Roaming\pol.fca
2013-10-02 04:55 - 2013-10-02 04:55 - 000001597 _____ () C:\Users\Martin\AppData\Roaming\projectteam.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 000001085 _____ () C:\Users\Martin\AppData\Roaming\qanda.inherit.numeration.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000004156 _____ () C:\Users\Martin\AppData\Roaming\quick-test.png
2014-05-08 07:44 - 2014-05-08 07:44 - 000000889 _____ () C:\Users\Martin\AppData\Roaming\README_gu.txt
2014-05-08 07:44 - 2014-05-08 07:44 - 000001614 _____ () C:\Users\Martin\AppData\Roaming\s29.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000003676 _____ () C:\Users\Martin\AppData\Roaming\save.png
2013-10-02 04:56 - 2013-10-02 04:56 - 000000883 _____ () C:\Users\Martin\AppData\Roaming\section.autolabel.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 000001102 _____ () C:\Users\Martin\AppData\Roaming\section.title.level5.properties.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000001421 _____ () C:\Users\Martin\AppData\Roaming\security.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000002649 _____ () C:\Users\Martin\AppData\Roaming\sysinfopage_forfile.css
2015-05-20 03:14 - 2015-05-20 03:14 - 000000110 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_ar.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 000000095 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_it.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 000000112 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_nl.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 000001728 _____ () C:\Users\Martin\AppData\Roaming\tweakNetworkingManual_ko.p5p
2013-10-02 04:56 - 2013-10-02 04:56 - 000001323 _____ () C:\Users\Martin\AppData\Roaming\ulink.show.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000001543 _____ () C:\Users\Martin\AppData\Roaming\user_attention.png
2017-10-17 21:40 - 2017-10-17 21:40 - 000009029 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2015-06-16 17:54 - 2015-06-16 17:54 - 000000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat

Some files in TEMP:
====================
2018-03-24 15:31 - 2018-02-22 11:48 - 000976416 _____ (BlueStack Systems, Inc.) C:\Users\Martin\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2018-04-07 14:43 - 2005-04-06 11:47 - 000040960 _____ () C:\Users\Martin\AppData\Local\Temp\comver.dll
2018-08-05 11:19 - 2018-08-05 11:19 - 007258024 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.103.449.exe
2018-09-12 16:29 - 2018-09-12 16:29 - 007380392 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.107.108.exe
2018-02-08 18:36 - 2018-02-08 18:37 - 007188064 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.81.356.exe
2018-04-23 14:32 - 2018-04-23 14:32 - 007233448 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.92.264.exe
2018-09-05 11:37 - 2018-09-05 11:37 - 000379864 _____ (ESET) C:\Users\Martin\AppData\Local\Temp\InstHelper.exe
2018-03-24 15:31 - 2018-02-22 11:48 - 000421368 _____ (CodeTitans) C:\Users\Martin\AppData\Local\Temp\JSON.dll
2018-09-18 10:00 - 2018-09-18 10:00 - 000534528 _____ () C:\Users\Martin\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 16:46

==================== End of FRST.txt ============================






Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by Martin (19-09-2018 09:58:40)
Running from C:\Users\Martin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-28 16:35:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515885200-768628804-3900138106-500 - Administrator - Disabled)
Guest (S-1-5-21-515885200-768628804-3900138106-501 - Limited - Disabled)
Martin (S-1-5-21-515885200-768628804-3900138106-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{532da46c-2aa3-4588-a4a2-b02bc641bf95}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{9620D4C2-CF5B-4DBE-8103-CC9DAB0871C6}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.40.12 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoGP URT 3 (HKLM-x32\...\MotoGP URT 3_is1) (Version: - THQ)
Opera Stable 55.0.2994.44 (HKLM-x32\...\Opera 55.0.2994.44) (Version: 55.0.2994.44 - Opera Software)
Opera Stable 55.0.2994.61 (HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Opera 55.0.2994.61) (Version: 55.0.2994.61 - Opera Software)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Quake II (HKLM-x32\...\Quake2UninstallKey) (Version: - )
Spotify (HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vivaldi (HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Vivaldi) (Version: 1.15.1147.55 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [.Akclap5962] -> {8a9b264c-eb61-4135-a455-0f6767c09462} => C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962.dll [2016-07-08] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Advanced System Protector] -> {00212D92-C5D8-4ff4-AE50-B20F0F85C40A} => -> No File
ContextMenuHandlers1: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-08-27] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => D:\Nový priečinok\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-07-28] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-08-27] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => D:\Nový priečinok\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1AD28213-097C-4893-B327-C071147AB296} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {299173C1-BEDC-4BE4-AF76-52C583E1B197} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {4FCE8287-F99D-421F-A8BB-94F04C6C99A0} - System32\Tasks\Opera scheduled Autoupdate 1477133455 => C:\Program Files (x86)\Opera\launcher.exe
Task: {74FC347C-1BDA-4916-9FA0-84CA926BA809} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-19] (Adobe Systems Incorporated)
Task: {776464BC-99BD-4D1E-AB41-9CE8D2E4F386} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07] (Google Inc.)
Task: {8833A238-587B-4E20-84AF-0AC198A046E8} - System32\Tasks\Opera scheduled Autoupdate 1536235891 => C:\Users\Martin\AppData\Local\Programs\Opera\launcher.exe [2018-09-13] (Opera Software)
Task: {8E43CCB0-D70F-41B3-A4BA-6D1055A29D7C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-08-27] (Avira Operations GmbH & Co. KG)
Task: {AD9E773B-3189-4F77-9067-8AB3787B7FB0} - System32\Tasks\Opera scheduled Autoupdate 1497815344 => C:\Program Files (x86)\Opera\launcher.exe
Task: {CDAA5F8A-9019-43EB-A923-18371851666B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {D037912B-7859-49BC-BFD0-C482F1CF161D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {DA19EA11-F8FD-4C36-9BC5-C92AA6DBE2BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07] (Google Inc.)
Task: {DBDA8427-2F42-4CC4-92C6-68642A719DC9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-12-03 12:18 - 2016-07-08 16:35 - 000420192 _____ () C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 000020032 _____ () D:\Nový priečinok\Unlocker\UnlockerCOM.dll
2015-07-28 22:45 - 2015-07-28 22:45 - 000127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-09-18 09:58 - 2018-08-27 15:28 - 001204472 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll
2018-09-18 09:58 - 2018-08-27 15:28 - 000243352 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll
2017-12-03 12:18 - 2017-12-03 12:42 - 000640400 _____ () C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962_core.dll
2017-07-17 19:30 - 2017-07-17 19:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-07-27 17:09 - 000000130 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 www.mefeedia.com
0.0.0.0 www.mefeedia.com
0.0.0.0 delivery.anchorfree.us/land.php

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515885200-768628804-3900138106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: Spotify => C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: TIDAL => C:\Users\Martin\AppData\Local\TIDAL\update.exe --processStart TIDAL.exe --process-start-args " -autostart -minimized"
MSCONFIG\startupreg: Vivaldi Update Notifier => "D:\zde\html\vivaldi\Application\update_notifier.exe"
MSCONFIG\startupreg: ZPNConnect => C:\Users\Martin\AppData\Local\ZPN Connect\ZpnCli.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{646DCD8D-DF44-49C1-8F8E-C9FF2902413E}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{A2AD1C24-3EE8-4850-8E35-DFBB4C259DAA}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{D7B9C5CE-4AC8-48C1-BD71-B357B8BF3E5F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9A8EE00C-D15B-4081-98BC-A1B3116BD335}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{E15D46E9-0EA6-489E-9917-B27393EA56A1}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{B12F4E68-0197-4558-B750-D4D26A9EAC50}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [TCP Query User{C5EB449F-BED4-49D4-8CE4-ADA02F25B1F3}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [UDP Query User{E20D8B8E-7B76-46C2-9AC2-8FCEA7D0CA8B}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [TCP Query User{916542B8-37B2-4B45-8060-109345C8D7D2}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{94383437-B0C7-46BF-8400-48F5FAA98512}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [{4340AC80-268D-4F82-98E3-E4FE4E6330BE}] => (Allow) LPort=58172
FirewallRules: [{7F90DB53-54DC-467F-B390-D2E4D32DC869}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50D55F4D-4E3B-41B2-A715-3ECA3D36AE4A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9FE49B77-DD32-436C-BCF3-3F2E7A138D35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{156B5BE0-89CD-4A0C-9D50-93A6ABE80ADF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FC1D952F-5E1F-4A2D-8A00-7F2DAB0A4362}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Winquake.exe
FirewallRules: [{18D07B99-F756-477C-A3F8-9A0E0671E1AE}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Winquake.exe
FirewallRules: [{E4DE097F-E158-4E61-AF35-6722290BF174}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\qwcl.exe
FirewallRules: [{528A0558-DB36-443A-970A-4BE62F812E2F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\qwcl.exe
FirewallRules: [{96BD2439-CF1D-4FFD-A2D3-2C51B89B4E94}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Glquake.exe
FirewallRules: [{B587AAA2-75F6-4894-800A-E35868546DD4}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Glquake.exe
FirewallRules: [{EA984656-E4B7-4B8B-898D-9986FA114EFB}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\glqwcl.exe
FirewallRules: [{9FD3D1A5-524A-4C0F-9EF3-ECB25CE0FD4F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\glqwcl.exe
FirewallRules: [{74329262-E301-4638-8367-D6A951262F59}] => (Allow) D:\PROGRAMY\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B7D3E7B4-C0DB-46BB-B6FB-82088132BB13}] => (Allow) D:\PROGRAMY\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E08279C4-80DA-41D8-BA23-96109989693E}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{9966BADD-E931-4FE4-9461-2A3690CA82AE}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [{3EA558AE-056C-46E5-B953-7A322F3A5AFC}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [TCP Query User{1CE59B52-4ED8-4E7D-B33B-D2F02D7ED63F}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DFA7C960-F2E3-4C6F-8A90-BD43DEDCD17A}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{48884CF9-C9F6-4B7B-9618-519346195568}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{567B0639-D3DD-4FFE-A048-2B77CADBD5F6}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{D91B4033-AE34-4055-A42A-DCDA57194931}] => (Allow) D:\zde\html\vivaldi\Application\vivaldi.exe
FirewallRules: [{97E19586-905F-4B0A-832F-ABFC5A75EA18}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
FirewallRules: [{4F8B0055-4D28-45E1-AF25-96E24831A23D}] => (Allow) C:\Program Files (x86)\Opera\55.0.2994.44\opera.exe
FirewallRules: [{24D66D1C-93BE-41DA-BDCA-79847AF57FCC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{89B2B90A-6156-4E57-977D-8CC722E4B1A8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{B31206C4-5FEB-421D-A46E-5C6377FEB270}] => (Allow) C:\Users\Martin\AppData\Local\Programs\Opera\55.0.2994.56\opera.exe
FirewallRules: [{A872585B-00E1-4A7E-9B2E-E8F22C2C6E80}] => (Allow) C:\Users\Martin\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe

==================== Restore Points =========================

04-11-2017 17:08:04 Plánovaný kontrolný bod
13-11-2017 17:09:45 Plánovaný kontrolný bod
09-12-2017 17:28:53 Plánovaný kontrolný bod
16-12-2017 16:02:42 Installed resident evil 4
17-12-2017 17:18:21 Removed resident evil 4
07-01-2018 17:17:42 Plánovaný kontrolný bod
21-01-2018 14:39:56 Plánovaný kontrolný bod
08-02-2018 14:49:01 Plánovaný kontrolný bod
17-02-2018 13:22:22 Plánovaný kontrolný bod
04-03-2018 14:28:34 Plánovaný kontrolný bod
12-03-2018 20:26:45 Plánovaný kontrolný bod
18-03-2018 17:27:35 Installed jetAudio Basic
18-03-2018 17:29:11 Removed jetAudio Basic
28-03-2018 19:23:15 Plánovaný kontrolný bod
10-04-2018 19:24:49 Plánovaný kontrolný bod
21-04-2018 12:42:15 Plánovaný kontrolný bod
28-04-2018 16:40:10 Plánovaný kontrolný bod
14-05-2018 18:34:18 Plánovaný kontrolný bod
26-05-2018 15:42:30 Plánovaný kontrolný bod
17-06-2018 13:11:03 Plánovaný kontrolný bod
30-06-2018 16:57:00 Plánovaný kontrolný bod
15-07-2018 20:57:28 Plánovaný kontrolný bod
22-07-2018 20:57:30 Plánovaný kontrolný bod
01-08-2018 12:06:41 Plánovaný kontrolný bod
08-08-2018 16:01:08 Plánovaný kontrolný bod
16-08-2018 20:37:46 Plánovaný kontrolný bod
26-08-2018 13:33:12 Plánovaný kontrolný bod
04-09-2018 14:42:20 Removed Avira Safe Shopping
04-09-2018 14:42:47 Removed Avira Home Guard
05-09-2018 11:32:52 Installed ESET Security
05-09-2018 11:34:30 Nainštalované: ESET NOD32 Antivirus
06-09-2018 11:06:32 Windows Update
18-09-2018 13:24:21 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: WinDivert1.2
Description: WinDivert1.2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WinDivert1.2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2018 09:56:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error: (09/19/2018 09:56:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error: (09/19/2018 09:56:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error: (09/19/2018 09:53:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error: (09/19/2018 09:52:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error: (09/19/2018 09:51:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (09/19/2018 09:51:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (09/19/2018 09:49:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.


System errors:
=============
Error: (09/19/2018 09:47:33 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/19/2018 09:47:33 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/19/2018 09:47:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE

Error: (09/19/2018 09:47:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby WinDivert1.2 zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (09/19/2018 09:47:10 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/19/2018 09:47:06 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/19/2018 09:47:05 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/19/2018 09:47:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126


Windows Defender:
===================================
Date: 2018-09-06 11:08:41.156
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{AE98B6B0-B283-436D-B583-8F2BFBCEDAF1}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-09-06 11:08:37.365
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{7078D724-96C6-46FD-A887-ACE1D1591977}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-09-06 11:07:54.903
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{3B58ABC9-4977-4189-B41B-3D214B4BA97C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2018-09-16 11:45:25.683
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.683
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.683
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.668
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.668
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.668
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.652
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.637
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 17%
Total physical RAM: 8154.46 MB
Available physical RAM: 6702.94 MB
Total Virtual: 16307.11 MB
Available Virtual: 14779.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.32 GB) (Free:19.27 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:332.83 GB) NTFS

\\?\Volume{3ccbebad-1674-11e4-ba11-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Nechcené pop-ups

#12 Příspěvek od Peelie »

Sorry, tie veci robí nie Opera, ale Vivaldi.Opera je čistá.



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by Martin (administrator) on MARTIN-PC (19-09-2018 09:55:53)
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5844788-BED4-4849-99BF-940E9B612EC4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {A8A2381B-85B6-4030-B763-863A4F470EAD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc.)

FireFox:
========
FF DefaultProfile: ef26py92.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default [2018-02-04]
FF Homepage: Mozilla\SeaMonkey\Profiles\ii5mfmc2.default -> www.google.com
FF NewTab: Mozilla\SeaMonkey\Profiles\ii5mfmc2.default -> about:newtab
FF Extension: (DOM Inspector) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\inspector@mozilla.org [2016-09-22] [Legacy]
FF Extension: (ChatZilla) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-09-30] [Legacy]
FF Extension: (NoScript) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-09-23] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-08] [Legacy]
FF Extension: (JavaScript Debugger) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-09-22] [Legacy]
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default [2018-09-06]
FF Homepage: Mozilla\Firefox\Profiles\ef26py92.default -> about:home
FF Extension: (Popup Blocker Ultimate) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2018-02-03]
FF Extension: (No Name) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a8zub8k1.default [2018-02-04]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Martin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2018-09-04]
CHR Extension: (Dokumenty) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-27]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-27]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-27]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-04]
CHR HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (AdBlock) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-06-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [895056 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [226000 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [226000 2018-08-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148568 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [436848 2018-08-17] (Avira Operations GmbH & Co. KG)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-04-22] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [73240 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [199920 2018-08-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153040 2018-08-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2018-08-27] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2018-08-27] (Avira Operations GmbH & Co. KG)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [197240 2017-12-03] (360.cn)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0121.sys [38432 2016-09-18] (SoftEther Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-06-28] (Anchorfree Inc.)
U5 UnlockerDriver5; D:\Nový priečinok\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2016-10-13] (Wondershare)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 DeepATS; \??\C:\Program Files (x86)\360\360Safe\deepscan\AtS64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S2 WinDivert1.2; \??\C:\Windows\system32\drivers\WinDivert64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-19 09:55 - 2018-09-19 09:58 - 000012931 _____ C:\Users\Martin\Downloads\FRST.txt
2018-09-19 09:55 - 2018-09-19 09:55 - 000001119 _____ C:\Users\Martin\Desktop\FRST64 - odkaz.lnk
2018-09-19 09:55 - 2018-09-19 09:55 - 000000000 ____D C:\FRST
2018-09-19 09:53 - 2018-09-19 09:53 - 002413568 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2018-09-18 12:55 - 2018-09-18 12:57 - 081980476 _____ C:\Users\Martin\Downloads\Uncut - November 2018.pdf
2018-09-18 10:19 - 2018-09-18 10:19 - 000194821 _____ C:\Users\Martin\Downloads\ZS s MS Sar. Dravce 2.pdf
2018-09-18 09:58 - 2018-09-19 09:58 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-09-18 09:58 - 2018-08-27 15:28 - 000199920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000153040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000073240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2018-09-17 14:05 - 2018-09-18 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-09-17 14:05 - 2018-09-18 09:58 - 000000000 ____D C:\Program Files (x86)\Avira
2018-09-17 14:04 - 2018-09-18 09:58 - 000000000 ____D C:\ProgramData\Avira
2018-09-08 17:58 - 2018-09-08 18:00 - 000000000 ____D C:\Users\Martin\AppData\Local\ZPN Connect
2018-09-06 14:11 - 2018-09-17 10:27 - 000004084 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1536235891
2018-09-06 14:11 - 2018-09-06 14:11 - 000001252 _____ C:\Users\Martin\Desktop\Prehliadač Opera.lnk
2018-09-06 14:11 - 2018-09-06 14:11 - 000001252 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prehliadač Opera.lnk
2018-09-06 12:11 - 2018-09-06 12:11 - 018946676 _____ C:\Users\Martin\Downloads\2018-10-01 Q Magazine.pdf
2018-09-06 11:06 - 2018-09-06 11:06 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-09-04 14:59 - 2018-09-04 14:59 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-09-04 14:59 - 2018-09-04 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-09-04 14:54 - 2018-09-04 14:55 - 000000000 ____D C:\Program Files (x86)\GUM9FD7.tmp
2018-09-04 14:53 - 2018-09-04 15:04 - 000000000 ____D C:\Users\Martin\AppData\Local\AVAST Software
2018-09-04 14:53 - 2018-09-04 14:53 - 000001964 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Passwords.lnk
2018-09-04 14:52 - 2018-09-04 14:52 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-09-04 14:52 - 2018-09-04 14:52 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-09-04 14:52 - 2018-09-04 14:52 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-09-04 14:29 - 2018-09-04 14:29 - 000000000 ____D C:\Users\Martin\AppData\Local\Avira Operations Gmbh & Co. KG
2018-09-04 14:28 - 2018-09-04 14:28 - 000000000 ____D C:\Windows\System32\Tasks\Avira
2018-09-04 14:27 - 2018-09-04 14:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2018-09-04 13:32 - 2018-09-04 13:32 - 000000000 ____D C:\Users\Martin\AppData\Local\mbam
2018-09-04 13:12 - 2018-09-04 13:12 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashRpt
2018-08-26 12:21 - 2018-08-26 12:32 - 019380921 _____ C:\Users\Martin\Downloads\mojo-october-2018.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-19 09:54 - 2009-07-14 06:45 - 000021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-19 09:54 - 2009-07-14 06:45 - 000021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-19 09:52 - 2015-10-04 19:50 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2018-09-19 09:51 - 2009-07-14 07:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-19 09:51 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-09-19 09:47 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-18 13:58 - 2014-07-28 18:35 - 000000000 ____D C:\Users\Martin
2018-09-18 13:50 - 2014-08-23 21:09 - 000000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2018-09-18 10:00 - 2016-01-14 18:08 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Seznam.cz
2018-09-17 14:04 - 2015-12-11 19:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-16 11:44 - 2014-07-28 19:11 - 000000000 ____D C:\Program Files\WinRAR
2018-09-16 09:20 - 2014-07-29 13:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-15 15:04 - 2014-08-16 20:49 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2018-09-12 13:52 - 2016-04-08 15:54 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-09-12 13:52 - 2015-10-04 19:50 - 000003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-09-12 13:52 - 2014-07-29 13:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-12 13:52 - 2014-07-29 13:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-12 13:52 - 2014-07-29 13:15 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 12:52 - 2018-03-13 15:52 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-08 18:39 - 2014-08-24 12:31 - 000000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2018-09-04 14:59 - 2015-05-09 15:30 - 000001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-09-04 14:59 - 2015-05-09 15:30 - 000001066 _____ C:\ProgramData\Desktop\VLC media player.lnk
2018-08-30 10:56 - 2017-06-18 21:49 - 000003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1497815344
2018-08-21 10:16 - 2009-07-14 07:08 - 000032516 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-05-08 06:05 - 2014-05-08 06:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\159 dk orange bl 4.ADO
2015-02-12 07:07 - 2015-02-12 07:07 - 000000213 _____ () C:\Users\Martin\AppData\Roaming\3BSYBS1_DDVW_ErrLog.txt
2013-10-02 04:55 - 2013-10-02 04:55 - 000000940 _____ () C:\Users\Martin\AppData\Roaming\admon.graphics.extension.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 000003523 _____ () C:\Users\Martin\AppData\Roaming\Adobe-Japan1-0
2013-10-02 04:54 - 2013-10-02 04:54 - 000000453 _____ () C:\Users\Martin\AppData\Roaming\Aqtau
2013-10-02 04:54 - 2013-10-02 04:54 - 000000065 _____ () C:\Users\Martin\AppData\Roaming\Bangui
2014-05-08 06:05 - 2014-05-08 06:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\BMC blue 4.ADO
2010-07-19 23:16 - 2010-07-19 23:16 - 000004751 _____ () C:\Users\Martin\AppData\Roaming\b_no.jpg
2013-10-02 04:54 - 2013-10-02 04:54 - 000000549 _____ () C:\Users\Martin\AppData\Roaming\Catamarca
2013-10-02 04:55 - 2013-10-02 04:55 - 000001978 _____ () C:\Users\Martin\AppData\Roaming\caution.tif
2014-05-08 07:44 - 2014-05-08 07:44 - 000002828 _____ () C:\Users\Martin\AppData\Roaming\CNS2-V
2013-10-02 04:56 - 2013-10-02 04:56 - 000001266 _____ () C:\Users\Martin\AppData\Roaming\compact.list.item.spacing.xml
2014-05-08 06:05 - 2014-05-08 06:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\Cool Gray 9 bl 4.ADO
2015-05-20 03:28 - 2015-05-20 03:28 - 000002176 _____ () C:\Users\Martin\AppData\Roaming\C_Enabled.png
2011-03-21 18:48 - 2011-03-21 18:48 - 000000512 _____ () C:\Users\Martin\AppData\Roaming\data2.cab
2013-10-02 04:55 - 2013-10-02 04:55 - 000002654 _____ () C:\Users\Martin\AppData\Roaming\dbtoepub
2013-10-02 04:56 - 2013-10-02 04:56 - 000001013 _____ () C:\Users\Martin\AppData\Roaming\double.sided.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000004817 _____ () C:\Users\Martin\AppData\Roaming\dsc_checkup_tile.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000004997 _____ () C:\Users\Martin\AppData\Roaming\dsc_drivers_tile.png
2014-05-08 07:44 - 2014-05-08 07:44 - 000002862 _____ () C:\Users\Martin\AppData\Roaming\dut1995phon.env
2015-05-20 03:28 - 2015-05-20 03:28 - 000004279 _____ () C:\Users\Martin\AppData\Roaming\dxdiag.png
2007-01-16 02:00 - 2007-01-16 02:00 - 000003294 _____ () C:\Users\Martin\AppData\Roaming\Extravagancy.Y
2015-05-20 03:28 - 2015-05-20 03:28 - 000001592 _____ () C:\Users\Martin\AppData\Roaming\forward32.png
2013-10-02 04:54 - 2013-10-02 04:54 - 000001676 _____ () C:\Users\Martin\AppData\Roaming\Gibraltar
2013-10-02 04:56 - 2013-10-02 04:56 - 000005030 _____ () C:\Users\Martin\AppData\Roaming\graphics.xsl
2014-05-08 07:44 - 2014-05-08 07:44 - 000000672 _____ () C:\Users\Martin\AppData\Roaming\gre.fca
2013-10-02 04:54 - 2013-10-02 04:54 - 000000137 _____ () C:\Users\Martin\AppData\Roaming\Guatemala
2015-05-20 03:28 - 2015-05-20 03:28 - 000003291 _____ () C:\Users\Martin\AppData\Roaming\history_report_gray.png
2013-10-02 04:56 - 2013-10-02 04:56 - 000000941 _____ () C:\Users\Martin\AppData\Roaming\htmlhelp.autolabel.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 000000963 _____ () C:\Users\Martin\AppData\Roaming\ignore.image.scaling.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000002116 _____ () C:\Users\Martin\AppData\Roaming\internetProperties.png
1987-02-02 02:00 - 1987-02-02 02:00 - 000046203 _____ () C:\Users\Martin\AppData\Roaming\Introvert.j6a
2013-10-02 04:56 - 2013-10-02 04:56 - 000001015 _____ () C:\Users\Martin\AppData\Roaming\javahelp.encoding.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000004676 _____ () C:\Users\Martin\AppData\Roaming\lid_closure.png
2014-05-08 06:05 - 2014-05-08 06:05 - 000000117 _____ () C:\Users\Martin\AppData\Roaming\More Saturated.hdt
2013-10-02 04:54 - 2013-10-02 04:54 - 000000097 _____ () C:\Users\Martin\AppData\Roaming\Nairobi
2013-10-02 04:56 - 2013-10-02 04:56 - 000001093 _____ () C:\Users\Martin\AppData\Roaming\navig.graphics.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000001519 _____ () C:\Users\Martin\AppData\Roaming\not_applicable_2.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000001315 _____ () C:\Users\Martin\AppData\Roaming\pcdrfingerprintreader.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 000000781 _____ () C:\Users\Martin\AppData\Roaming\phone.png
2014-05-08 06:08 - 2014-05-08 06:08 - 000001433 _____ () C:\Users\Martin\AppData\Roaming\Plastic - Violet Purple, Strong & Flexible.3PP
2014-05-08 07:44 - 2014-05-08 07:44 - 000000972 _____ () C:\Users\Martin\AppData\Roaming\pol.fca
2013-10-02 04:55 - 2013-10-02 04:55 - 000001597 _____ () C:\Users\Martin\AppData\Roaming\projectteam.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 000001085 _____ () C:\Users\Martin\AppData\Roaming\qanda.inherit.numeration.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000004156 _____ () C:\Users\Martin\AppData\Roaming\quick-test.png
2014-05-08 07:44 - 2014-05-08 07:44 - 000000889 _____ () C:\Users\Martin\AppData\Roaming\README_gu.txt
2014-05-08 07:44 - 2014-05-08 07:44 - 000001614 _____ () C:\Users\Martin\AppData\Roaming\s29.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000003676 _____ () C:\Users\Martin\AppData\Roaming\save.png
2013-10-02 04:56 - 2013-10-02 04:56 - 000000883 _____ () C:\Users\Martin\AppData\Roaming\section.autolabel.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 000001102 _____ () C:\Users\Martin\AppData\Roaming\section.title.level5.properties.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000001421 _____ () C:\Users\Martin\AppData\Roaming\security.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000002649 _____ () C:\Users\Martin\AppData\Roaming\sysinfopage_forfile.css
2015-05-20 03:14 - 2015-05-20 03:14 - 000000110 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_ar.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 000000095 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_it.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 000000112 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_nl.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 000001728 _____ () C:\Users\Martin\AppData\Roaming\tweakNetworkingManual_ko.p5p
2013-10-02 04:56 - 2013-10-02 04:56 - 000001323 _____ () C:\Users\Martin\AppData\Roaming\ulink.show.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000001543 _____ () C:\Users\Martin\AppData\Roaming\user_attention.png
2017-10-17 21:40 - 2017-10-17 21:40 - 000009029 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2015-06-16 17:54 - 2015-06-16 17:54 - 000000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat

Some files in TEMP:
====================
2018-03-24 15:31 - 2018-02-22 11:48 - 000976416 _____ (BlueStack Systems, Inc.) C:\Users\Martin\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2018-04-07 14:43 - 2005-04-06 11:47 - 000040960 _____ () C:\Users\Martin\AppData\Local\Temp\comver.dll
2018-08-05 11:19 - 2018-08-05 11:19 - 007258024 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.103.449.exe
2018-09-12 16:29 - 2018-09-12 16:29 - 007380392 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.107.108.exe
2018-02-08 18:36 - 2018-02-08 18:37 - 007188064 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.81.356.exe
2018-04-23 14:32 - 2018-04-23 14:32 - 007233448 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.92.264.exe
2018-09-05 11:37 - 2018-09-05 11:37 - 000379864 _____ (ESET) C:\Users\Martin\AppData\Local\Temp\InstHelper.exe
2018-03-24 15:31 - 2018-02-22 11:48 - 000421368 _____ (CodeTitans) C:\Users\Martin\AppData\Local\Temp\JSON.dll
2018-09-18 10:00 - 2018-09-18 10:00 - 000534528 _____ () C:\Users\Martin\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 16:46

==================== End of FRST.txt ============================






Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by Martin (19-09-2018 09:58:40)
Running from C:\Users\Martin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-28 16:35:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-515885200-768628804-3900138106-500 - Administrator - Disabled)
Guest (S-1-5-21-515885200-768628804-3900138106-501 - Limited - Disabled)
Martin (S-1-5-21-515885200-768628804-3900138106-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{532da46c-2aa3-4588-a4a2-b02bc641bf95}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{9620D4C2-CF5B-4DBE-8103-CC9DAB0871C6}) (Version: 1.2.119.17994 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.40.12 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoGP URT 3 (HKLM-x32\...\MotoGP URT 3_is1) (Version: - THQ)
Opera Stable 55.0.2994.44 (HKLM-x32\...\Opera 55.0.2994.44) (Version: 55.0.2994.44 - Opera Software)
Opera Stable 55.0.2994.61 (HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Opera 55.0.2994.61) (Version: 55.0.2994.61 - Opera Software)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Quake II (HKLM-x32\...\Quake2UninstallKey) (Version: - )
Spotify (HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Spotify) (Version: 1.0.77.338.g758ebd78 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Vivaldi (HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Vivaldi) (Version: 1.15.1147.55 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [.Akclap5962] -> {8a9b264c-eb61-4135-a455-0f6767c09462} => C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962.dll [2016-07-08] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Advanced System Protector] -> {00212D92-C5D8-4ff4-AE50-B20F0F85C40A} => -> No File
ContextMenuHandlers1: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-08-27] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => D:\Nový priečinok\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-07-28] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-08-27] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => D:\Nový priečinok\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1AD28213-097C-4893-B327-C071147AB296} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
Task: {299173C1-BEDC-4BE4-AF76-52C583E1B197} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {4FCE8287-F99D-421F-A8BB-94F04C6C99A0} - System32\Tasks\Opera scheduled Autoupdate 1477133455 => C:\Program Files (x86)\Opera\launcher.exe
Task: {74FC347C-1BDA-4916-9FA0-84CA926BA809} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-19] (Adobe Systems Incorporated)
Task: {776464BC-99BD-4D1E-AB41-9CE8D2E4F386} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07] (Google Inc.)
Task: {8833A238-587B-4E20-84AF-0AC198A046E8} - System32\Tasks\Opera scheduled Autoupdate 1536235891 => C:\Users\Martin\AppData\Local\Programs\Opera\launcher.exe [2018-09-13] (Opera Software)
Task: {8E43CCB0-D70F-41B3-A4BA-6D1055A29D7C} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-08-27] (Avira Operations GmbH & Co. KG)
Task: {AD9E773B-3189-4F77-9067-8AB3787B7FB0} - System32\Tasks\Opera scheduled Autoupdate 1497815344 => C:\Program Files (x86)\Opera\launcher.exe
Task: {CDAA5F8A-9019-43EB-A923-18371851666B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {D037912B-7859-49BC-BFD0-C482F1CF161D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {DA19EA11-F8FD-4C36-9BC5-C92AA6DBE2BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07] (Google Inc.)
Task: {DBDA8427-2F42-4CC4-92C6-68642A719DC9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_pepper.exe [2018-09-12] (Adobe Systems Incorporated)
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-12-03 12:18 - 2016-07-08 16:35 - 000420192 _____ () C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 000020032 _____ () D:\Nový priečinok\Unlocker\UnlockerCOM.dll
2015-07-28 22:45 - 2015-07-28 22:45 - 000127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-09-18 09:58 - 2018-08-27 15:28 - 001204472 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-42.dll
2018-09-18 09:58 - 2018-08-27 15:28 - 000243352 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-44.dll
2017-12-03 12:18 - 2017-12-03 12:42 - 000640400 _____ () C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962_core.dll
2017-07-17 19:30 - 2017-07-17 19:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-07-27 17:09 - 000000130 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 www.mefeedia.com
0.0.0.0 www.mefeedia.com
0.0.0.0 delivery.anchorfree.us/land.php

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515885200-768628804-3900138106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: Spotify => C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: TIDAL => C:\Users\Martin\AppData\Local\TIDAL\update.exe --processStart TIDAL.exe --process-start-args " -autostart -minimized"
MSCONFIG\startupreg: Vivaldi Update Notifier => "D:\zde\html\vivaldi\Application\update_notifier.exe"
MSCONFIG\startupreg: ZPNConnect => C:\Users\Martin\AppData\Local\ZPN Connect\ZpnCli.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{646DCD8D-DF44-49C1-8F8E-C9FF2902413E}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{A2AD1C24-3EE8-4850-8E35-DFBB4C259DAA}] => (Allow) D:\PROGRAMY\Steam\Steam.exe
FirewallRules: [{D7B9C5CE-4AC8-48C1-BD71-B357B8BF3E5F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9A8EE00C-D15B-4081-98BC-A1B3116BD335}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{E15D46E9-0EA6-489E-9917-B27393EA56A1}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [{B12F4E68-0197-4558-B750-D4D26A9EAC50}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe
FirewallRules: [TCP Query User{C5EB449F-BED4-49D4-8CE4-ADA02F25B1F3}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [UDP Query User{E20D8B8E-7B76-46C2-9AC2-8FCEA7D0CA8B}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe
FirewallRules: [TCP Query User{916542B8-37B2-4B45-8060-109345C8D7D2}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [UDP Query User{94383437-B0C7-46BF-8400-48F5FAA98512}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe
FirewallRules: [{4340AC80-268D-4F82-98E3-E4FE4E6330BE}] => (Allow) LPort=58172
FirewallRules: [{7F90DB53-54DC-467F-B390-D2E4D32DC869}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50D55F4D-4E3B-41B2-A715-3ECA3D36AE4A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9FE49B77-DD32-436C-BCF3-3F2E7A138D35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{156B5BE0-89CD-4A0C-9D50-93A6ABE80ADF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FC1D952F-5E1F-4A2D-8A00-7F2DAB0A4362}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Winquake.exe
FirewallRules: [{18D07B99-F756-477C-A3F8-9A0E0671E1AE}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Winquake.exe
FirewallRules: [{E4DE097F-E158-4E61-AF35-6722290BF174}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\qwcl.exe
FirewallRules: [{528A0558-DB36-443A-970A-4BE62F812E2F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\qwcl.exe
FirewallRules: [{96BD2439-CF1D-4FFD-A2D3-2C51B89B4E94}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Glquake.exe
FirewallRules: [{B587AAA2-75F6-4894-800A-E35868546DD4}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Glquake.exe
FirewallRules: [{EA984656-E4B7-4B8B-898D-9986FA114EFB}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\glqwcl.exe
FirewallRules: [{9FD3D1A5-524A-4C0F-9EF3-ECB25CE0FD4F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\glqwcl.exe
FirewallRules: [{74329262-E301-4638-8367-D6A951262F59}] => (Allow) D:\PROGRAMY\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B7D3E7B4-C0DB-46BB-B6FB-82088132BB13}] => (Allow) D:\PROGRAMY\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E08279C4-80DA-41D8-BA23-96109989693E}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{9966BADD-E931-4FE4-9461-2A3690CA82AE}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [{3EA558AE-056C-46E5-B953-7A322F3A5AFC}] => (Allow) C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
FirewallRules: [TCP Query User{1CE59B52-4ED8-4E7D-B33B-D2F02D7ED63F}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DFA7C960-F2E3-4C6F-8A90-BD43DEDCD17A}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{48884CF9-C9F6-4B7B-9618-519346195568}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{567B0639-D3DD-4FFE-A048-2B77CADBD5F6}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Doom 3\Doom3.exe
FirewallRules: [{D91B4033-AE34-4055-A42A-DCDA57194931}] => (Allow) D:\zde\html\vivaldi\Application\vivaldi.exe
FirewallRules: [{97E19586-905F-4B0A-832F-ABFC5A75EA18}] => (Allow) C:\Program Files (x86)\Opera\54.0.2952.71\opera.exe
FirewallRules: [{4F8B0055-4D28-45E1-AF25-96E24831A23D}] => (Allow) C:\Program Files (x86)\Opera\55.0.2994.44\opera.exe
FirewallRules: [{24D66D1C-93BE-41DA-BDCA-79847AF57FCC}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{89B2B90A-6156-4E57-977D-8CC722E4B1A8}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{B31206C4-5FEB-421D-A46E-5C6377FEB270}] => (Allow) C:\Users\Martin\AppData\Local\Programs\Opera\55.0.2994.56\opera.exe
FirewallRules: [{A872585B-00E1-4A7E-9B2E-E8F22C2C6E80}] => (Allow) C:\Users\Martin\AppData\Local\Programs\Opera\55.0.2994.61\opera.exe

==================== Restore Points =========================

04-11-2017 17:08:04 Plánovaný kontrolný bod
13-11-2017 17:09:45 Plánovaný kontrolný bod
09-12-2017 17:28:53 Plánovaný kontrolný bod
16-12-2017 16:02:42 Installed resident evil 4
17-12-2017 17:18:21 Removed resident evil 4
07-01-2018 17:17:42 Plánovaný kontrolný bod
21-01-2018 14:39:56 Plánovaný kontrolný bod
08-02-2018 14:49:01 Plánovaný kontrolný bod
17-02-2018 13:22:22 Plánovaný kontrolný bod
04-03-2018 14:28:34 Plánovaný kontrolný bod
12-03-2018 20:26:45 Plánovaný kontrolný bod
18-03-2018 17:27:35 Installed jetAudio Basic
18-03-2018 17:29:11 Removed jetAudio Basic
28-03-2018 19:23:15 Plánovaný kontrolný bod
10-04-2018 19:24:49 Plánovaný kontrolný bod
21-04-2018 12:42:15 Plánovaný kontrolný bod
28-04-2018 16:40:10 Plánovaný kontrolný bod
14-05-2018 18:34:18 Plánovaný kontrolný bod
26-05-2018 15:42:30 Plánovaný kontrolný bod
17-06-2018 13:11:03 Plánovaný kontrolný bod
30-06-2018 16:57:00 Plánovaný kontrolný bod
15-07-2018 20:57:28 Plánovaný kontrolný bod
22-07-2018 20:57:30 Plánovaný kontrolný bod
01-08-2018 12:06:41 Plánovaný kontrolný bod
08-08-2018 16:01:08 Plánovaný kontrolný bod
16-08-2018 20:37:46 Plánovaný kontrolný bod
26-08-2018 13:33:12 Plánovaný kontrolný bod
04-09-2018 14:42:20 Removed Avira Safe Shopping
04-09-2018 14:42:47 Removed Avira Home Guard
05-09-2018 11:32:52 Installed ESET Security
05-09-2018 11:34:30 Nainštalované: ESET NOD32 Antivirus
06-09-2018 11:06:32 Windows Update
18-09-2018 13:24:21 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: WinDivert1.2
Description: WinDivert1.2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WinDivert1.2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2018 09:56:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error: (09/19/2018 09:56:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error: (09/19/2018 09:56:02 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error: (09/19/2018 09:53:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error: (09/19/2018 09:52:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.

Error: (09/19/2018 09:51:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (09/19/2018 09:51:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (09/19/2018 09:49:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.
.


System errors:
=============
Error: (09/19/2018 09:47:33 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/19/2018 09:47:33 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/19/2018 09:47:31 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
SBRE

Error: (09/19/2018 09:47:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby WinDivert1.2 zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (09/19/2018 09:47:10 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/19/2018 09:47:06 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/19/2018 09:47:05 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (09/19/2018 09:47:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126


Windows Defender:
===================================
Date: 2018-09-06 11:08:41.156
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{AE98B6B0-B283-436D-B583-8F2BFBCEDAF1}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-09-06 11:08:37.365
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{7078D724-96C6-46FD-A887-ACE1D1591977}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-09-06 11:07:54.903
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{3B58ABC9-4977-4189-B41B-3D214B4BA97C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2018-09-16 11:45:25.683
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.683
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.683
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.668
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.668
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.668
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.652
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

Date: 2018-09-16 11:45:25.637
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\WinRAR\sandboxie\SbieDrv.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 17%
Total physical RAM: 8154.46 MB
Available physical RAM: 6702.94 MB
Total Virtual: 16307.11 MB
Available Virtual: 14779.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.32 GB) (Free:19.27 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:332.83 GB) NTFS

\\?\Volume{3ccbebad-1674-11e4-ba11-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15197
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Nechcené pop-ups

#13 Příspěvek od JaRon »

1. odinstaluj Spybot
2.citat:
Tvorba fixlistu pro FRST
•Spustte poznamkovy blok (Start-spustit-notepad)
•Zkopirujte skript >>

Kód: Vybrat vše

Start
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 DeepATS; \??\C:\Program Files (x86)\360\360Safe\deepscan\AtS64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S2 WinDivert1.2; \??\C:\Windows\system32\drivers\WinDivert64.sys [X]
2018-04-07 14:43 - 2005-04-06 11:47 - 000040960 _____ () C:\Users\Martin\AppData\Local\Temp\comver.dll
2018-08-05 11:19 - 2018-08-05 11:19 - 007258024 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.103.449.exe
2018-09-12 16:29 - 2018-09-12 16:29 - 007380392 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.107.108.exe
2018-02-08 18:36 - 2018-02-08 18:37 - 007188064 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.81.356.exe
2018-04-23 14:32 - 2018-04-23 14:32 - 007233448 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.92.264.exe
2018-09-18 10:00 - 2018-09-18 10:00 - 000534528 _____ () C:\Users\Martin\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers1: [Advanced System Protector] -> {00212D92-C5D8-4ff4-AE50-B20F0F85C40A} => -> No File
ContextMenuHandlers1: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File


PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
EmptyTemp:
Reboot:
End
•Ulozte vytvoreny TXT jako fixlist.txt
•Presunte vytvoreny fixlist vedle FRST

:arrow: Spustte znovu FRST.exe
•Kliknete na Fix
•Probehne oprava a vytvori log Fixlog.txt

:arrow: Restart PC a dejte mi sem fixlog.txt
3. nainstaluj MSIE11
4. vycisti PC s CCleanerom, vcetne registrov
restart a napis, ci su problemy ?
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Nechcené pop-ups

#14 Příspěvek od Peelie »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by Martin (administrator) on MARTIN-PC (19-09-2018 12:17:43)
Running from C:\Users\Martin\Downloads
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Vivaldi Technologies AS) D:\zde\html\vivaldi\Application\update_notifier.exe
(Spotify Ltd) C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2138272 2016-10-08] (iSkySoft)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-08-17] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [ZPNConnect] => C:\Users\Martin\AppData\Local\ZPN Connect\ZpnCli.exe
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [Vivaldi Update Notifier] => D:\zde\html\vivaldi\Application\update_notifier.exe [1495624 2018-08-06] (Vivaldi Technologies AS)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [TIDAL] => C:\Users\Martin\AppData\Local\TIDAL\update.exe [1783520 2017-06-20] (GitHub)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [Spotify Web Helper] => C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-01] (Spotify Ltd)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [Spotify] => C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe [22454160 2018-05-01] (Spotify Ltd)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B5844788-BED4-4849-99BF-940E9B612EC4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {A8A2381B-85B6-4030-B763-863A4F470EAD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc.)

FireFox:
========
FF DefaultProfile: ef26py92.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default [2018-02-04]
FF Homepage: Mozilla\SeaMonkey\Profiles\ii5mfmc2.default -> www.google.com
FF NewTab: Mozilla\SeaMonkey\Profiles\ii5mfmc2.default -> about:newtab
FF Extension: (DOM Inspector) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\inspector@mozilla.org [2016-09-22] [Legacy]
FF Extension: (ChatZilla) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-09-30] [Legacy]
FF Extension: (NoScript) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-09-23] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-08] [Legacy]
FF Extension: (JavaScript Debugger) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-09-22] [Legacy]
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default [2018-09-06]
FF Homepage: Mozilla\Firefox\Profiles\ef26py92.default -> about:home
FF Extension: (Popup Blocker Ultimate) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2018-02-03]
FF Extension: (No Name) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a8zub8k1.default [2018-02-04]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Martin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-12] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2018-09-04]
CHR Extension: (Dokumenty) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-27]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-27]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-27]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-04]
CHR HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (AdBlock) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2017-06-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [895056 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [226000 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [226000 2018-08-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1148568 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [436848 2018-08-17] (Avira Operations GmbH & Co. KG)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-04-22] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [73240 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [199920 2018-08-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153040 2018-08-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2018-08-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2018-08-27] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2018-08-27] (Avira Operations GmbH & Co. KG)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [197240 2017-12-03] (360.cn)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0121.sys [38432 2016-09-18] (SoftEther Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-06-28] (Anchorfree Inc.)
U5 UnlockerDriver5; D:\Nový priečinok\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2016-10-13] (Wondershare)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 DeepATS; \??\C:\Program Files (x86)\360\360Safe\deepscan\AtS64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
S2 WinDivert1.2; \??\C:\Windows\system32\drivers\WinDivert64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-19 12:15 - 2018-09-19 12:15 - 000001943 _____ C:\Users\Martin\Desktop\fixlist - odkaz.lnk
2018-09-19 12:14 - 2018-09-19 12:14 - 000001491 _____ C:\Users\Martin\Documents\fixlist.txt
2018-09-19 11:55 - 2018-09-19 12:01 - 000000134 _____ C:\Users\Martin\Desktop\Riešenie problémov s programom Internet Explorer.url
2018-09-19 11:53 - 2013-10-14 18:00 - 000028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2018-09-19 11:50 - 2018-09-19 11:50 - 024917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 019607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 014404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 012829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 006026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 004305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 002885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-09-19 11:50 - 2018-09-19 11:50 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-09-19 11:50 - 2018-09-19 11:50 - 002426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 002278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 002125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-09-19 11:50 - 2018-09-19 11:50 - 002052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-09-19 11:50 - 2018-09-19 11:50 - 001950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 001309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2018-09-19 11:50 - 2018-09-19 11:50 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2018-09-19 11:50 - 2018-09-19 11:50 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-09-19 11:50 - 2018-09-19 11:50 - 000389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-09-19 11:50 - 2018-09-19 11:50 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-09-19 11:50 - 2018-09-19 11:50 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-09-19 11:50 - 2018-09-19 11:50 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2018-09-19 11:50 - 2018-09-19 11:50 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2018-09-19 11:50 - 2018-09-19 11:50 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 005552064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-09-19 11:49 - 2018-09-19 11:49 - 003973568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-09-19 11:49 - 2018-09-19 11:49 - 003918272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-09-19 11:49 - 2018-09-19 11:49 - 001737688 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 001296312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 001162240 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-09-19 11:49 - 2018-09-19 11:49 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-09-19 11:49 - 2018-09-19 11:49 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-09-19 11:49 - 2018-09-19 11:49 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-09-19 11:49 - 2018-09-19 11:49 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-09-19 11:49 - 2018-09-19 11:49 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-09-19 11:49 - 2018-09-19 11:49 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-09-19 11:49 - 2018-09-19 11:49 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-09-19 11:49 - 2018-09-19 11:49 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-09-19 11:48 - 2018-09-19 11:48 - 001896896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-09-19 11:48 - 2018-09-19 11:48 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-09-19 11:48 - 2018-09-19 11:48 - 000376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-09-19 11:48 - 2018-09-19 11:48 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2018-09-19 11:48 - 2018-09-19 11:48 - 000288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-09-19 11:48 - 2018-09-19 11:48 - 000231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2018-09-19 11:48 - 2018-09-19 11:48 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2018-09-19 11:47 - 2018-09-19 11:47 - 003928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 003419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 002776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 002284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 001682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 001643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 001424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 001247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 001238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 001230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 001175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 001158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 001080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2018-09-19 11:47 - 2018-09-19 11:47 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2018-09-19 11:45 - 2018-09-19 11:45 - 001887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2018-09-19 11:45 - 2018-09-19 11:45 - 001505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2018-09-19 11:41 - 2018-09-19 11:42 - 057814224 _____ (Microsoft Corporation) C:\Users\Martin\Downloads\IE11-Windows6.1-x64-sk-sk.exe
2018-09-19 09:58 - 2018-09-19 09:59 - 000034168 _____ C:\Users\Martin\Downloads\Addition.txt
2018-09-19 09:55 - 2018-09-19 12:18 - 000014362 _____ C:\Users\Martin\Downloads\FRST.txt
2018-09-19 09:55 - 2018-09-19 12:17 - 000000000 ____D C:\FRST
2018-09-19 09:55 - 2018-09-19 09:55 - 000001119 _____ C:\Users\Martin\Desktop\FRST64 - odkaz.lnk
2018-09-19 09:53 - 2018-09-19 09:53 - 002413568 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe
2018-09-18 12:55 - 2018-09-18 12:57 - 081980476 _____ C:\Users\Martin\Downloads\Uncut - November 2018.pdf
2018-09-18 10:19 - 2018-09-18 10:19 - 000194821 _____ C:\Users\Martin\Downloads\ZS s MS Sar. Dravce 2.pdf
2018-09-18 09:58 - 2018-09-19 11:57 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-09-18 09:58 - 2018-08-27 15:28 - 000199920 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000153040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000073240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2018-09-18 09:58 - 2018-08-27 15:28 - 000034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2018-09-17 14:05 - 2018-09-18 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-09-17 14:05 - 2018-09-18 09:58 - 000000000 ____D C:\Program Files (x86)\Avira
2018-09-17 14:04 - 2018-09-18 09:58 - 000000000 ____D C:\ProgramData\Avira
2018-09-08 17:58 - 2018-09-08 18:00 - 000000000 ____D C:\Users\Martin\AppData\Local\ZPN Connect
2018-09-06 14:11 - 2018-09-17 10:27 - 000004084 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1536235891
2018-09-06 14:11 - 2018-09-06 14:11 - 000001252 _____ C:\Users\Martin\Desktop\Prehliadač Opera.lnk
2018-09-06 14:11 - 2018-09-06 14:11 - 000001252 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prehliadač Opera.lnk
2018-09-06 12:11 - 2018-09-06 12:11 - 018946676 _____ C:\Users\Martin\Downloads\2018-10-01 Q Magazine.pdf
2018-09-06 11:06 - 2018-09-06 11:06 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-09-04 14:59 - 2018-09-04 14:59 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-09-04 14:59 - 2018-09-04 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-09-04 14:54 - 2018-09-04 14:55 - 000000000 ____D C:\Program Files (x86)\GUM9FD7.tmp
2018-09-04 14:53 - 2018-09-04 15:04 - 000000000 ____D C:\Users\Martin\AppData\Local\AVAST Software
2018-09-04 14:52 - 2018-09-04 14:52 - 001142072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-09-04 14:52 - 2018-09-04 14:52 - 001001272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-09-04 14:52 - 2018-09-04 14:52 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-09-04 14:29 - 2018-09-04 14:29 - 000000000 ____D C:\Users\Martin\AppData\Local\Avira Operations Gmbh & Co. KG
2018-09-04 14:28 - 2018-09-04 14:28 - 000000000 ____D C:\Windows\System32\Tasks\Avira
2018-09-04 14:27 - 2018-09-04 14:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2018-09-04 13:32 - 2018-09-04 13:32 - 000000000 ____D C:\Users\Martin\AppData\Local\mbam
2018-09-04 13:12 - 2018-09-04 13:12 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashRpt
2018-08-26 12:21 - 2018-08-26 12:32 - 019380921 _____ C:\Users\Martin\Downloads\mojo-october-2018.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-19 12:12 - 2009-07-14 06:45 - 000021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-09-19 12:12 - 2009-07-14 06:45 - 000021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-09-19 12:11 - 2009-07-14 07:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
2018-09-19 12:11 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-09-19 12:08 - 2014-08-16 20:49 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Spotify
2018-09-19 12:07 - 2014-07-28 19:28 - 000000000 ____D C:\Windows\Panther
2018-09-19 12:07 - 2014-07-28 18:43 - 000001413 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-09-19 12:06 - 2015-09-03 10:08 - 000412504 _____ C:\Windows\system32\FNTCACHE.DAT
2018-09-19 12:06 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-09-19 12:04 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-09-19 11:52 - 2015-10-04 19:50 - 000000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2018-09-19 11:37 - 2018-04-01 10:28 - 000001095 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2018-09-19 11:37 - 2018-04-01 10:28 - 000001066 _____ C:\Users\Martin\Desktop\Vivaldi.lnk
2018-09-19 11:15 - 2014-07-28 19:11 - 000000000 ____D C:\Program Files\WinRAR
2018-09-18 13:58 - 2014-07-28 18:35 - 000000000 ____D C:\Users\Martin
2018-09-18 13:50 - 2014-08-23 21:09 - 000000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2018-09-18 10:00 - 2016-01-14 18:08 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Seznam.cz
2018-09-17 14:04 - 2015-12-11 19:15 - 000000000 ____D C:\ProgramData\Package Cache
2018-09-16 09:20 - 2014-07-29 13:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-09-12 13:52 - 2016-04-08 15:54 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-09-12 13:52 - 2015-10-04 19:50 - 000003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-09-12 13:52 - 2014-07-29 13:15 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-09-12 13:52 - 2014-07-29 13:15 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-12 13:52 - 2014-07-29 13:15 - 000000000 ____D C:\Windows\system32\Macromed
2018-09-12 12:52 - 2018-03-13 15:52 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-09-08 18:39 - 2014-08-24 12:31 - 000000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2018-09-04 14:59 - 2015-05-09 15:30 - 000001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-09-04 14:59 - 2015-05-09 15:30 - 000001066 _____ C:\ProgramData\Desktop\VLC media player.lnk
2018-08-30 10:56 - 2017-06-18 21:49 - 000003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1497815344
2018-08-21 10:16 - 2009-07-14 07:08 - 000032516 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-05-08 06:05 - 2014-05-08 06:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\159 dk orange bl 4.ADO
2015-02-12 07:07 - 2015-02-12 07:07 - 000000213 _____ () C:\Users\Martin\AppData\Roaming\3BSYBS1_DDVW_ErrLog.txt
2013-10-02 04:55 - 2013-10-02 04:55 - 000000940 _____ () C:\Users\Martin\AppData\Roaming\admon.graphics.extension.xml
2014-05-08 07:44 - 2014-05-08 07:44 - 000003523 _____ () C:\Users\Martin\AppData\Roaming\Adobe-Japan1-0
2013-10-02 04:54 - 2013-10-02 04:54 - 000000453 _____ () C:\Users\Martin\AppData\Roaming\Aqtau
2013-10-02 04:54 - 2013-10-02 04:54 - 000000065 _____ () C:\Users\Martin\AppData\Roaming\Bangui
2014-05-08 06:05 - 2014-05-08 06:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\BMC blue 4.ADO
2010-07-19 23:16 - 2010-07-19 23:16 - 000004751 _____ () C:\Users\Martin\AppData\Roaming\b_no.jpg
2013-10-02 04:54 - 2013-10-02 04:54 - 000000549 _____ () C:\Users\Martin\AppData\Roaming\Catamarca
2013-10-02 04:55 - 2013-10-02 04:55 - 000001978 _____ () C:\Users\Martin\AppData\Roaming\caution.tif
2014-05-08 07:44 - 2014-05-08 07:44 - 000002828 _____ () C:\Users\Martin\AppData\Roaming\CNS2-V
2013-10-02 04:56 - 2013-10-02 04:56 - 000001266 _____ () C:\Users\Martin\AppData\Roaming\compact.list.item.spacing.xml
2014-05-08 06:05 - 2014-05-08 06:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\Cool Gray 9 bl 4.ADO
2015-05-20 03:28 - 2015-05-20 03:28 - 000002176 _____ () C:\Users\Martin\AppData\Roaming\C_Enabled.png
2011-03-21 18:48 - 2011-03-21 18:48 - 000000512 _____ () C:\Users\Martin\AppData\Roaming\data2.cab
2013-10-02 04:55 - 2013-10-02 04:55 - 000002654 _____ () C:\Users\Martin\AppData\Roaming\dbtoepub
2013-10-02 04:56 - 2013-10-02 04:56 - 000001013 _____ () C:\Users\Martin\AppData\Roaming\double.sided.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000004817 _____ () C:\Users\Martin\AppData\Roaming\dsc_checkup_tile.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000004997 _____ () C:\Users\Martin\AppData\Roaming\dsc_drivers_tile.png
2014-05-08 07:44 - 2014-05-08 07:44 - 000002862 _____ () C:\Users\Martin\AppData\Roaming\dut1995phon.env
2015-05-20 03:28 - 2015-05-20 03:28 - 000004279 _____ () C:\Users\Martin\AppData\Roaming\dxdiag.png
2007-01-16 02:00 - 2007-01-16 02:00 - 000003294 _____ () C:\Users\Martin\AppData\Roaming\Extravagancy.Y
2015-05-20 03:28 - 2015-05-20 03:28 - 000001592 _____ () C:\Users\Martin\AppData\Roaming\forward32.png
2013-10-02 04:54 - 2013-10-02 04:54 - 000001676 _____ () C:\Users\Martin\AppData\Roaming\Gibraltar
2013-10-02 04:56 - 2013-10-02 04:56 - 000005030 _____ () C:\Users\Martin\AppData\Roaming\graphics.xsl
2014-05-08 07:44 - 2014-05-08 07:44 - 000000672 _____ () C:\Users\Martin\AppData\Roaming\gre.fca
2013-10-02 04:54 - 2013-10-02 04:54 - 000000137 _____ () C:\Users\Martin\AppData\Roaming\Guatemala
2015-05-20 03:28 - 2015-05-20 03:28 - 000003291 _____ () C:\Users\Martin\AppData\Roaming\history_report_gray.png
2013-10-02 04:56 - 2013-10-02 04:56 - 000000941 _____ () C:\Users\Martin\AppData\Roaming\htmlhelp.autolabel.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 000000963 _____ () C:\Users\Martin\AppData\Roaming\ignore.image.scaling.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000002116 _____ () C:\Users\Martin\AppData\Roaming\internetProperties.png
1987-02-02 02:00 - 1987-02-02 02:00 - 000046203 _____ () C:\Users\Martin\AppData\Roaming\Introvert.j6a
2013-10-02 04:56 - 2013-10-02 04:56 - 000001015 _____ () C:\Users\Martin\AppData\Roaming\javahelp.encoding.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000004676 _____ () C:\Users\Martin\AppData\Roaming\lid_closure.png
2014-05-08 06:05 - 2014-05-08 06:05 - 000000117 _____ () C:\Users\Martin\AppData\Roaming\More Saturated.hdt
2013-10-02 04:54 - 2013-10-02 04:54 - 000000097 _____ () C:\Users\Martin\AppData\Roaming\Nairobi
2013-10-02 04:56 - 2013-10-02 04:56 - 000001093 _____ () C:\Users\Martin\AppData\Roaming\navig.graphics.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000001519 _____ () C:\Users\Martin\AppData\Roaming\not_applicable_2.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000001315 _____ () C:\Users\Martin\AppData\Roaming\pcdrfingerprintreader.p5m
2015-05-20 03:28 - 2015-05-20 03:28 - 000000781 _____ () C:\Users\Martin\AppData\Roaming\phone.png
2014-05-08 06:08 - 2014-05-08 06:08 - 000001433 _____ () C:\Users\Martin\AppData\Roaming\Plastic - Violet Purple, Strong & Flexible.3PP
2014-05-08 07:44 - 2014-05-08 07:44 - 000000972 _____ () C:\Users\Martin\AppData\Roaming\pol.fca
2013-10-02 04:55 - 2013-10-02 04:55 - 000001597 _____ () C:\Users\Martin\AppData\Roaming\projectteam.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 000001085 _____ () C:\Users\Martin\AppData\Roaming\qanda.inherit.numeration.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000004156 _____ () C:\Users\Martin\AppData\Roaming\quick-test.png
2014-05-08 07:44 - 2014-05-08 07:44 - 000000889 _____ () C:\Users\Martin\AppData\Roaming\README_gu.txt
2014-05-08 07:44 - 2014-05-08 07:44 - 000001614 _____ () C:\Users\Martin\AppData\Roaming\s29.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000003676 _____ () C:\Users\Martin\AppData\Roaming\save.png
2013-10-02 04:56 - 2013-10-02 04:56 - 000000883 _____ () C:\Users\Martin\AppData\Roaming\section.autolabel.xml
2013-10-02 04:56 - 2013-10-02 04:56 - 000001102 _____ () C:\Users\Martin\AppData\Roaming\section.title.level5.properties.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000001421 _____ () C:\Users\Martin\AppData\Roaming\security.png
2015-05-20 03:28 - 2015-05-20 03:28 - 000002649 _____ () C:\Users\Martin\AppData\Roaming\sysinfopage_forfile.css
2015-05-20 03:14 - 2015-05-20 03:14 - 000000110 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_ar.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 000000095 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_it.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 000000112 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_nl.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 000001728 _____ () C:\Users\Martin\AppData\Roaming\tweakNetworkingManual_ko.p5p
2013-10-02 04:56 - 2013-10-02 04:56 - 000001323 _____ () C:\Users\Martin\AppData\Roaming\ulink.show.xml
2015-05-20 03:28 - 2015-05-20 03:28 - 000001543 _____ () C:\Users\Martin\AppData\Roaming\user_attention.png
2017-10-17 21:40 - 2017-10-17 21:40 - 000009029 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2015-06-16 17:54 - 2015-06-16 17:54 - 000000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat

Some files in TEMP:
====================
2018-03-24 15:31 - 2018-02-22 11:48 - 000976416 _____ (BlueStack Systems, Inc.) C:\Users\Martin\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2018-04-07 14:43 - 2005-04-06 11:47 - 000040960 _____ () C:\Users\Martin\AppData\Local\Temp\comver.dll
2018-08-05 11:19 - 2018-08-05 11:19 - 007258024 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.103.449.exe
2018-09-12 16:29 - 2018-09-12 16:29 - 007380392 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.107.108.exe
2018-02-08 18:36 - 2018-02-08 18:37 - 007188064 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.81.356.exe
2018-04-23 14:32 - 2018-04-23 14:32 - 007233448 _____ (Hola Networks Ltd.) C:\Users\Martin\AppData\Local\Temp\Hola-Setup-x64-1.92.264.exe
2018-09-05 11:37 - 2018-09-05 11:37 - 000379864 _____ (ESET) C:\Users\Martin\AppData\Local\Temp\InstHelper.exe
2018-03-24 15:31 - 2018-02-22 11:48 - 000421368 _____ (CodeTitans) C:\Users\Martin\AppData\Local\Temp\JSON.dll
2018-09-18 10:00 - 2018-09-18 10:00 - 000534528 _____ () C:\Users\Martin\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-09-15 16:46

==================== End of FRST.txt ============================

Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15197
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Nechcené pop-ups

#15 Příspěvek od JaRon »

2018-09-19 12:15 - 2018-09-19 12:15 - 000001943 _____ C:\Users\Martin\Desktop\fixlist - odkaz.lnk
2018-09-19 12:14 - 2018-09-19 12:14 - 000001491 _____ C:\Users\Martin\Documents\fixlist.txt

fixlist.txt musi byt na ploche vedla FRST :!:
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum
https://platba.viry.cz/payment/

Zamčeno