Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by marilynman (administrator) on DESKTOP-GEC68RR (Dell Inc. Studio 1535) (01-03-2021 11:21:48)
Running from C:\Users\marilynman\Downloads
Loaded Profiles: marilynman
Platform: Windows 10 Pro Version 1607 14393.576 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Connection Manager\SamsungPnPServiceManager.exe
() [File not signed] C:\Program Files (x86)\Connection Manager\sysctrl.exe
() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(@ByELDI -> @ByELDI) [File not signed] C:\Program Files\KMSpico\Service_KMS.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVAST Software a.s. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Elaborate Bytes AG -> Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(GameRanger Technologies -> GameRanger Pty Ltd) C:\Users\marilynman\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe <3>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <6>
(Nero AG -> ) C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Nero AG -> Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\72.0.3815.186\opera_autoupdate.exe <4>
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\assistant\browser_assistant.exe <2>
(Opera Software AS -> Opera Software) C:\Program Files (x86)\Opera\launcher.exe <2>
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Power Software Limited -> Power Software Ltd) C:\Program Files (x86)\gBurner Virtual Drive\GCDTRAY.EXE
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Z810SysStart] => C:\Program Files (x86)\Connection Manager\sysctrl.exe [307200 2008-09-01] () [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [3152920 2020-10-29] (Opera Software AS -> Opera Software)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-15] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [Z810SysStart] => C:\Program Files (x86)\Connection Manager\sysctrl.exe [307200 2008-09-01] () [File not signed]
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [Z810PNP] => C:\Program Files (x86)\Connection Manager\SamsungPnPServiceManager.exe [122880 2008-09-09] () [File not signed]
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [GCDTRAY.EXE] => C:\Program Files (x86)\gBurner Virtual Drive\GCDTRAY.EXE [734344 2016-09-14] (Power Software Limited -> Power Software Ltd)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2020-09-14] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-11-02] (Adobe Inc. -> Adobe)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\WINDOWS\system32\WSPDFelementMonitor.dll [96256 2016-10-11] (Wondershare Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
Startup: C:\Users\marilynman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2016-09-10]
ShortcutTarget: GameRanger.lnk -> C:\Users\marilynman\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies -> GameRanger Pty Ltd)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08DC4095-B52B-4005-9373-DFCED3DF97E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1812E7E8-3484-4272-9A6A-254F88DC196E} - System32\Tasks\Opera scheduled Autoupdate 1477478642 => C:\Program Files (x86)\Opera\launcher.exe [1529368 2020-10-29] (Opera Software AS -> Opera Software)
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {22E99C31-DD15-4AA7-B19A-7FCF7E9550C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {39B77096-B16C-455D-AB0A-F59D5ED57D0A} - System32\Tasks\{0DF03611-12A1-467D-AE47-D6252C16D064} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\marilynman\Downloads\daemon347.exe -d C:\Users\marilynman\Downloads
Task: {40C5D4C8-F305-462A-B419-1CDEDD265DBC} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [985792 2015-08-09] (@ByELDI -> @ByELDI) [File not signed]
Task: {413778D8-71CC-4A16-AD54-ECAA647937C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2020-09-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4BC27B44-28A3-4BDE-AA95-96B384A9D4F1} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [664784 2020-09-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {4DE14E14-7F85-4A74-AB82-DDEB172306FB} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {6202E1EB-88AF-4C81-977F-6B37081F9486} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1791712 2021-03-01] (Avast Software s.r.o. -> Avast Software)
Task: {760DE249-2A38-44D3-B4C7-710AF3537BA6} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {7B712AC9-5288-481B-8321-7AE0854B57A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2020-09-14] (Piriform Ltd -> Piriform Ltd)
Task: {7C4F044D-0869-43C4-80DA-B748F124204E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {7E0D988F-DA95-48EE-A453-7D14923DFAD6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {82EB59B8-0E07-4770-84C5-5E08EF32ECE7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-11-02] (Adobe Inc. -> Adobe)
Task: {8395396C-E108-46D7-8AD0-A54497E2A4CD} - System32\Tasks\{4778DC05-C227-4CEE-B218-80AEE342A837} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\heroes4c.exe" -d "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\"
Task: {8B099B05-ECFD-4C79-9089-085CE6F00BC7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {967F54C7-E01D-4B40-A981-B668289E6C61} - System32\Tasks\{28925FC7-AFB8-4090-8B6B-69C90E852A6C} => "c:\windows\system32\launchwinapp.exe" http://ui.skype.com/ui/0/7.17.0.104/sk/ ... age=tsMain
Task: {D7D2384F-D9C0-433F-A3F5-901F655EA5EB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2736056 2020-09-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {D8576717-DBDA-45FB-8C04-78ABC849C92E} - System32\Tasks\Opera scheduled assistant Autoupdate 1604319028 => C:\Program Files (x86)\Opera\launcher.exe [1529368 2020-10-29] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0)
Task: {D92CCE2E-3B32-4DF4-9DF9-E8DB00D2F234} - System32\Tasks\{B993FA7F-F924-4DB1-BDB9-C40BF6792838} => C:\WINDOWS\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {EE4D14CA-D87C-4C9A-9BCF-E89CAB27EFBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-02] (Adobe Inc. -> Adobe)
Task: {F22B3477-0F49-429B-BA97-132F06C73650} - System32\Tasks\SafeZone scheduled Autoupdate 1476354997 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [783320 2016-09-06] (AVAST Software s.r.o. -> Avast Software)
Task: {FB4BD5DA-781B-4E65-914C-386E8124FC95} - System32\Tasks\{48C1877B-20A7-443A-B56C-B2D6D76DE882} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Cenega Czech\Mafia\Game.exe" -d "C:\Program Files (x86)\Cenega Czech\Mafia"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{217566d9-ee0a-4424-8e5d-0dc47ad96e3b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d1e8a1c4-314d-4113-a6be-7e9f551fe4b4}: [DhcpNameServer] 192.168.42.129
FireFox:
========
FF DefaultProfile: ck6ln872.default
FF ProfilePath: C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default [2021-03-01]
FF NewTab: Mozilla\Firefox\Profiles\ck6ln872.default -> about:newtab
FF Extension: (Video Downloader professional) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\ffext_basicvideoext@startpage24.xpi [2020-09-28]
FF Extension: (Firefox Hotfix) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31] [Legacy]
FF Extension: (YouTube Downloader Converter MP3) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2020-09-28]
FF Extension: (Video DownloadHelper) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-03-01]
FF SearchPlugin: C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\searchplugins\Search Provided by Yahoo.xml [2016-01-10]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [Legacy]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-10] [Legacy]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-10] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-11-02] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-11-02] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83984 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-02] (Adobe Inc. -> Adobe)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG -> Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-08-09] (@ByELDI -> @ByELDI) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software s.r.o. -> AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63al.sys [5170176 2016-07-16] (Microsoft Windows -> Broadcom Corporation)
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-24] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-24] (Disc Soft Ltd -> Disc Soft Ltd)
R3 gcdbus; C:\WINDOWS\System32\drivers\gcdbus.sys [166912 2016-09-14] (Power Software Limited -> Power Software Ltd)
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
S3 htcnprot; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
R3 ITEhidCIR; C:\WINDOWS\System32\drivers\ITEhidCIR.sys [33488 2015-12-17] (ITE Tech. Inc. -> ITE Tech. Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> )
R2 rimmptsk; C:\WINDOWS\System32\drivers\rimmpx64.sys [52224 2015-12-17] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 rismxdp; C:\WINDOWS\System32\drivers\rixdpx64.sys [55296 2015-12-17] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-01 11:21 - 2021-03-01 11:28 - 000021526 _____ C:\Users\marilynman\Downloads\FRST.txt
2021-03-01 11:19 - 2021-03-01 11:25 - 000000000 ____D C:\FRST
2021-03-01 11:16 - 2021-03-01 11:17 - 002301440 _____ (Farbar) C:\Users\marilynman\Downloads\FRST64.exe
2021-03-01 11:07 - 2021-03-01 11:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-01 11:04 - 2021-03-01 11:05 - 000042974 _____ C:\Users\marilynman\Documents\cc_20210301_110450.reg
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-01 11:39 - 2016-05-16 14:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-01 11:31 - 2016-10-24 08:02 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-01 11:31 - 2015-12-18 11:33 - 000000000 ____D C:\Users\marilynman\AppData\Local\Adobe
2021-03-01 11:30 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-01 11:27 - 2016-07-16 12:45 - 000000000 ____D C:\WINDOWS\INF
2021-03-01 11:16 - 2020-09-28 01:11 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-01 11:09 - 2020-09-28 01:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-03-01 11:07 - 2016-11-21 09:52 - 000000000 ____D C:\Users\marilynman\AppData\LocalLow\Mozilla
2021-03-01 11:07 - 2016-04-25 09:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-01 11:06 - 2016-04-25 09:20 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-01 11:01 - 2016-10-24 09:56 - 000000000 ____D C:\Users\marilynman\AppData\Roaming\DAEMON Tools Lite
2021-03-01 10:59 - 2016-10-24 08:11 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-01 10:52 - 2015-12-17 14:33 - 000000000 ____D C:\Users\marilynman\AppData\Roaming\Skype
2021-03-01 10:48 - 2016-01-12 12:05 - 000000000 ____D C:\Program Files (x86)\Connection Manager
2021-03-01 10:47 - 2016-10-24 07:24 - 000000000 ____D C:\Users\marilynman
2021-03-01 10:46 - 2016-08-31 12:06 - 000217574 _____ C:\WINDOWS\system32\perfh01B.dat
2021-03-01 10:46 - 2016-08-31 12:06 - 000062146 _____ C:\WINDOWS\system32\perfc01B.dat
2021-03-01 10:46 - 2015-12-21 15:16 - 000000000 ____D C:\Users\marilynman\AppData\Local\HTC MediaHub
2021-03-01 10:46 - 2015-07-10 06:07 - 001227818 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-01 10:43 - 2020-09-14 19:11 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-01 10:43 - 2020-09-14 19:08 - 000004270 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-03-01 10:38 - 2016-10-24 08:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-01 10:38 - 2016-10-24 07:13 - 000339664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-01 10:37 - 2016-10-26 11:41 - 000000000 ____D C:\Program Files (x86)\Opera
==================== Files in the root of some directories ========
2016-01-06 07:07 - 2016-01-06 07:07 - 000005120 _____ () C:\Users\marilynman\AppData\Roaming\GiftBag.db
2016-01-01 22:12 - 2016-01-10 08:13 - 000000134 _____ () C:\Users\marilynman\AppData\Roaming\WB.CFG
2016-12-11 15:15 - 2016-12-11 15:20 - 000004608 _____ () C:\Users\marilynman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-09-28 03:24
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by marilynman (01-03-2021 11:45:32)
Running from C:\Users\marilynman\Downloads
Windows 10 Pro Version 1607 14393.576 (X64) (2016-10-24 07:09:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4013335508-3333605070-2584572280-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4013335508-3333605070-2584572280-503 - Limited - Disabled)
Guest (S-1-5-21-4013335508-3333605070-2584572280-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4013335508-3333605070-2584572280-1003 - Limited - Enabled)
marilynman (S-1-5-21-4013335508-3333605070-2584572280-1001 - Administrator - Enabled) => C:\Users\marilynman
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Age Of Empires 3 CZ verze 1.0 (HKLM-x32\...\{A6502644-790D-4DCB-824F-45C64B22AF4D}_is1) (Version: 1.0 - tomi2k9)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Connection Manager (HKLM-x32\...\{2492ACEF-8CB8-4AB7-8E60-4F89D701EAA1}) (Version: 2.40.0000 - Samsung)
Connection Manager (HKLM-x32\...\{32CC171C-3234-4976-8215-9F25164CF8B5}) (Version: 2.40.0000 - Samsung) Hidden
GameRanger (HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\GameRanger) (Version: - GameRanger Technologies)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
gBurner Virtual Drive (HKLM-x32\...\gBurner Virtual Drive) (Version: 4.2 - Power Software Ltd)
Heroes of Might and Magic III Complete (HKLM-x32\...\{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt) Hidden
Heroes of Might and Magic III Complete (HKLM-x32\...\InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt)
Heroes of Might and Magic® IV (HKLM-x32\...\{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}) (Version: 1.00.0000 - 3DO) Hidden
Heroes of Might and Magic® IV (HKLM-x32\...\InstallShield_{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}) (Version: 1.00.0000 - 3DO)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Mafia (HKLM-x32\...\{C72D7008-266D-4DD8-BF3C-296B736127F6}) (Version: 1.02 - )
Microsoft Office 2013 Professional Plus (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\OneDriveSetup.exe) (Version: 20.143.0716.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 81.0 (x64 sk) (HKLM\...\Mozilla Firefox 81.0 (x64 sk)) (Version: 81.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 81.0.0.7565 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - )
Neighbours From Hell Compilation (HKLM-x32\...\{5C81E5B5-15C0-4196-8FEC-BE56FFAB9437}) (Version: 1.00.0000 - CD Projekt) Hidden
Neighbours From Hell Compilation (HKLM-x32\...\InstallShield_{5C81E5B5-15C0-4196-8FEC-BE56FFAB9437}) (Version: 1.00.0000 - CD Projekt)
Opera Stable 41.0.2353.69 (HKLM-x32\...\Opera 41.0.2353.69) (Version: 41.0.2353.69 - Opera Software)
Opera Stable 72.0.3815.186 (HKLM-x32\...\Opera 72.0.3815.186) (Version: 72.0.3815.186 - Opera Software)
SafeZone Stable 1.51.2220.62 (HKLM-x32\...\SafeZone 1.51.2220.62) (Version: 1.51.2220.62 - Avast Software) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Shark007 STANDARD Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 3.0.5 - Shark007)
Shark007 STANDARD x64Components (HKLM\...\STANDARD x64Components_is1) (Version: 3.0.5 - Shark007)
Sid Meier's Civilization III Gold (HKLM-x32\...\{6177EC93-286D-4456-B4B6-FE6281A5F397}) (Version: 1.00.000 - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Total Uninstall 6.16.0 (HKLM\...\Total Uninstall 6_is1) (Version: 6.16.0 - Gavrila Martau)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041B-0000-0000000FF1CE}_Office15.PROPLUS_{5BE22EEB-8857-43A3-9E57-85666727CA3B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041B-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement(Build 5.10.1) (HKLM-x32\...\{5CA0183F-6D90-4615-91A5-F1A8A2014E83}_is1) (Version: 5.10.1.0 - Wondershare Software Co.,Ltd.)
Worms Armageddon - New Edition CZ 3.6.31.0 Beta (HKLM-x32\...\Worms Armageddon - New Edition CZ 3.6.31.0 Beta) (Version: - )
Packages:
=========
Asistent pre telefón Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe [2016-10-02] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-09-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-09-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2020-09-28] (Microsoft Studios) [MS Ad]
Microsoft Telefón -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2020-09-14] (Microsoft Corporation)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN Počasie -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
Pošta a kalendár -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20116.0_x64__8wekyb3d8bbwe [2020-09-28] (Microsoft Corporation) [MS Ad]
Skype Preview -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c [2016-12-14] (Skype)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [msacm.ac3filter] => C:\WINDOWS\system32\ac3filter.acm [2231296 2013-04-05] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\SysWOW64\ac3filter.acm [1679360 2013-04-06] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [442368 2005-02-26] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [442368 2005-02-26] (On2.com) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-10-20 20:22 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-10-20 20:22 - 2016-10-08 15:48 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-10-10 07:04 - 2016-10-10 07:04 - 048936448 _____ () [File not signed] C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-12 12:05 - 2003-03-19 11:20 - 001060864 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Connection Manager\MFC71.DLL
2016-01-12 12:05 - 2003-02-21 18:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Connection Manager\MSVCR71.dll
2016-10-20 20:23 - 2016-10-11 09:22 - 000096256 _____ (Wondershare Software) [File not signed] C:\WINDOWS\System32\WSPDFelementMonitor.dll
2016-10-20 20:22 - 2016-10-08 15:49 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130969985027273373&GUID=9E77BD11-DB96-4ABA-938C-362F6062FBB7
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] (Adobe Systems, Incorporated -> )
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-09-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 12:04 - 2015-07-10 12:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled)
Wi-Fi: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{6FE3F479-6417-4A18-9F6C-CBAF6041632C}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4E4D6069-D89D-4BED-B45D-7AE0DE8E2103}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{F11BF18B-4701-45C9-80B0-E1E1F496FA40}C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe] => (Allow) C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe (The 3DO Company) [File not signed]
FirewallRules: [TCP Query User{D34C95F3-4B0E-4F4A-942F-1D5605A23894}C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe] => (Allow) C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe (The 3DO Company) [File not signed]
FirewallRules: [{F0B22AC1-7EC0-45B7-A2BA-D78C4BFE98DC}] => (Block) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{583831B2-AE5E-4A0E-AFB4-DE9B9EB1541D}] => (Block) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{C6C2881B-258E-4C31-9E71-C0DA3924F44F}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{A5DADAE7-E871-42DF-8470-674CE80D7F13}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{894693AE-319A-4D34-8D71-6D42840B6935}] => (Block) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [{F36AB68B-F522-4CEC-A46B-2F909E8E1DA9}] => (Block) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [UDP Query User{7F982541-AA48-4394-9A50-F8EF8194E697}C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe] => (Allow) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [TCP Query User{3416E933-9579-4FF0-AB7A-133D868A2467}C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe] => (Allow) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [UDP Query User{1443A853-FFA8-4C3E-B90A-D575443CE46C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{150BF0D5-1A4B-47BC-89D3-260B4FC31C0A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1492F0CC-8F39-4E35-A9D0-E5E7660A898B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67E832BA-DE06-4007-AD6E-DD4295F1AD2F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8FCBF545-B4E0-45B0-ABFA-276D2284BA4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{703EB03A-EEDC-48EB-9E8E-DAC63EDCE316}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B0B3EB9-3A72-444B-9B93-5BF6D68B65E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2A7E6E75-315C-4841-B2DB-25EF15F1A982}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{01D42A19-28A2-4F87-A299-484CC3192432}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe (Nero AG -> )
FirewallRules: [TCP Query User{40092349-B0C1-41CB-BECC-808176320FF4}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{6ED2876A-9073-4126-BD6B-087E7F467E8E}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{C0DB0551-7366-41C9-BC47-4C506E55EFAB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0DCE8522-75A7-432F-AA66-1506C18E4EAB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC19B405-00E2-432D-AA0C-906F5A43EF65}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33482A03-56C5-42D3-8B3B-AFDFEAAA726B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{581F8654-F068-4EF4-BF5C-D84311B53B6D}] => (Allow) C:\Program Files (x86)\Opera\70.0.3728.178\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{4C7EC296-8226-43F4-AFD7-E533343885DF}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{AF84D01F-44E1-402A-8C99-030C5C06E1E0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{663C5596-96E3-4634-849E-313342E0501D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{07025B09-A29A-4CB6-94FA-579D28DAAB77}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{C885394F-6698-4351-93B8-B2B096679FCD}] => (Allow) C:\Program Files (x86)\Opera\72.0.3815.186\opera.exe (Opera Software AS -> Opera Software)
==================== Restore Points =========================
28-11-2016 10:26:13 Windows Update
13-12-2016 17:50:03 Windows Update
16-09-2020 15:02:21 Windows Update
==================== Faulty Device Manager Devices ============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (03/01/2021 11:42:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: CompatTelRunner.exe, verzia: 10.0.14913.1002, časová značka: 0x57d1070d
Názov chybujúceho modulu: devinv.dll, verzia: 10.0.14913.1002, časová značka: 0x57d10950
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000023c00
Identifikácia chybujúceho procesu: 0x1f14
Čas spustenia chybujúcej aplikácie: 0x01d70e827204208b
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\CompatTelRunner.exe
Cesta chybujúceho modulu: C:\WINDOWS\system32\devinv.dll
Identifikácia hlásenia: da2fecac-bed0-4eb9-83a9-4fced75aaae7
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:
Error: (03/01/2021 11:12:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-GEC68RR)
Description: Balík Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App sa ukončil, pretože jeho odstavenie trvalo príliš dlho.
Error: (03/01/2021 11:00:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-GEC68RR)
Description: Balík Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App sa ukončil, pretože jeho odstavenie trvalo príliš dlho.
Error: (03/01/2021 10:42:04 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
Error: (11/02/2020 12:57:03 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (11/02/2020 12:57:03 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.
Details:
(HRESULT : 0x80040210) (0x80040210)
Error: (11/02/2020 12:56:26 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/02/2020 12:56:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
System errors:
=============
Error: (11/02/2020 01:25:19 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.
Error: (11/02/2020 01:02:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
Error: (11/02/2020 12:57:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Delivery Optimization sa pri spustení zablokovala.
Error: (11/02/2020 12:55:43 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
Error: (11/02/2020 12:55:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Avast Antivirus sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 5000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (09/28/2020 01:01:42 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.0.104 with the system
having network hardware address 08-12-A5-89-27-B6. Network operations on this system may
be disrupted as a result.
Error: (09/28/2020 01:01:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:01:28 on 28.9.2020 was unexpected.
Error: (09/28/2020 02:27:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Zlyhanie inštalácie: Systému Windows sa nepodarilo nainštalovať nasledujúcu aktualizáciu. Vyskytla sa chyba 0x80248007: Aktualizácia zabezpečenia pre produkt Microsoft Office 2013 (KB3127968) 32-bitové vydanie.
==================== Memory info ===========================
BIOS: Dell Inc. A03 07/02/2008
Motherboard: Dell Inc. 0H282K
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 73%
Total physical RAM: 2557.97 MB
Available physical RAM: 673.59 MB
Total Virtual: 3285.15 MB
Available Virtual: 617.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:287.51 GB) (Free:85.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:9.85 GB) NTFS
\\?\Volume{f0000000-0000-0000-0000-a0694a000000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=287.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
notebook hodinu startuje, prosim s uctou o pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
-
Rudy
- Site Admin
- Příspěvky: 118253
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: notebook hodinu startuje, prosim s uctou o pomoc
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: notebook hodinu startuje, prosim s uctou o pomoc
# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-01-2021
# Duration: 00:00:37
# OS: Windows 10 Pro
# Cleaned: 13
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\searchplugins\Search Provided by Yahoo.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5D5DBD-C857-4377-A755-06E50B4AC2B0}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{639B74F1-0594-432C-97C8-68C8C17A1E1D}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
Deleted HKLM\Software\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
Deleted HKLM\Software\Classes\qmgcfiles
Deleted HKLM\Software\Wow6432Node\Trymedia Systems
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{754DF2CE-51E8-4895-B53C-6381418B84AE}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
Not Deleted Video Downloader professional - ffext_basicvideoext@startpage24
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2814 octets] - [01/03/2021 14:42:51]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-01-2021
# Duration: 00:00:37
# OS: Windows 10 Pro
# Cleaned: 13
# Failed: 1
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
Deleted C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\searchplugins\Search Provided by Yahoo.xml
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1B5D5DBD-C857-4377-A755-06E50B4AC2B0}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{639B74F1-0594-432C-97C8-68C8C17A1E1D}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
Deleted HKLM\Software\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
Deleted HKLM\Software\Classes\qmgcfiles
Deleted HKLM\Software\Wow6432Node\Trymedia Systems
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{6E1533F0-E0B5-465A-9F16-98FF0C76D493}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{8519F1E4-E25B-42B1-B361-0C643F45CF11}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{754DF2CE-51E8-4895-B53C-6381418B84AE}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
Not Deleted Video Downloader professional - ffext_basicvideoext@startpage24
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2814 octets] - [01/03/2021 14:42:51]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118253
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: notebook hodinu startuje, prosim s uctou o pomoc
OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: notebook hodinu startuje, prosim s uctou o pomoc
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by marilynman (administrator) on DESKTOP-GEC68RR (Dell Inc. Studio 1535) (01-03-2021 15:07:30)
Running from C:\Users\marilynman\Downloads
Loaded Profiles: marilynman
Platform: Windows 10 Pro Version 1607 14393.576 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Adobe Inc. -> Adobe) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe
(AVAST Software a.s. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <7>
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Z810SysStart] => C:\Program Files (x86)\Connection Manager\sysctrl.exe [307200 2008-09-01] () [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [Z810SysStart] => C:\Program Files (x86)\Connection Manager\sysctrl.exe [307200 2008-09-01] () [File not signed]
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [Z810PNP] => C:\Program Files (x86)\Connection Manager\SamsungPnPServiceManager.exe [122880 2008-09-09] () [File not signed]
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [GCDTRAY.EXE] => C:\Program Files (x86)\gBurner Virtual Drive\GCDTRAY.EXE [734344 2016-09-14] (Power Software Limited -> Power Software Ltd)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2020-09-14] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-11-02] (Adobe Inc. -> Adobe)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [Uninstall 20.143.0716.0003\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64"
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [Uninstall 20.143.0716.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\20.143.0716.0003"
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\WINDOWS\system32\WSPDFelementMonitor.dll [96256 2016-10-11] (Wondershare Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
Startup: C:\Users\marilynman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2016-09-10]
ShortcutTarget: GameRanger.lnk -> C:\Users\marilynman\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies -> GameRanger Pty Ltd)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08DC4095-B52B-4005-9373-DFCED3DF97E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {296044BC-3194-45D1-AE94-6D04AEE74ED5} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {39B77096-B16C-455D-AB0A-F59D5ED57D0A} - System32\Tasks\{0DF03611-12A1-467D-AE47-D6252C16D064} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\marilynman\Downloads\daemon347.exe -d C:\Users\marilynman\Downloads
Task: {40C5D4C8-F305-462A-B419-1CDEDD265DBC} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [985792 2015-08-09] (@ByELDI -> @ByELDI) [File not signed]
Task: {413778D8-71CC-4A16-AD54-ECAA647937C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2020-09-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4DE14E14-7F85-4A74-AB82-DDEB172306FB} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {5FF1319E-FF98-4111-BD0D-9577F9EB0907} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {6202E1EB-88AF-4C81-977F-6B37081F9486} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1791712 2021-03-01] (Avast Software s.r.o. -> Avast Software)
Task: {760DE249-2A38-44D3-B4C7-710AF3537BA6} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {7B712AC9-5288-481B-8321-7AE0854B57A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2020-09-14] (Piriform Ltd -> Piriform Ltd)
Task: {7C4F044D-0869-43C4-80DA-B748F124204E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {7E0D988F-DA95-48EE-A453-7D14923DFAD6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {82EB59B8-0E07-4770-84C5-5E08EF32ECE7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-11-02] (Adobe Inc. -> Adobe)
Task: {8395396C-E108-46D7-8AD0-A54497E2A4CD} - System32\Tasks\{4778DC05-C227-4CEE-B218-80AEE342A837} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\heroes4c.exe" -d "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\"
Task: {8B099B05-ECFD-4C79-9089-085CE6F00BC7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {967F54C7-E01D-4B40-A981-B668289E6C61} - System32\Tasks\{28925FC7-AFB8-4090-8B6B-69C90E852A6C} => "c:\windows\system32\launchwinapp.exe" http://ui.skype.com/ui/0/7.17.0.104/sk/ ... age=tsMain
Task: {D7D2384F-D9C0-433F-A3F5-901F655EA5EB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2736056 2020-09-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {D92CCE2E-3B32-4DF4-9DF9-E8DB00D2F234} - System32\Tasks\{B993FA7F-F924-4DB1-BDB9-C40BF6792838} => C:\WINDOWS\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {EE4D14CA-D87C-4C9A-9BCF-E89CAB27EFBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-02] (Adobe Inc. -> Adobe)
Task: {F22B3477-0F49-429B-BA97-132F06C73650} - System32\Tasks\SafeZone scheduled Autoupdate 1476354997 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [783320 2016-09-06] (AVAST Software s.r.o. -> Avast Software)
Task: {FB4BD5DA-781B-4E65-914C-386E8124FC95} - System32\Tasks\{48C1877B-20A7-443A-B56C-B2D6D76DE882} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Cenega Czech\Mafia\Game.exe" -d "C:\Program Files (x86)\Cenega Czech\Mafia"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{217566d9-ee0a-4424-8e5d-0dc47ad96e3b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d1e8a1c4-314d-4113-a6be-7e9f551fe4b4}: [DhcpNameServer] 192.168.42.129
FireFox:
========
FF DefaultProfile: ck6ln872.default
FF ProfilePath: C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default [2021-03-01]
FF NewTab: Mozilla\Firefox\Profiles\ck6ln872.default -> about:newtab
FF Extension: (Video Downloader professional) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\ffext_basicvideoext@startpage24.xpi [2020-09-28]
FF Extension: (Firefox Hotfix) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31] [Legacy]
FF Extension: (YouTube Downloader Converter MP3) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2020-09-28]
FF Extension: (Video DownloadHelper) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-03-01]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [Legacy]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-10] [Legacy]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-10] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-11-02] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-11-02] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-02] (Adobe Inc. -> Adobe)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-10] (AVAST Software a.s. -> AVAST Software)
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG -> Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation -> Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-08-09] (@ByELDI -> @ByELDI) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software s.r.o. -> AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63al.sys [5170176 2016-07-16] (Microsoft Windows -> Broadcom Corporation)
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-24] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-24] (Disc Soft Ltd -> Disc Soft Ltd)
R3 gcdbus; C:\WINDOWS\System32\drivers\gcdbus.sys [166912 2016-09-14] (Power Software Limited -> Power Software Ltd)
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
S3 htcnprot; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
R3 ITEhidCIR; C:\WINDOWS\System32\drivers\ITEhidCIR.sys [33488 2015-12-17] (ITE Tech. Inc. -> ITE Tech. Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> )
R2 rimmptsk; C:\WINDOWS\System32\drivers\rimmpx64.sys [52224 2015-12-17] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 rismxdp; C:\WINDOWS\System32\drivers\rixdpx64.sys [55296 2015-12-17] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-01 14:56 - 2021-03-01 14:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-01 14:28 - 2021-03-01 14:29 - 008463216 _____ (Malwarebytes) C:\Users\marilynman\Downloads\adwcleaner_8.1.exe
2021-03-01 14:28 - 2021-03-01 14:29 - 002084016 _____ (Malwarebytes) C:\Users\marilynman\Downloads\MBSetup.exe
2021-03-01 12:57 - 2021-03-01 12:57 - 000000219 _____ C:\Users\marilynman\Desktop\Counter-Strike Global Offensive.url
2021-03-01 12:57 - 2021-03-01 12:57 - 000000000 ____D C:\Users\marilynman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-01 12:45 - 2021-03-01 12:46 - 000000000 ____D C:\Users\marilynman\AppData\Local\Steam
2021-03-01 12:37 - 2021-03-01 15:02 - 000000000 ____D C:\Program Files (x86)\Steam
2021-03-01 12:37 - 2021-03-01 12:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-01 12:36 - 2021-03-01 12:37 - 001770744 _____ C:\Users\marilynman\Downloads\SteamSetup.exe
2021-03-01 11:45 - 2021-03-01 11:57 - 000032455 _____ C:\Users\marilynman\Downloads\Addition.txt
2021-03-01 11:21 - 2021-03-01 15:22 - 000019864 _____ C:\Users\marilynman\Downloads\FRST.txt
2021-03-01 11:19 - 2021-03-01 15:16 - 000000000 ____D C:\FRST
2021-03-01 11:16 - 2021-03-01 11:17 - 002301440 _____ (Farbar) C:\Users\marilynman\Downloads\FRST64.exe
2021-03-01 11:09 - 2021-03-01 11:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-03-01 11:04 - 2021-03-01 11:05 - 000042974 _____ C:\Users\marilynman\Documents\cc_20210301_110450.reg
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-01 15:05 - 2020-09-28 01:11 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-01 15:03 - 2016-11-21 09:52 - 000000000 ____D C:\Users\marilynman\AppData\LocalLow\Mozilla
2021-03-01 15:03 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-01 15:02 - 2016-07-16 12:47 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-01 14:56 - 2016-04-25 09:20 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-01 14:42 - 2016-01-11 18:17 - 000000000 ____D C:\AdwCleaner
2021-03-01 14:22 - 2016-10-24 07:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-01 13:51 - 2016-07-16 12:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-01 12:54 - 2020-09-14 17:52 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4013335508-3333605070-2584572280-1001
2021-03-01 12:53 - 2015-12-17 11:46 - 000002415 _____ C:\Users\marilynman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-01 12:53 - 2015-12-17 11:46 - 000000000 ___RD C:\Users\marilynman\OneDrive
2021-03-01 12:17 - 2016-10-26 11:41 - 000000000 ____D C:\Program Files (x86)\Opera
2021-03-01 12:11 - 2015-12-17 14:32 - 000000000 ___RD C:\Program Files (x86)\Skype
2021-03-01 12:11 - 2015-12-17 14:32 - 000000000 ____D C:\ProgramData\Skype
2021-03-01 11:39 - 2016-05-16 14:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-01 11:31 - 2016-10-24 08:02 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-01 11:31 - 2015-12-18 11:33 - 000000000 ____D C:\Users\marilynman\AppData\Local\Adobe
2021-03-01 11:27 - 2016-07-16 12:45 - 000000000 ____D C:\WINDOWS\INF
2021-03-01 11:07 - 2016-04-25 09:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-01 11:01 - 2016-10-24 09:56 - 000000000 ____D C:\Users\marilynman\AppData\Roaming\DAEMON Tools Lite
2021-03-01 10:59 - 2016-10-24 08:11 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-01 10:52 - 2015-12-17 14:33 - 000000000 ____D C:\Users\marilynman\AppData\Roaming\Skype
2021-03-01 10:48 - 2016-01-12 12:05 - 000000000 ____D C:\Program Files (x86)\Connection Manager
2021-03-01 10:47 - 2016-10-24 07:24 - 000000000 ____D C:\Users\marilynman
2021-03-01 10:46 - 2016-08-31 12:06 - 000217574 _____ C:\WINDOWS\system32\perfh01B.dat
2021-03-01 10:46 - 2016-08-31 12:06 - 000062146 _____ C:\WINDOWS\system32\perfc01B.dat
2021-03-01 10:46 - 2015-12-21 15:16 - 000000000 ____D C:\Users\marilynman\AppData\Local\HTC MediaHub
2021-03-01 10:46 - 2015-07-10 06:07 - 001227818 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-01 10:43 - 2020-09-14 19:11 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-01 10:43 - 2020-09-14 19:08 - 000004270 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-03-01 10:38 - 2016-10-24 08:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-01 10:38 - 2016-10-24 07:13 - 000339664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
==================== Files in the root of some directories ========
2016-01-06 07:07 - 2016-01-06 07:07 - 000005120 _____ () C:\Users\marilynman\AppData\Roaming\GiftBag.db
2016-01-01 22:12 - 2016-01-10 08:13 - 000000134 _____ () C:\Users\marilynman\AppData\Roaming\WB.CFG
2016-12-11 15:15 - 2016-12-11 15:20 - 000004608 _____ () C:\Users\marilynman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-09-28 03:24
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by marilynman (01-03-2021 15:30:24)
Running from C:\Users\marilynman\Downloads
Windows 10 Pro Version 1607 14393.576 (X64) (2016-10-24 07:09:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4013335508-3333605070-2584572280-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4013335508-3333605070-2584572280-503 - Limited - Disabled)
Guest (S-1-5-21-4013335508-3333605070-2584572280-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4013335508-3333605070-2584572280-1003 - Limited - Enabled)
marilynman (S-1-5-21-4013335508-3333605070-2584572280-1001 - Administrator - Enabled) => C:\Users\marilynman
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Age Of Empires 3 CZ verze 1.0 (HKLM-x32\...\{A6502644-790D-4DCB-824F-45C64B22AF4D}_is1) (Version: 1.0 - tomi2k9)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Connection Manager (HKLM-x32\...\{2492ACEF-8CB8-4AB7-8E60-4F89D701EAA1}) (Version: 2.40.0000 - Samsung)
Connection Manager (HKLM-x32\...\{32CC171C-3234-4976-8215-9F25164CF8B5}) (Version: 2.40.0000 - Samsung) Hidden
GameRanger (HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\GameRanger) (Version: - GameRanger Technologies)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
gBurner Virtual Drive (HKLM-x32\...\gBurner Virtual Drive) (Version: 4.2 - Power Software Ltd)
Heroes of Might and Magic III Complete (HKLM-x32\...\{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt) Hidden
Heroes of Might and Magic III Complete (HKLM-x32\...\InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt)
Heroes of Might and Magic® IV (HKLM-x32\...\{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}) (Version: 1.00.0000 - 3DO) Hidden
Heroes of Might and Magic® IV (HKLM-x32\...\InstallShield_{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}) (Version: 1.00.0000 - 3DO)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Mafia (HKLM-x32\...\{C72D7008-266D-4DD8-BF3C-296B736127F6}) (Version: 1.02 - )
Microsoft Office 2013 Professional Plus (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 sk) (HKLM\...\Mozilla Firefox 86.0 (x64 sk)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 86.0.0.7723 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - )
Neighbours From Hell Compilation (HKLM-x32\...\{5C81E5B5-15C0-4196-8FEC-BE56FFAB9437}) (Version: 1.00.0000 - CD Projekt) Hidden
Neighbours From Hell Compilation (HKLM-x32\...\InstallShield_{5C81E5B5-15C0-4196-8FEC-BE56FFAB9437}) (Version: 1.00.0000 - CD Projekt)
Opera Stable 41.0.2353.69 (HKLM-x32\...\Opera 41.0.2353.69) (Version: 41.0.2353.69 - Opera Software)
SafeZone Stable 1.51.2220.62 (HKLM-x32\...\SafeZone 1.51.2220.62) (Version: 1.51.2220.62 - Avast Software) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Shark007 STANDARD Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 3.0.5 - Shark007)
Shark007 STANDARD x64Components (HKLM\...\STANDARD x64Components_is1) (Version: 3.0.5 - Shark007)
Sid Meier's Civilization III Gold (HKLM-x32\...\{6177EC93-286D-4456-B4B6-FE6281A5F397}) (Version: 1.00.000 - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Total Uninstall 6.16.0 (HKLM\...\Total Uninstall 6_is1) (Version: 6.16.0 - Gavrila Martau)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041B-0000-0000000FF1CE}_Office15.PROPLUS_{5BE22EEB-8857-43A3-9E57-85666727CA3B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041B-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement(Build 5.10.1) (HKLM-x32\...\{5CA0183F-6D90-4615-91A5-F1A8A2014E83}_is1) (Version: 5.10.1.0 - Wondershare Software Co.,Ltd.)
Worms Armageddon - New Edition CZ 3.6.31.0 Beta (HKLM-x32\...\Worms Armageddon - New Edition CZ 3.6.31.0 Beta) (Version: - )
Packages:
=========
Asistent pre telefón Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2020-09-14] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-09-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-09-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2020-09-28] (Microsoft Studios) [MS Ad]
Microsoft Telefón -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2020-09-14] (Microsoft Corporation)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN Počasie -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
Pošta a kalendár -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20116.0_x64__8wekyb3d8bbwe [2020-09-28] (Microsoft Corporation) [MS Ad]
Skype Preview -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c [2016-12-14] (Skype)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [msacm.ac3filter] => C:\WINDOWS\system32\ac3filter.acm [2231296 2013-04-05] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\SysWOW64\ac3filter.acm [1679360 2013-04-06] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [442368 2005-02-26] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [442368 2005-02-26] (On2.com) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-10-10 07:04 - 2016-10-10 07:04 - 048936448 _____ () [File not signed] C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-24 23:57 - 2006-09-22 22:09 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\MSVCP71.dll
2015-12-24 23:57 - 2006-09-22 22:09 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\MSVCR71.dll
2016-10-20 20:23 - 2016-10-11 09:22 - 000096256 _____ (Wondershare Software) [File not signed] C:\WINDOWS\System32\WSPDFelementMonitor.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130969985027273373&GUID=9E77BD11-DB96-4ABA-938C-362F6062FBB7
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] (Adobe Systems, Incorporated -> )
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-09-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 12:04 - 2015-07-10 12:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled)
Wi-Fi: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{6FE3F479-6417-4A18-9F6C-CBAF6041632C}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4E4D6069-D89D-4BED-B45D-7AE0DE8E2103}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{F11BF18B-4701-45C9-80B0-E1E1F496FA40}C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe] => (Allow) C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe (The 3DO Company) [File not signed]
FirewallRules: [TCP Query User{D34C95F3-4B0E-4F4A-942F-1D5605A23894}C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe] => (Allow) C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe (The 3DO Company) [File not signed]
FirewallRules: [{F0B22AC1-7EC0-45B7-A2BA-D78C4BFE98DC}] => (Block) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{583831B2-AE5E-4A0E-AFB4-DE9B9EB1541D}] => (Block) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{C6C2881B-258E-4C31-9E71-C0DA3924F44F}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{A5DADAE7-E871-42DF-8470-674CE80D7F13}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{894693AE-319A-4D34-8D71-6D42840B6935}] => (Block) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [{F36AB68B-F522-4CEC-A46B-2F909E8E1DA9}] => (Block) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [UDP Query User{7F982541-AA48-4394-9A50-F8EF8194E697}C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe] => (Allow) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [TCP Query User{3416E933-9579-4FF0-AB7A-133D868A2467}C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe] => (Allow) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [UDP Query User{1443A853-FFA8-4C3E-B90A-D575443CE46C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{150BF0D5-1A4B-47BC-89D3-260B4FC31C0A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1492F0CC-8F39-4E35-A9D0-E5E7660A898B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67E832BA-DE06-4007-AD6E-DD4295F1AD2F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8FCBF545-B4E0-45B0-ABFA-276D2284BA4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{703EB03A-EEDC-48EB-9E8E-DAC63EDCE316}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B0B3EB9-3A72-444B-9B93-5BF6D68B65E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{01D42A19-28A2-4F87-A299-484CC3192432}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe (Nero AG -> )
FirewallRules: [TCP Query User{40092349-B0C1-41CB-BECC-808176320FF4}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{6ED2876A-9073-4126-BD6B-087E7F467E8E}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{C0DB0551-7366-41C9-BC47-4C506E55EFAB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0DCE8522-75A7-432F-AA66-1506C18E4EAB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC19B405-00E2-432D-AA0C-906F5A43EF65}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33482A03-56C5-42D3-8B3B-AFDFEAAA726B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C7EC296-8226-43F4-AFD7-E533343885DF}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{AF84D01F-44E1-402A-8C99-030C5C06E1E0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{663C5596-96E3-4634-849E-313342E0501D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{07025B09-A29A-4CB6-94FA-579D28DAAB77}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B98C2801-07AA-4483-8D97-0E0B453F5F96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CF4D734A-179E-4F9C-807A-C89C7DEC474D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5B7927F1-36F7-469C-9270-4359247063D0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8177BCCD-8CE3-4771-9975-08B48995152F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
==================== Restore Points =========================
28-11-2016 10:26:13 Windows Update
13-12-2016 17:50:03 Windows Update
16-09-2020 15:02:21 Windows Update
01-03-2021 12:03:15 Removed Skype™ 7.30
==================== Faulty Device Manager Devices ============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (03/01/2021 12:43:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (03/01/2021 12:04:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (03/01/2021 11:57:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEC68RR)
Description: Aktivácia aplikácie Microsoft.Windows.Photos_8wekyb3d8bbwe!App zlyhala pre chybu: -2144927142 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.
Error: (03/01/2021 11:56:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEC68RR)
Description: Aktivácia aplikácie Microsoft.Windows.Photos_8wekyb3d8bbwe!App zlyhala pre chybu: -2144927142 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.
Error: (03/01/2021 11:42:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: CompatTelRunner.exe, verzia: 10.0.14913.1002, časová značka: 0x57d1070d
Názov chybujúceho modulu: devinv.dll, verzia: 10.0.14913.1002, časová značka: 0x57d10950
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000023c00
Identifikácia chybujúceho procesu: 0x1f14
Čas spustenia chybujúcej aplikácie: 0x01d70e827204208b
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\CompatTelRunner.exe
Cesta chybujúceho modulu: C:\WINDOWS\system32\devinv.dll
Identifikácia hlásenia: da2fecac-bed0-4eb9-83a9-4fced75aaae7
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:
Error: (03/01/2021 11:12:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-GEC68RR)
Description: Balík Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App sa ukončil, pretože jeho odstavenie trvalo príliš dlho.
Error: (03/01/2021 11:00:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-GEC68RR)
Description: Balík Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App sa ukončil, pretože jeho odstavenie trvalo príliš dlho.
Error: (03/01/2021 10:42:04 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
System errors:
=============
Error: (03/01/2021 02:55:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Service KMSELDI sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/01/2021 02:55:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/01/2021 02:55:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/01/2021 02:54:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HTCMonitorService sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/01/2021 02:54:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/01/2021 02:54:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Internet Pass-Through Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 1000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (03/01/2021 12:45:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Steam Client Service zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.
Error: (03/01/2021 12:45:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Steam Client Service bol dosiahnutý časový limit (30000 ms).
Windows Defender:
================Event[0]:
Date: 2016-11-20 14:47:13.789
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-20 14:47:12.754
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Dell Inc. A03 07/02/2008
Motherboard: Dell Inc. 0H282K
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 78%
Total physical RAM: 2557.97 MB
Available physical RAM: 552.61 MB
Total Virtual: 4576.44 MB
Available Virtual: 1344.6 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:287.51 GB) (Free:57.84 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:9.85 GB) NTFS
\\?\Volume{f0000000-0000-0000-0000-a0694a000000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=287.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt =======================
Ran by marilynman (administrator) on DESKTOP-GEC68RR (Dell Inc. Studio 1535) (01-03-2021 15:07:30)
Running from C:\Users\marilynman\Downloads
Loaded Profiles: marilynman
Platform: Windows 10 Pro Version 1607 14393.576 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe
() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Adobe Inc. -> Adobe) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe
(AVAST Software a.s. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <7>
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-20] (AVAST Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [Z810SysStart] => C:\Program Files (x86)\Connection Manager\sysctrl.exe [307200 2008-09-01] () [File not signed]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [Z810SysStart] => C:\Program Files (x86)\Connection Manager\sysctrl.exe [307200 2008-09-01] () [File not signed]
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [Z810PNP] => C:\Program Files (x86)\Connection Manager\SamsungPnPServiceManager.exe [122880 2008-09-09] () [File not signed]
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [GCDTRAY.EXE] => C:\Program Files (x86)\gBurner Virtual Drive\GCDTRAY.EXE [734344 2016-09-14] (Power Software Limited -> Power Software Ltd)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2020-09-14] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-11-02] (Adobe Inc. -> Adobe)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [Uninstall 20.143.0716.0003\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\20.143.0716.0003\amd64"
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\RunOnce: [Uninstall 20.143.0716.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\20.143.0716.0003"
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\WINDOWS\system32\WSPDFelementMonitor.dll [96256 2016-10-11] (Wondershare Software) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
Startup: C:\Users\marilynman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2016-09-10]
ShortcutTarget: GameRanger.lnk -> C:\Users\marilynman\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies -> GameRanger Pty Ltd)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08DC4095-B52B-4005-9373-DFCED3DF97E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task => {35EF4182-F900-4632-B072-8639E4478A61}
Task: {296044BC-3194-45D1-AE94-6D04AEE74ED5} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [694752 2021-03-01] (Mozilla Corporation -> Mozilla Foundation)
Task: {39B77096-B16C-455D-AB0A-F59D5ED57D0A} - System32\Tasks\{0DF03611-12A1-467D-AE47-D6252C16D064} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\marilynman\Downloads\daemon347.exe -d C:\Users\marilynman\Downloads
Task: {40C5D4C8-F305-462A-B419-1CDEDD265DBC} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [985792 2015-08-09] (@ByELDI -> @ByELDI) [File not signed]
Task: {413778D8-71CC-4A16-AD54-ECAA647937C1} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2020-09-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4DE14E14-7F85-4A74-AB82-DDEB172306FB} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate => {9CDA66BE-3271-4723-8D35-DD834C58AD92} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {5FF1319E-FF98-4111-BD0D-9577F9EB0907} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {6202E1EB-88AF-4C81-977F-6B37081F9486} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [1791712 2021-03-01] (Avast Software s.r.o. -> Avast Software)
Task: {760DE249-2A38-44D3-B4C7-710AF3537BA6} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate => {FE285C8C-5360-41C1-A700-045501C740DE} C:\Windows\System32\ErrorDetailsUpdate.dll [72704 2016-11-02] (Microsoft Windows -> Microsoft Corporation)
Task: {7B712AC9-5288-481B-8321-7AE0854B57A7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2020-09-14] (Piriform Ltd -> Piriform Ltd)
Task: {7C4F044D-0869-43C4-80DA-B748F124204E} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\marilynman\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {7E0D988F-DA95-48EE-A453-7D14923DFAD6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {82EB59B8-0E07-4770-84C5-5E08EF32ECE7} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-11-02] (Adobe Inc. -> Adobe)
Task: {8395396C-E108-46D7-8AD0-A54497E2A4CD} - System32\Tasks\{4778DC05-C227-4CEE-B218-80AEE342A837} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\heroes4c.exe" -d "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\"
Task: {8B099B05-ECFD-4C79-9089-085CE6F00BC7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {967F54C7-E01D-4B40-A981-B668289E6C61} - System32\Tasks\{28925FC7-AFB8-4090-8B6B-69C90E852A6C} => "c:\windows\system32\launchwinapp.exe" http://ui.skype.com/ui/0/7.17.0.104/sk/ ... age=tsMain
Task: {D7D2384F-D9C0-433F-A3F5-901F655EA5EB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2736056 2020-09-14] (AVAST Software s.r.o. -> AVAST Software)
Task: {D92CCE2E-3B32-4DF4-9DF9-E8DB00D2F234} - System32\Tasks\{B993FA7F-F924-4DB1-BDB9-C40BF6792838} => C:\WINDOWS\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {EE4D14CA-D87C-4C9A-9BCF-E89CAB27EFBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-02] (Adobe Inc. -> Adobe)
Task: {F22B3477-0F49-429B-BA97-132F06C73650} - System32\Tasks\SafeZone scheduled Autoupdate 1476354997 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [783320 2016-09-06] (AVAST Software s.r.o. -> Avast Software)
Task: {FB4BD5DA-781B-4E65-914C-386E8124FC95} - System32\Tasks\{48C1877B-20A7-443A-B56C-B2D6D76DE882} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Cenega Czech\Mafia\Game.exe" -d "C:\Program Files (x86)\Cenega Czech\Mafia"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{217566d9-ee0a-4424-8e5d-0dc47ad96e3b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d1e8a1c4-314d-4113-a6be-7e9f551fe4b4}: [DhcpNameServer] 192.168.42.129
FireFox:
========
FF DefaultProfile: ck6ln872.default
FF ProfilePath: C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default [2021-03-01]
FF NewTab: Mozilla\Firefox\Profiles\ck6ln872.default -> about:newtab
FF Extension: (Video Downloader professional) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\ffext_basicvideoext@startpage24.xpi [2020-09-28]
FF Extension: (Firefox Hotfix) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31] [Legacy]
FF Extension: (YouTube Downloader Converter MP3) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi [2020-09-28]
FF Extension: (Video DownloadHelper) - C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-03-01]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [Legacy]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-10] [Legacy]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-10] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-11-02] (Adobe Inc. -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-11-02] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-02-18] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-11-02] (Adobe Inc. -> Adobe)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-10] (AVAST Software a.s. -> AVAST Software)
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG -> Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation -> Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-08-09] (@ByELDI -> @ByELDI) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-10-10] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-10-10] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-10-10] (AVAST Software a.s. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software s.r.o. -> AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63al.sys [5170176 2016-07-16] (Microsoft Windows -> Broadcom Corporation)
S3 bcmfn; C:\WINDOWS\System32\drivers\bcmfn.sys [9728 2016-07-16] (Microsoft Windows -> Windows (R) Win 7 DDK provider)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-24] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-24] (Disc Soft Ltd -> Disc Soft Ltd)
R3 gcdbus; C:\WINDOWS\System32\drivers\gcdbus.sys [166912 2016-09-14] (Power Software Limited -> Power Software Ltd)
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (3am.com(Test) -> HTC, Corporation)
S3 htcnprot; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
R3 ITEhidCIR; C:\WINDOWS\System32\drivers\ITEhidCIR.sys [33488 2015-12-17] (ITE Tech. Inc. -> ITE Tech. Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] (Microsoft Windows -> )
R2 rimmptsk; C:\WINDOWS\System32\drivers\rimmpx64.sys [52224 2015-12-17] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R2 rismxdp; C:\WINDOWS\System32\drivers\rixdpx64.sys [55296 2015-12-17] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-01 14:56 - 2021-03-01 14:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-01 14:28 - 2021-03-01 14:29 - 008463216 _____ (Malwarebytes) C:\Users\marilynman\Downloads\adwcleaner_8.1.exe
2021-03-01 14:28 - 2021-03-01 14:29 - 002084016 _____ (Malwarebytes) C:\Users\marilynman\Downloads\MBSetup.exe
2021-03-01 12:57 - 2021-03-01 12:57 - 000000219 _____ C:\Users\marilynman\Desktop\Counter-Strike Global Offensive.url
2021-03-01 12:57 - 2021-03-01 12:57 - 000000000 ____D C:\Users\marilynman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-01 12:45 - 2021-03-01 12:46 - 000000000 ____D C:\Users\marilynman\AppData\Local\Steam
2021-03-01 12:37 - 2021-03-01 15:02 - 000000000 ____D C:\Program Files (x86)\Steam
2021-03-01 12:37 - 2021-03-01 12:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-03-01 12:36 - 2021-03-01 12:37 - 001770744 _____ C:\Users\marilynman\Downloads\SteamSetup.exe
2021-03-01 11:45 - 2021-03-01 11:57 - 000032455 _____ C:\Users\marilynman\Downloads\Addition.txt
2021-03-01 11:21 - 2021-03-01 15:22 - 000019864 _____ C:\Users\marilynman\Downloads\FRST.txt
2021-03-01 11:19 - 2021-03-01 15:16 - 000000000 ____D C:\FRST
2021-03-01 11:16 - 2021-03-01 11:17 - 002301440 _____ (Farbar) C:\Users\marilynman\Downloads\FRST64.exe
2021-03-01 11:09 - 2021-03-01 11:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-03-01 11:04 - 2021-03-01 11:05 - 000042974 _____ C:\Users\marilynman\Documents\cc_20210301_110450.reg
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-03-01 15:05 - 2020-09-28 01:11 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-01 15:03 - 2016-11-21 09:52 - 000000000 ____D C:\Users\marilynman\AppData\LocalLow\Mozilla
2021-03-01 15:03 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-01 15:02 - 2016-07-16 12:47 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-01 14:56 - 2016-04-25 09:20 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-01 14:42 - 2016-01-11 18:17 - 000000000 ____D C:\AdwCleaner
2021-03-01 14:22 - 2016-10-24 07:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-01 13:51 - 2016-07-16 12:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-01 12:54 - 2020-09-14 17:52 - 000003390 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4013335508-3333605070-2584572280-1001
2021-03-01 12:53 - 2015-12-17 11:46 - 000002415 _____ C:\Users\marilynman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-01 12:53 - 2015-12-17 11:46 - 000000000 ___RD C:\Users\marilynman\OneDrive
2021-03-01 12:17 - 2016-10-26 11:41 - 000000000 ____D C:\Program Files (x86)\Opera
2021-03-01 12:11 - 2015-12-17 14:32 - 000000000 ___RD C:\Program Files (x86)\Skype
2021-03-01 12:11 - 2015-12-17 14:32 - 000000000 ____D C:\ProgramData\Skype
2021-03-01 11:39 - 2016-05-16 14:56 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-03-01 11:31 - 2016-10-24 08:02 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-03-01 11:31 - 2015-12-18 11:33 - 000000000 ____D C:\Users\marilynman\AppData\Local\Adobe
2021-03-01 11:27 - 2016-07-16 12:45 - 000000000 ____D C:\WINDOWS\INF
2021-03-01 11:07 - 2016-04-25 09:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-01 11:01 - 2016-10-24 09:56 - 000000000 ____D C:\Users\marilynman\AppData\Roaming\DAEMON Tools Lite
2021-03-01 10:59 - 2016-10-24 08:11 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-01 10:52 - 2015-12-17 14:33 - 000000000 ____D C:\Users\marilynman\AppData\Roaming\Skype
2021-03-01 10:48 - 2016-01-12 12:05 - 000000000 ____D C:\Program Files (x86)\Connection Manager
2021-03-01 10:47 - 2016-10-24 07:24 - 000000000 ____D C:\Users\marilynman
2021-03-01 10:46 - 2016-08-31 12:06 - 000217574 _____ C:\WINDOWS\system32\perfh01B.dat
2021-03-01 10:46 - 2016-08-31 12:06 - 000062146 _____ C:\WINDOWS\system32\perfc01B.dat
2021-03-01 10:46 - 2015-12-21 15:16 - 000000000 ____D C:\Users\marilynman\AppData\Local\HTC MediaHub
2021-03-01 10:46 - 2015-07-10 06:07 - 001227818 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-01 10:43 - 2020-09-14 19:11 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-03-01 10:43 - 2020-09-14 19:08 - 000004270 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-03-01 10:38 - 2016-10-24 08:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-01 10:38 - 2016-10-24 07:13 - 000339664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
==================== Files in the root of some directories ========
2016-01-06 07:07 - 2016-01-06 07:07 - 000005120 _____ () C:\Users\marilynman\AppData\Roaming\GiftBag.db
2016-01-01 22:12 - 2016-01-10 08:13 - 000000134 _____ () C:\Users\marilynman\AppData\Roaming\WB.CFG
2016-12-11 15:15 - 2016-12-11 15:20 - 000004608 _____ () C:\Users\marilynman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-09-28 03:24
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by marilynman (01-03-2021 15:30:24)
Running from C:\Users\marilynman\Downloads
Windows 10 Pro Version 1607 14393.576 (X64) (2016-10-24 07:09:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4013335508-3333605070-2584572280-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4013335508-3333605070-2584572280-503 - Limited - Disabled)
Guest (S-1-5-21-4013335508-3333605070-2584572280-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4013335508-3333605070-2584572280-1003 - Limited - Enabled)
marilynman (S-1-5-21-4013335508-3333605070-2584572280-1001 - Administrator - Enabled) => C:\Users\marilynman
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.445 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Age Of Empires 3 CZ verze 1.0 (HKLM-x32\...\{A6502644-790D-4DCB-824F-45C64B22AF4D}_is1) (Version: 1.0 - tomi2k9)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Connection Manager (HKLM-x32\...\{2492ACEF-8CB8-4AB7-8E60-4F89D701EAA1}) (Version: 2.40.0000 - Samsung)
Connection Manager (HKLM-x32\...\{32CC171C-3234-4976-8215-9F25164CF8B5}) (Version: 2.40.0000 - Samsung) Hidden
GameRanger (HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\GameRanger) (Version: - GameRanger Technologies)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version: - )
gBurner Virtual Drive (HKLM-x32\...\gBurner Virtual Drive) (Version: 4.2 - Power Software Ltd)
Heroes of Might and Magic III Complete (HKLM-x32\...\{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt) Hidden
Heroes of Might and Magic III Complete (HKLM-x32\...\InstallShield_{EDFB64A7-5BFD-4137-943D-5663149A15F5}) (Version: 1.00.0000 - CD Projekt)
Heroes of Might and Magic® IV (HKLM-x32\...\{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}) (Version: 1.00.0000 - 3DO) Hidden
Heroes of Might and Magic® IV (HKLM-x32\...\InstallShield_{192E2132-E977-4D3E-90BA-9DBCE1B57F8C}) (Version: 1.00.0000 - 3DO)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Mafia (HKLM-x32\...\{C72D7008-266D-4DD8-BF3C-296B736127F6}) (Version: 1.02 - )
Microsoft Office 2013 Professional Plus (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\OneDriveSetup.exe) (Version: 21.016.0124.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 sk) (HKLM\...\Mozilla Firefox 86.0 (x64 sk)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 86.0.0.7723 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - )
Neighbours From Hell Compilation (HKLM-x32\...\{5C81E5B5-15C0-4196-8FEC-BE56FFAB9437}) (Version: 1.00.0000 - CD Projekt) Hidden
Neighbours From Hell Compilation (HKLM-x32\...\InstallShield_{5C81E5B5-15C0-4196-8FEC-BE56FFAB9437}) (Version: 1.00.0000 - CD Projekt)
Opera Stable 41.0.2353.69 (HKLM-x32\...\Opera 41.0.2353.69) (Version: 41.0.2353.69 - Opera Software)
SafeZone Stable 1.51.2220.62 (HKLM-x32\...\SafeZone 1.51.2220.62) (Version: 1.51.2220.62 - Avast Software) Hidden
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Shark007 STANDARD Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 3.0.5 - Shark007)
Shark007 STANDARD x64Components (HKLM\...\STANDARD x64Components_is1) (Version: 3.0.5 - Shark007)
Sid Meier's Civilization III Gold (HKLM-x32\...\{6177EC93-286D-4456-B4B6-FE6281A5F397}) (Version: 1.00.000 - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Total Uninstall 6.16.0 (HKLM\...\Total Uninstall 6_is1) (Version: 6.16.0 - Gavrila Martau)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041B-0000-0000000FF1CE}_Office15.PROPLUS_{5BE22EEB-8857-43A3-9E57-85666727CA3B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3127976) 32-Bit Edition (HKLM-x32\...\{90150000-012B-041B-0000-0000000FF1CE}_Office15.PROPLUS_{7CBB5B61-6821-4B11-9640-A04ABF78630F}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement(Build 5.10.1) (HKLM-x32\...\{5CA0183F-6D90-4615-91A5-F1A8A2014E83}_is1) (Version: 5.10.1.0 - Wondershare Software Co.,Ltd.)
Worms Armageddon - New Edition CZ 3.6.31.0 Beta (HKLM-x32\...\Worms Armageddon - New Edition CZ 3.6.31.0 Beta) (Version: - )
Packages:
=========
Asistent pre telefón Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2020-09-14] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-09-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-09-16] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.6132.0_x64__8wekyb3d8bbwe [2020-09-28] (Microsoft Studios) [MS Ad]
Microsoft Telefón -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2020-09-14] (Microsoft Corporation)
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN Počasie -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.17.74.0_x86__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
Pošta a kalendár -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20116.0_x64__8wekyb3d8bbwe [2020-09-28] (Microsoft Corporation) [MS Ad]
Skype Preview -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c [2016-12-14] (Skype)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-10] (AVAST Software a.s. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [msacm.ac3filter] => C:\WINDOWS\system32\ac3filter.acm [2231296 2013-04-05] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\SysWOW64\ac3filter.acm [1679360 2013-04-06] () [File not signed]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\SysWOW64\vp6vfw.dll [442368 2005-02-26] (On2.com) [File not signed]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\SysWOW64\vp6vfw.dll [442368 2005-02-26] (On2.com) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-10-10 07:04 - 2016-10-10 07:04 - 048936448 _____ () [File not signed] C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-24 23:57 - 2006-09-22 22:09 - 000499712 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\MSVCP71.dll
2015-12-24 23:57 - 2006-09-22 22:09 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\MSVCR71.dll
2016-10-20 20:23 - 2016-10-11 09:22 - 000096256 _____ (Wondershare Software) [File not signed] C:\WINDOWS\System32\WSPDFelementMonitor.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130969985027273373&GUID=9E77BD11-DB96-4ABA-938C-362F6062FBB7
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] (Adobe Systems, Incorporated -> )
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-09-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-18] (Oracle America, Inc. -> Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 12:04 - 2015-07-10 12:02 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled)
Wi-Fi: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{6FE3F479-6417-4A18-9F6C-CBAF6041632C}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4E4D6069-D89D-4BED-B45D-7AE0DE8E2103}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{F11BF18B-4701-45C9-80B0-E1E1F496FA40}C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe] => (Allow) C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe (The 3DO Company) [File not signed]
FirewallRules: [TCP Query User{D34C95F3-4B0E-4F4A-942F-1D5605A23894}C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe] => (Allow) C:\program files (x86)\ubisoft\heroes 3 complete\heroes3.exe (The 3DO Company) [File not signed]
FirewallRules: [{F0B22AC1-7EC0-45B7-A2BA-D78C4BFE98DC}] => (Block) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{583831B2-AE5E-4A0E-AFB4-DE9B9EB1541D}] => (Block) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [UDP Query User{C6C2881B-258E-4C31-9E71-C0DA3924F44F}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{A5DADAE7-E871-42DF-8470-674CE80D7F13}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{894693AE-319A-4D34-8D71-6D42840B6935}] => (Block) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [{F36AB68B-F522-4CEC-A46B-2F909E8E1DA9}] => (Block) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [UDP Query User{7F982541-AA48-4394-9A50-F8EF8194E697}C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe] => (Allow) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [TCP Query User{3416E933-9579-4FF0-AB7A-133D868A2467}C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe] => (Allow) C:\program files (x86)\3do\heroes of might and magic iv\heroes4c.exe (The 3DO Company) [File not signed]
FirewallRules: [UDP Query User{1443A853-FFA8-4C3E-B90A-D575443CE46C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{150BF0D5-1A4B-47BC-89D3-260B4FC31C0A}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1492F0CC-8F39-4E35-A9D0-E5E7660A898B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{67E832BA-DE06-4007-AD6E-DD4295F1AD2F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8FCBF545-B4E0-45B0-ABFA-276D2284BA4F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{703EB03A-EEDC-48EB-9E8E-DAC63EDCE316}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B0B3EB9-3A72-444B-9B93-5BF6D68B65E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{01D42A19-28A2-4F87-A299-484CC3192432}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe (Nero AG -> )
FirewallRules: [TCP Query User{40092349-B0C1-41CB-BECC-808176320FF4}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{6ED2876A-9073-4126-BD6B-087E7F467E8E}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{C0DB0551-7366-41C9-BC47-4C506E55EFAB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0DCE8522-75A7-432F-AA66-1506C18E4EAB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC19B405-00E2-432D-AA0C-906F5A43EF65}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{33482A03-56C5-42D3-8B3B-AFDFEAAA726B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C7EC296-8226-43F4-AFD7-E533343885DF}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{AF84D01F-44E1-402A-8C99-030C5C06E1E0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe (AVAST Software s.r.o. -> AVAST Software)
FirewallRules: [{663C5596-96E3-4634-849E-313342E0501D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{07025B09-A29A-4CB6-94FA-579D28DAAB77}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
FirewallRules: [{B98C2801-07AA-4483-8D97-0E0B453F5F96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CF4D734A-179E-4F9C-807A-C89C7DEC474D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5B7927F1-36F7-469C-9270-4359247063D0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8177BCCD-8CE3-4771-9975-08B48995152F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
==================== Restore Points =========================
28-11-2016 10:26:13 Windows Update
13-12-2016 17:50:03 Windows Update
16-09-2020 15:02:21 Windows Update
01-03-2021 12:03:15 Removed Skype™ 7.30
==================== Faulty Device Manager Devices ============
Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: ========================
Application errors:
==================
Error: (03/01/2021 12:43:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (03/01/2021 12:04:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Cryptographic Services zlyhala pri spracovávaní volania OnIdentity() v objekte System Writer.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (03/01/2021 11:57:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEC68RR)
Description: Aktivácia aplikácie Microsoft.Windows.Photos_8wekyb3d8bbwe!App zlyhala pre chybu: -2144927142 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.
Error: (03/01/2021 11:56:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-GEC68RR)
Description: Aktivácia aplikácie Microsoft.Windows.Photos_8wekyb3d8bbwe!App zlyhala pre chybu: -2144927142 Ďalšie informácie nájdete v denníku Microsoft-Windows-TWinUI/Operational.
Error: (03/01/2021 11:42:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: CompatTelRunner.exe, verzia: 10.0.14913.1002, časová značka: 0x57d1070d
Názov chybujúceho modulu: devinv.dll, verzia: 10.0.14913.1002, časová značka: 0x57d10950
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000023c00
Identifikácia chybujúceho procesu: 0x1f14
Čas spustenia chybujúcej aplikácie: 0x01d70e827204208b
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\CompatTelRunner.exe
Cesta chybujúceho modulu: C:\WINDOWS\system32\devinv.dll
Identifikácia hlásenia: da2fecac-bed0-4eb9-83a9-4fced75aaae7
Celé meno chybujúceho balíka:
Identifikácia chybujúcej aplikácie vzhľadom na balík:
Error: (03/01/2021 11:12:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-GEC68RR)
Description: Balík Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App sa ukončil, pretože jeho odstavenie trvalo príliš dlho.
Error: (03/01/2021 11:00:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-GEC68RR)
Description: Balík Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App sa ukončil, pretože jeho odstavenie trvalo príliš dlho.
Error: (03/01/2021 10:42:04 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent
System errors:
=============
Error: (03/01/2021 02:55:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Service KMSELDI sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/01/2021 02:55:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/01/2021 02:55:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/01/2021 02:54:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HTCMonitorService sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/01/2021 02:54:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.
Error: (03/01/2021 02:54:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Internet Pass-Through Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 1000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
Error: (03/01/2021 12:45:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Steam Client Service zlyhalo kvôli nasledujúcej chybe:
The service did not respond to the start or control request in a timely fashion.
Error: (03/01/2021 12:45:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Steam Client Service bol dosiahnutý časový limit (30000 ms).
Windows Defender:
================Event[0]:
Date: 2016-11-20 14:47:13.789
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-20 14:47:12.754
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: Dell Inc. A03 07/02/2008
Motherboard: Dell Inc. 0H282K
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz
Percentage of memory in use: 78%
Total physical RAM: 2557.97 MB
Available physical RAM: 552.61 MB
Total Virtual: 4576.44 MB
Available Virtual: 1344.6 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:287.51 GB) (Free:57.84 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:9.85 GB) NTFS
\\?\Volume{f0000000-0000-0000-0000-a0694a000000}\ () (Fixed) (Total:0.44 GB) (Free:0.12 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=287.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt =======================
-
Rudy
- Site Admin
- Příspěvky: 118253
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: notebook hodinu startuje, prosim s uctou o pomoc
Otevřte poznámkový blok a zkopírujte do něj:
Uložte do C:\Users\marilynman\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {8395396C-E108-46D7-8AD0-A54497E2A4CD} - System32\Tasks\{4778DC05-C227-4CEE-B218-80AEE342A837} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\heroes4c.exe" -d "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\"
Task: {D92CCE2E-3B32-4DF4-9DF9-E8DB00D2F234} - System32\Tasks\{B993FA7F-F924-4DB1-BDB9-C40BF6792838} => C:\WINDOWS\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {FB4BD5DA-781B-4E65-914C-386E8124FC95} - System32\Tasks\{48C1877B-20A7-443A-B56C-B2D6D76DE882} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Cenega Czech\Mafia\Game.exe" -d "C:\Program Files (x86)\Cenega Czech\Mafia"
C:\Users\marilynman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\ChromeHTML: -> <==== ATTENTION
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: notebook hodinu startuje, prosim s uctou o pomoc
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by marilynman (01-03-2021 16:01:39) Run:1
Running from C:\Users\marilynman\Downloads
Loaded Profiles: marilynman
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {8395396C-E108-46D7-8AD0-A54497E2A4CD} - System32\Tasks\{4778DC05-C227-4CEE-B218-80AEE342A837} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\heroes4c.exe" -d "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\"
Task: {D92CCE2E-3B32-4DF4-9DF9-E8DB00D2F234} - System32\Tasks\{B993FA7F-F924-4DB1-BDB9-C40BF6792838} => C:\WINDOWS\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {FB4BD5DA-781B-4E65-914C-386E8124FC95} - System32\Tasks\{48C1877B-20A7-443A-B56C-B2D6D76DE882} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Cenega Czech\Mafia\Game.exe" -d "C:\Program Files (x86)\Cenega Czech\Mafia"
C:\Users\marilynman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\ChromeHTML: -> <==== ATTENTION
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8395396C-E108-46D7-8AD0-A54497E2A4CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8395396C-E108-46D7-8AD0-A54497E2A4CD}" => removed successfully
C:\WINDOWS\System32\Tasks\{4778DC05-C227-4CEE-B218-80AEE342A837} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4778DC05-C227-4CEE-B218-80AEE342A837}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D92CCE2E-3B32-4DF4-9DF9-E8DB00D2F234}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D92CCE2E-3B32-4DF4-9DF9-E8DB00D2F234}" => removed successfully
C:\WINDOWS\System32\Tasks\{B993FA7F-F924-4DB1-BDB9-C40BF6792838} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B993FA7F-F924-4DB1-BDB9-C40BF6792838}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB4BD5DA-781B-4E65-914C-386E8124FC95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB4BD5DA-781B-4E65-914C-386E8124FC95}" => removed successfully
C:\WINDOWS\System32\Tasks\{48C1877B-20A7-443A-B56C-B2D6D76DE882} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{48C1877B-20A7-443A-B56C-B2D6D76DE882}" => removed successfully
C:\Users\marilynman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001_Classes\ChromeHTML => removed successfully
C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\marilynman\Desktop\selbstaukunft.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\marilynman\Desktop\selbstaukunft.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skypec2c => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 845113 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16904192 B
Java, Flash, Steam htmlcache => 51561997 B
Windows/system/drivers => 250668781 B
Edge => 54894 B
Firefox => 122970841 B
Opera => 107520 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3290 B
NetworkService => 3290 B
marilynman => 53236749 B
RecycleBin => 0 B
EmptyTemp: => 473.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:03:33 ====
Ran by marilynman (01-03-2021 16:01:39) Run:1
Running from C:\Users\marilynman\Downloads
Loaded Profiles: marilynman
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {8395396C-E108-46D7-8AD0-A54497E2A4CD} - System32\Tasks\{4778DC05-C227-4CEE-B218-80AEE342A837} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\heroes4c.exe" -d "C:\Program Files (x86)\3DO\Heroes of Might and Magic IV\"
Task: {D92CCE2E-3B32-4DF4-9DF9-E8DB00D2F234} - System32\Tasks\{B993FA7F-F924-4DB1-BDB9-C40BF6792838} => C:\WINDOWS\system32\pcalua.exe -a D:\Setup.exe -d D:\
Task: {FB4BD5DA-781B-4E65-914C-386E8124FC95} - System32\Tasks\{48C1877B-20A7-443A-B56C-B2D6D76DE882} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Cenega Czech\Mafia\Game.exe" -d "C:\Program Files (x86)\Cenega Czech\Mafia"
C:\Users\marilynman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\...\ChromeHTML: -> <==== ATTENTION
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\marilynman\Desktop\selbstaukunft.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4013335508-3333605070-2584572280-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8395396C-E108-46D7-8AD0-A54497E2A4CD}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8395396C-E108-46D7-8AD0-A54497E2A4CD}" => removed successfully
C:\WINDOWS\System32\Tasks\{4778DC05-C227-4CEE-B218-80AEE342A837} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4778DC05-C227-4CEE-B218-80AEE342A837}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D92CCE2E-3B32-4DF4-9DF9-E8DB00D2F234}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D92CCE2E-3B32-4DF4-9DF9-E8DB00D2F234}" => removed successfully
C:\WINDOWS\System32\Tasks\{B993FA7F-F924-4DB1-BDB9-C40BF6792838} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B993FA7F-F924-4DB1-BDB9-C40BF6792838}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB4BD5DA-781B-4E65-914C-386E8124FC95}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB4BD5DA-781B-4E65-914C-386E8124FC95}" => removed successfully
C:\WINDOWS\System32\Tasks\{48C1877B-20A7-443A-B56C-B2D6D76DE882} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{48C1877B-20A7-443A-B56C-B2D6D76DE882}" => removed successfully
C:\Users\marilynman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001_Classes\ChromeHTML => removed successfully
C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\marilynman\Desktop\einverstädniserklärung.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\marilynman\Desktop\KK Andrej Cermak.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\marilynman\Desktop\selbstaukunft.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\marilynman\Desktop\selbstaukunft.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4013335508-3333605070-2584572280-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skypec2c => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 845113 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16904192 B
Java, Flash, Steam htmlcache => 51561997 B
Windows/system/drivers => 250668781 B
Edge => 54894 B
Firefox => 122970841 B
Opera => 107520 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3290 B
NetworkService => 3290 B
marilynman => 53236749 B
RecycleBin => 0 B
EmptyTemp: => 473.4 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 16:03:33 ====
-
Rudy
- Site Admin
- Příspěvky: 118253
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: notebook hodinu startuje, prosim s uctou o pomoc
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: notebook hodinu startuje, prosim s uctou o pomoc
musim priznat ze je rychlejsi aj ked firefox sa mi strasne dlho otvara a nacitava, mohlo by to byt aj malou RAM ?
-
Rudy
- Site Admin
- Příspěvky: 118253
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: notebook hodinu startuje, prosim s uctou o pomoc
Mohlo by. Zkusíme ještě vyčistit prohlížeče. Spusťte postupně tyto utility:
1. Stahnete Zoek.exe: https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe: https://www.edisk.cz/stahni/21334/zoek.rar_1.3MB.html/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: notebook hodinu startuje, prosim s uctou o pomoc
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by marilynman on 01.03.2021 at 18:45:29,27.
Microsoft Windows 10 Pro 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\marilynman\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
01.03.2021 18:48:26 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\TrainTickets_201601060658 deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\marilynman\AppData\Local\ActiveSync deleted successfully
C:\Users\marilynman\AppData\Local\NetworkTiles deleted successfully
C:\Users\marilynman\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\prefs.js:
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.selectedEngine", "Search Provided by Yahoo");
Added to C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__2012_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\TrainTickets_201601060658 not found
C:\Users\marilynman\.android deleted
C:\PROGRA~2\Wondershare deleted
C:\Users\marilynman\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\jetpack deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.selectedEngine", "Search Provided by Yahoo");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [10.10.2016 07:05]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [10.10.2016 07:05]
==== Firefox Extensions ======================
ProfilePath: C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default
- Undetermined - %ProfilePath%\extensions\ffext_basicvideoext@startpage24.xpi
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
- Undetermined - %ProfilePath%\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi
- Undetermined - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default
CD9AD396445215BA2B050EED7194193B - c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll - Silverlight Plug-In
C940C1079C9202591865EAEDC010926C - c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrlui.dll - Microsoft® Silverlight
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID= ... 2F6062FBB7"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID= ... 2F6062FBB7"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{2f23ab71-4ac6-41f2-a955-ea576e553146} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\marilynman\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\marilynman\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\marilynman\AppData\Local\Mozilla\Firefox\Profiles\ck6ln872.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\marilynman\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=450 folders=64 95933266 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\MARILY~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 01.03.2021 at 20:35:30,08 ======================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by marilynman (Administrator) on 01.03.2021 at 20:50:03,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 1
Successfully deleted: HKLM\Software\MozillaPlugins\@qq.com/npandroidassistant (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.03.2021 at 20:59:00,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tool run by marilynman on 01.03.2021 at 18:45:29,27.
Microsoft Windows 10 Pro 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\marilynman\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
01.03.2021 18:48:26 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\PROGRA~2\TrainTickets_201601060658 deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\marilynman\AppData\Local\ActiveSync deleted successfully
C:\Users\marilynman\AppData\Local\NetworkTiles deleted successfully
C:\Users\marilynman\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\prefs.js:
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.selectedEngine", "Search Provided by Yahoo");
Added to C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__2012_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\TrainTickets_201601060658 not found
C:\Users\marilynman\.android deleted
C:\PROGRA~2\Wondershare deleted
C:\Users\marilynman\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default\jetpack deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default
user_pref("browser.newtab.url", "about:newtab");
user_pref("browser.search.selectedEngine", "Search Provided by Yahoo");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [10.10.2016 07:05]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [10.10.2016 07:05]
==== Firefox Extensions ======================
ProfilePath: C:\Users\MARILY~1\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default
- Undetermined - %ProfilePath%\extensions\ffext_basicvideoext@startpage24.xpi
- Firefox Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi
- Undetermined - %ProfilePath%\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a5}.xpi
- Undetermined - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\marilynman\AppData\Roaming\Mozilla\Firefox\Profiles\ck6ln872.default
CD9AD396445215BA2B050EED7194193B - c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll - Silverlight Plug-In
C940C1079C9202591865EAEDC010926C - c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrlui.dll - Microsoft® Silverlight
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID= ... 2F6062FBB7"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkID= ... 2F6062FBB7"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{2f23ab71-4ac6-41f2-a955-ea576e553146} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki deleted successfully
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\marilynman\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\marilynman\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\marilynman\AppData\Local\Mozilla\Firefox\Profiles\ck6ln872.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\marilynman\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=450 folders=64 95933266 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\MARILY~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 01.03.2021 at 20:35:30,08 ======================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by marilynman (Administrator) on 01.03.2021 at 20:50:03,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 1
Successfully deleted: HKLM\Software\MozillaPlugins\@qq.com/npandroidassistant (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.03.2021 at 20:59:00,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Rudy
- Site Admin
- Příspěvky: 118253
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: notebook hodinu startuje, prosim s uctou o pomoc
OK. Vypadá to nyní lépe?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: notebook hodinu startuje, prosim s uctou o pomoc
je to ovela lepsie, uz len pri starte sa trosku zasekne ale je to fajn. dakujem
-
Rudy
- Site Admin
- Příspěvky: 118253
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: notebook hodinu startuje, prosim s uctou o pomoc
Zkuste ještě defragmentovat disk.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Přispějete na provoz fóra?