Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

ntb problem

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

ntb problem

#1 Příspěvek od Hraczka »

Zdravím,

nevím proč,ale nejde mi nainstalovat ani zkušební verze ESETU ani McAFEE. prostě zádný antivir.
Zkoušel jsem nějaké ulility ,a nevím proč,automaticky při restartu pc se mi win 7 přepne do nouzového režimu.
prosím o kontrolu logu

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#2 Příspěvek od Hraczka »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2021
Ran by David (administrator) on DAVID-PC (ASUSTeK Computer Inc. K50IJ) (16-03-2021 17:31:45)
Running from C:\Users\David\Desktop
Loaded Profiles: David
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\RunOnce: [VI2_IntermediatReboot] => C:\Users\David\AppData\Local\Temp\nsx405C.tmp\mcuicnt.exe [626568 2020-12-14] (McAfee, LLC. -> McAfee, LLC.) <==== ATTENTION
HKLM\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4338880 2016-02-02] (Disc Soft Ltd -> Disc Soft Ltd) [File not signed]
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\MountPoints2: {a0a810ce-1622-11eb-bb84-485b39405249} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\MountPoints2: {f6176fa3-6eec-11eb-9131-485b39405249} - F:\HiSuiteDownLoader.exe
HKLM\...\Windows x64\Print Processors\Canon MP250 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9W.DLL [28672 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP250 series: C:\Windows\system32\CNMLM9W.DLL [336896 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BootExecute:
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {15430B55-06E2-461D-9F4E-BD1FDF06754C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {300554B8-F713-40F2-9F4F-025BA7B4330D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694256 2021-03-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {3EC9C8F3-117B-4D60-BE62-B28A1C83C98A} - System32\Tasks\{0DAF34B9-9714-4646-B555-6A5849188FC0} => C:\Program Files (x86)\Rockstar Games\GTAIII\gta3.exe [2379776 2020-10-05] () [File not signed]
Task: {5DFD5567-FC80-40F9-A9BD-629400FA0E45} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {63A4E41D-6CDB-4D65-B6FB-AE8228FC771E} - System32\Tasks\Uninstaller_SkipUac_David => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [6435088 2020-08-19] (IObit Information Technology -> IObit)
Task: {781E2C3C-2064-488F-9201-8F8AD769AC0B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158744 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {80FF1647-F2D3-4EC9-8DCF-F8668D253504} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DBB20D1-75BE-4EA5-AC70-3A3D5683A8BE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2038144 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE3BE071-3745-4268-81FD-6BB5B2AA05B8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158744 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2D48296-0ABE-4661-B14E-B9A5A6944223} - System32\Tasks\{9C79D6C9-C669-402D-A1CF-39AFCBDF54FF} => C:\Program Files (x86)\Rockstar Games\GTAIII\gta3.exe [2379776 2020-10-05] () [File not signed]
Task: {F626A40B-D950-4BE3-BC0F-CDFEF268BC5A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\McAfee Remediation (Prepare).job => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe
Task: C:\Windows\Tasks\McDiReg.job => C:\ProgramData\McAfee\Direct\McDiReg.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Winsock: Catalog5 06 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Winsock: Catalog5-x64 05 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Winsock: Catalog5-x64 06 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{CE7D2660-32B2-40A0-A6C0-BDC7051D5DC6}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF DefaultProfile: j1rd7518.default
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j1rd7518.default [2021-03-15]
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\niag4o4o.default-release-1597433812800 [2021-03-16]
FF Notifications: Mozilla\Firefox\Profiles\niag4o4o.default-release-1597433812800 -> hxxps://mail.google.com
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\niag4o4o.default-release-1597433812800\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-01-26]
FF Extension: (Simple Translate) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\niag4o4o.default-release-1597433812800\Extensions\simple-translate@sienori.xpi [2021-03-12]
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2021-03-12]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0281181615841711mcinstcleanup; C:\ProgramData\McInstTemp0281181615841711\McInst.exe [871048 2020-11-03] (McAfee, LLC -> McAfee, LLC)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137440 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
S3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1439424 2016-02-02] (Disc Soft Ltd -> Disc Soft Ltd)
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [158992 2020-07-31] (IObit Information Technology -> IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-15] (Malwarebytes Inc -> Malwarebytes)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1584272 2020-11-27] (McAfee, LLC -> McAfee, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Windows -> Microsoft Corporation)
S2 wlidsvc; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2291568 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (ZTE CORPORATION -> Google Inc)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2753536 2011-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2020-03-14] (Tages SA -> )
S3 cpuz145; C:\Windows\temp\cpuz145\cpuz145_x64.sys [49968 2021-03-15] (CPUID -> CPUID)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2020-01-09] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2020-01-09] (Disc Soft Ltd -> Disc Soft Ltd)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-05-24] (Martin Malik - REALiX -> REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-12-27] (Huawei Technologies Co., Ltd.) [File not signed]
S3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [27224 2020-07-31] (IObit CO., LTD -> IObit)
S3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUProcessFilter.sys [20568 2020-07-31] (IObit CO., LTD -> IObit)
S3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegistryFilter.sys [34392 2020-07-31] (IObit CO., LTD -> IObit)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2020-03-14] (Tages SA -> )
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [58280 2018-07-27] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220616 2021-03-16] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-03-16] (Malwarebytes Inc -> Malwarebytes)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (ManyCam LLC -> Visicom Media Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2020-10-05] () [File not signed]
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-06] (SONIX TECHNOLOGY CO. , LTD -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 ST50220; C:\Windows\System32\Drivers\ST50220.sys [51248 2020-05-24] (Chicony Electronics Co., Ltd. -> Sonix)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-16 17:32 - 2021-03-16 17:32 - 000000000 ____D C:\Users\David\AppData\LocalLow\IGDump
2021-03-16 17:31 - 2021-03-16 17:33 - 000014150 _____ C:\Users\David\Desktop\FRST.txt
2021-03-16 17:31 - 2021-03-16 17:32 - 000000000 ____D C:\FRST
2021-03-16 17:29 - 2021-03-16 17:29 - 002300928 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2021-03-15 22:04 - 2021-03-16 17:27 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-03-15 21:56 - 2021-03-15 21:56 - 000000000 ____D C:\Program Files\McAfee.com
2021-03-15 21:56 - 2021-03-15 21:56 - 000000000 ____D C:\Program Files\McAfee
2021-03-15 21:55 - 2021-03-15 21:58 - 000000392 _____ C:\Windows\Tasks\McAfee Remediation (Prepare).job
2021-03-15 21:55 - 2021-03-15 21:58 - 000000238 _____ C:\Windows\Tasks\McDiReg.job
2021-03-15 21:55 - 2021-03-15 21:56 - 000000000 ____D C:\Program Files\Common Files\McAfee
2021-03-15 21:55 - 2021-03-15 21:55 - 000000000 ____D C:\ProgramData\McInstTemp0281181615841711
2021-03-15 21:55 - 2021-03-15 21:55 - 000000000 ____D C:\Program Files\Common Files\AV
2021-03-15 21:55 - 2021-03-15 21:55 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-03-15 21:48 - 2021-03-15 21:59 - 000000000 ____D C:\ProgramData\McAfee
2021-03-15 21:48 - 2021-03-15 21:48 - 005794408 _____ (McAfee, LLC) C:\Users\David\Downloads\mcafee_trial_setup_433.0207.3919_key.exe
2021-03-15 21:48 - 2021-03-15 21:48 - 000000000 _____ C:\Users\David\AppData\Roaming\MCVi2UserDetail.ini
2021-03-15 21:18 - 2021-03-15 21:18 - 000001281 _____ C:\Windows\MGH_WFW_Rules.txt
2021-03-15 21:16 - 2021-03-15 21:16 - 000000000 ____D C:\Users\David\AppData\Local\mbam
2021-03-15 21:03 - 2021-03-16 17:27 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-03-15 21:01 - 2021-03-15 21:01 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-15 20:56 - 2021-03-15 20:56 - 000000801 _____ C:\Users\David\Desktop\red clean.lnk
2021-03-15 20:55 - 2021-03-15 20:57 - 000000000 ____D C:\AdwCleaner
2021-03-15 20:53 - 2021-03-15 21:41 - 000000000 ____D C:\Windows\w
2021-03-15 20:53 - 2021-03-15 21:41 - 000000000 ____D C:\Windows\c
2021-03-15 20:53 - 2021-03-12 09:18 - 000000308 _____ C:\Windows\e.reg
2021-03-15 20:53 - 2021-02-26 00:31 - 000002298 _____ C:\Windows\d.bat
2021-03-15 20:53 - 2021-01-25 17:45 - 000014546 _____ C:\Windows\c.bat
2021-03-15 20:53 - 2021-01-25 17:45 - 000000526 _____ C:\Windows\ct.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000308 _____ C:\Windows\d.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000308 _____ C:\Windows\c.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000302 _____ C:\Windows\mn.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000302 _____ C:\Windows\mf.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000001 _____ C:\Windows\y.txt
2021-03-15 20:52 - 2020-07-09 12:09 - 000000000 ____D C:\Users\David\Desktop\ESET Internet Security 13.2.15.0
2021-03-15 20:46 - 2021-03-15 20:52 - 102350858 _____ C:\Users\David\Downloads\ESET Internet Security 13.2.15.0.rar
2021-03-15 20:44 - 2021-03-15 20:44 - 000000000 _____ C:\Users\David\Downloads\essdset.rar
2021-03-15 20:43 - 2021-03-15 20:57 - 082050747 _____ C:\Users\David\Downloads\essdset.rar.part
2021-03-15 20:42 - 2021-03-15 20:42 - 000003209 _____ C:\Users\David\Downloads\EIS_90_Day_Trial_Reset_v5.zip
2021-03-15 20:34 - 2021-03-15 20:34 - 000000000 ____D C:\Users\David\Downloads\ESET_AIO_Installer_v2
2021-03-15 20:33 - 2021-03-15 20:33 - 002788987 _____ C:\Users\David\Downloads\ESET_AIO_Installer_v2.zip
2021-03-15 20:26 - 2021-03-15 20:26 - 006341552 _____ (ESET) C:\Users\David\Downloads\eset_smart_security_premium_live_installer.exe
2021-03-15 20:01 - 2021-03-15 20:01 - 000000000 _____ C:\Users\David\Desktop\GW5G-XMWS-F35T-M8VR-JRE3.txt
2021-03-15 19:21 - 2021-03-15 19:21 - 006341552 _____ (ESET) C:\Users\David\Downloads\eset_internet_security_live_installer.exe
2021-03-15 18:50 - 2021-03-15 18:50 - 098988032 _____ C:\Windows\system32\config\SOFTWARE.iobit
2021-03-15 18:50 - 2021-03-15 18:50 - 002170880 _____ C:\Windows\system32\config\DEFAULT.iobit
2021-03-15 18:50 - 2021-03-15 18:50 - 000024576 _____ C:\Windows\system32\config\SECURITY.iobit
2021-03-15 18:50 - 2021-03-15 18:50 - 000024576 _____ C:\Windows\system32\config\SAM.iobit
2021-03-15 16:51 - 2021-03-15 16:51 - 017351079 _____ C:\Users\David\Downloads\manual-dji-mavic-pro-cs.pdf
2021-03-15 15:38 - 2021-03-15 18:39 - 000000000 ____D C:\Users\David\Desktop\mix
2021-03-15 15:36 - 2021-03-15 16:22 - 481363223 _____ C:\Users\David\Downloads\Kabala II - 10. cast (pokracovani Pad Kabaly).mkv
2021-03-12 23:38 - 2021-03-12 23:38 - 000001305 _____ C:\ProgramData\Desktop\IObit Uninstaller.lnk
2021-03-12 22:17 - 2021-03-12 23:18 - 1047527424 _____ C:\Users\David\Downloads\G1148.part1.rar
2021-03-12 22:17 - 2021-03-12 23:15 - 1027814528 _____ C:\Users\David\Downloads\G1148.part2.rar
2021-03-12 16:25 - 2021-03-12 17:07 - 1242733769 _____ C:\Users\David\Downloads\Tom a Jerry-2021-Webrip-AAC.5.1-1080p.H.264-1920x1036-sk title vlozene vypinatelne.mkv
2021-03-11 18:51 - 2021-03-11 18:51 - 000000000 ____D C:\Users\David\Desktop\.thumbnails
2021-03-03 20:59 - 2021-03-03 21:35 - 378815107 _____ C:\Users\David\Downloads\Kabala II - 9. část (pokračování desetidílné série Pád Kabaly).mp4
2021-03-02 18:28 - 2021-03-02 18:28 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-02-21 19:06 - 2021-02-14 22:28 - 173248222 _____ C:\Users\David\Desktop\Kabala II (8. část - O Nadaci Billa a Melindy Gatesových a plošném očkování).mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-16 17:32 - 2020-01-09 19:29 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2021-03-16 17:32 - 2020-01-09 19:29 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-16 17:24 - 2020-05-24 18:13 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2021-03-15 22:06 - 2020-05-27 22:37 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2021-03-15 21:40 - 2020-04-29 16:46 - 000000000 ____D C:\Program Files (x86)\WinRAR
2021-03-15 21:03 - 2021-01-21 21:19 - 000001928 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-15 21:02 - 2021-01-26 19:12 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-03-15 20:20 - 2009-07-14 05:45 - 000029408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-03-15 20:20 - 2009-07-14 05:45 - 000029408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-03-15 20:08 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-03-15 20:04 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-03-15 19:37 - 2020-01-17 18:58 - 000000000 ____D C:\Users\David\AppData\LocalLow\IObit
2021-03-15 19:37 - 2020-01-17 18:57 - 000000000 ____D C:\Users\David\AppData\Roaming\IObit
2021-03-15 19:37 - 2020-01-17 18:57 - 000000000 ____D C:\ProgramData\IObit
2021-03-15 19:37 - 2020-01-17 18:57 - 000000000 ____D C:\Program Files (x86)\IObit
2021-03-15 19:12 - 2020-01-09 18:49 - 000000000 ____D C:\Users\David
2021-03-15 18:55 - 2020-06-17 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2
2021-03-15 15:22 - 2020-01-09 19:53 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-12 23:38 - 2021-01-17 18:51 - 000002856 _____ C:\Windows\system32\Tasks\Uninstaller_SkipUac_David
2021-03-12 23:38 - 2021-01-17 18:51 - 000001317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2021-03-12 23:38 - 2021-01-17 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2021-03-12 23:35 - 2020-11-09 18:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-12 23:35 - 2020-01-22 18:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-11 20:12 - 2020-01-12 22:18 - 000000000 ____D C:\Windows\system32\MRT
2021-03-11 20:04 - 2020-01-12 22:18 - 131005360 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-03-07 19:10 - 2009-07-14 16:18 - 000750544 _____ C:\Windows\system32\perfh005.dat
2021-03-07 19:10 - 2009-07-14 16:18 - 000177568 _____ C:\Windows\system32\perfc005.dat
2021-03-07 19:10 - 2009-07-14 06:13 - 001816272 _____ C:\Windows\system32\PerfStringBackup.INI
2021-03-03 21:31 - 2020-05-18 14:52 - 000000000 ____D C:\Users\David\AppData\Roaming\Kodi
2021-02-21 22:38 - 2020-11-10 23:21 - 000000000 ____D C:\Users\David\AppData\Local\MobiMoverUILaunch
2021-02-21 22:37 - 2020-11-10 23:21 - 000000000 ____D C:\Users\David\AppData\Roaming\MobiMoverUILaunch
2021-02-21 22:26 - 2020-11-10 23:19 - 000000000 ____D C:\ProgramData\EMM
2021-02-21 22:24 - 2021-01-26 19:25 - 000000000 ____D C:\Users\David\AppData\Local\Deployment

==================== Files in the root of some directories ========

2021-03-15 21:48 - 2021-03-15 21:48 - 000000000 _____ () C:\Users\David\AppData\Roaming\MCVi2UserDetail.ini
2020-05-24 18:10 - 2020-05-24 18:10 - 000000017 _____ () C:\Users\David\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-03-13 00:19
==================== End of FRST.txt ========================

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#3 Příspěvek od Hraczka »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021
Ran by David (16-03-2021 17:34:28)
Running from C:\Users\David\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2020-01-09 17:49:29)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3321637588-428875143-3676826485-500 - Administrator - Disabled)
David (S-1-5-21-3321637588-428875143-3676826485-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-3321637588-428875143-3676826485-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3321637588-428875143-3676826485-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.5.205 - Adobe, Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.76.1090 - AB Team, d.o.o.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.1.0.0489 - Disc Soft Ltd)
EaseUS MobiMover 5.3.6 (HKLM-x32\...\EaseUS MobiMover_is1) (Version: - EaseUS)
Google Video Support Plugin (HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 - Google, LLC.)
Icecream Ebook Reader verze 5.19 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 5.19 - Icecream Apps)
IObit Uninstaller 10 (HKLM-x32\...\IObitUninstall) (Version: 10.0.2.20 - IObit)
Java 8 Update 261 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
K-Lite Mega Codec Pack 15.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.6.0 - KLCP)
Kodi (HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\Kodi) (Version: - XBMC Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.12527.21686 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MIRACLE (HKLM-x32\...\MIRACLE) (Version: 1.00 - Miracle Team)
Mozilla Firefox 86.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 86.0.1 (x64 cs)) (Version: 86.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20988 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20988 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.12527.20988 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.34161 - Microsoft Corporation)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
USB Serial Port Driver (x64) (HKLM-x32\...\{53012BD2-D1A3-4530-9AE2-B0C503B5C1C2}) (Version: 2013.30.0.313 - Nokia)
Vzum (HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\6cfa0c5674100ff8) (Version: 1.0.0.38 - Vzum)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3321637588-428875143-3676826485-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3321637588-428875143-3676826485-1000_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3321637588-428875143-3676826485-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => -> No File
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-15] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-01-17 19:09 - 2019-08-25 13:55 - 000776704 _____ (Tabibito Technology) [File not signed] C:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosPropertyHandler.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-3321637588-428875143-3676826485-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://185.49.188.24/dochazka_bd
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {1415E7BB-3C9E-4BC7-A584-5B424FF6710E} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {57D5C9DE-914A-415C-A065-B08B345BB2E7} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {795C8A5A-863C-492B-A3E1-242B22B2C43A} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {B0FC838F-8F9F-4A31-854E-F7F3AA4C0980} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... earch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {B6D7A696-0AAF-490C-B869-B9194CD2C3A8} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... earch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {BB28DE13-B3EA-4DEA-8138-279C55B7AB2D} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {C9D6A5B4-9E4B-4DF3-9032-D464C81A9C96} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... earch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {D4B6D89C-83C4-4036-9B10-8084E4C0C959} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_7436
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2020-01-31] (IObit Information Technology -> IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-10-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-10-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-10-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\sharepoint.com -> hxxps://ecentral-files.sharepoint.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pozadí plochy.bmp
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9375FA8C-3AA4-4E7E-8935-F511A4E45A16}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CBF7D4F8-D3C7-4F5C-B6F6-F0240AEBAE01}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F7DA5269-79C6-4944-A052-B5A59A91B24D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{071601A2-85F4-4B26-877B-BCC94BBB3691}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1B12201-36DA-4012-BCD0-36129BDAFCCB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{21E5D9CD-61F9-4FD9-A191-B3BF438F789E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF97CAC6-D612-45D0-BEC1-3FD3D814123A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7A868609-5B56-457F-84B5-066DC283B44D}] => (Block) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes)
FirewallRules: [{5F813D0C-ACAB-4C24-8D30-4D655A204F1F}] => (Block) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes)

==================== Restore Points =========================


==================== Faulty Device Manager Devices ============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/15/2021 10:06:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: aria2c.exe, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: aria2c.exe, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x40000015
Posun chyby: 0x00315a8c
ID chybujícího procesu: 0x680
Čas spuštění chybující aplikace: 0x01d719df064cf6e2
Cesta k chybující aplikaci: C:\Users\David\AppData\Local\Temp\aria2c.exe
Cesta k chybujícímu modulu: C:\Users\David\AppData\Local\Temp\aria2c.exe
ID zprávy: 4cf0304a-85d2-11eb-b9ce-a977a17361fe

Error: (03/15/2021 10:05:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: aria2c.exe, verze: 0.0.0.0, časové razítko: 0x00000000
Název chybujícího modulu: aria2c.exe, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x40000015
Posun chyby: 0x00315a8c
ID chybujícího procesu: 0x7e8
Čas spuštění chybující aplikace: 0x01d719dee65c6015
Cesta k chybující aplikaci: C:\Users\David\AppData\Local\Temp\aria2c.exe
Cesta k chybujícímu modulu: C:\Users\David\AppData\Local\Temp\aria2c.exe
ID zprávy: 2d234e21-85d2-11eb-b9ce-a977a17361fe

Error: (03/15/2021 08:59:32 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Users\David\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Popis = JRT Pre-Junkware Removal; Chyba = 0x8007043c).

Error: (03/12/2021 10:34:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE verze 6.1.7601.23537 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 5ac

Čas spuštění: 01d7174f6abd815e

Čas ukončení: 332

Cesta k aplikaci: C:\Windows\Explorer.EXE

ID hlášení: bf72325a-837a-11eb-8069-485b39405249

Error: (03/03/2021 09:31:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program kodi.exe verze 18.8.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 750

Čas spuštění: 01d7106b54355c64

Čas ukončení: 151

Cesta k aplikaci: C:\Program Files\Kodi\kodi.exe

ID hlášení: 7115994b-7c5f-11eb-b3aa-485b39405249

Error: (02/17/2021 10:18:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/15/2021 08:55:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program IEXPLORE.EXE verze 11.0.9600.19597 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 106c

Čas spuštění: 01d703d4726ad3fb

Čas ukončení: 12

Cesta k aplikaci: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

ID hlášení:

Error: (02/10/2021 04:38:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 6.1.7601.23537, časové razítko: 0x57c44efe
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000004520fd8
ID chybujícího procesu: 0x568
Čas spuštění chybující aplikace: 0x01d6ffc1daacbb43
Cesta k chybující aplikaci: C:\Windows\Explorer.EXE
Cesta k chybujícímu modulu: unknown
ID zprávy: 0f973360-6bb6-11eb-917a-485b39405249


System errors:
=============
Error: (03/16/2021 05:31:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (03/16/2021 05:31:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (03/16/2021 05:31:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (03/16/2021 05:31:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (03/16/2021 05:31:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (03/16/2021 05:31:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (03/16/2021 05:31:40 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Služba DCOM zjistila chybu %%1084 = Tuto službu nelze spustit v nouzovém režimu. při pokusu o spuštění služby VSS s argumenty za účelem spuštění serveru:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (03/16/2021 05:29:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Prohledávání počítačů závisí na službě Server, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 220 01/25/2011
Motherboard: ASUSTeK Computer Inc. K50IJ
Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz
Percentage of memory in use: 50%
Total physical RAM: 4061.09 MB
Available physical RAM: 2019.43 MB
Total Virtual: 8120.32 MB
Available Virtual: 6095.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:116.44 GB) (Free:25.17 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:332.72 GB) (Free:15.9 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=16.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=332.7 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#4 Příspěvek od Hraczka »

Tak automatické spouštění nouzového režimu jsem vyřešil. Už mi WIN7 nabíhá normálně :-)

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: ntb problem

#5 Příspěvek od Conder »

Ahoj :)

:arrow: Problem s instalaciou ESETu alebo McAfee stale pretrvava? Podla logu uz nejake sucasti McAfee nainstalovane su.

:arrow: Odporucam nepouzivat a odinstalovat vsetky programy od IObit (napr. Driver Booster, Advanced SystemCare, Uninstaller, atd.) - su to cinske smejdy, ktore mozu poskodit system.

:arrow: Ak funguje Malwarebytes, urob v nom uplny sken PC:
  • Otvor Malwarebytes a klikni na "Vyhledavac"
  • Klikni na "Pokrocile kontroly" a potom na "Nastavit kontrolu"
  • Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Skenovani na rootkity"
  • Klikni na "Sken" a pockaj na dokoncenie
  • V pripade nalezov klikni na "Karantena" cim sa nalezy presunu do karanteny
  • Po dokonceni klikni na "Zobrazit zpravu" -> "Export" -> "Kopirovat do schranky"
  • Skopirovany log vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#6 Příspěvek od Hraczka »

mcaffe a eset - problémy přetrvávají/a to použiji poradce při potížích

Obrázek

po restaru stejné

co doporučujete na odinstalaci programu ?

IOBit odinstalovan
Přílohy
Výstřižek.JPG
Výstřižek.JPG (39.59 KiB) Zobrazeno 1373 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: ntb problem

#7 Příspěvek od Conder »

Ako to vyzera so skenom cez Malwarebytes? Ten funguje?

Zatial odinstaluj vsetky sucasti McAfee cez tento nastroj: https://download.mcafee.com/molbin/iss- ... R/MCPR.exe
Stiahni a spusti ako spravca, klikni na Next, odsuhlas licencne podmienky cez Agree, klikni na Next, opis overovaci kod a klikni na Next a na konci restartuj PC.

Inak na odinstalaciu programov vacsinou postacuje pouzit klasicke odinstalovanie cez ovladaci panel, pripadne Revo Uninstaller by mal byt v pohode.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#8 Příspěvek od Hraczka »

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 17.03.21
Čas skenování: 20:52
Logovací soubor: 569fb35a-875a-11eb-a082-485b39405249.json

-Informace o softwaru-
Verze: 4.3.0.98
Verze komponentů: 1.0.1217
Aktualizovat verzi balíku komponent: 1.0.38305
Licence: Premium

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: David-PC\David

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 357319
Zjištěné hrozby: 14
Hrozby umístěné do karantény: 0
Uplynulý čas: 6 hod, 27 min, 51 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat

-Podrobnosti skenování-
Proces: 1
Malware.AI.2635862571, C:\USERS\DAVID\DOWNLOADS\TRICKYHOUSE\TRICKY HOUSE.EXE, Žádná uživatelská akce, 1000000, 0, , , , , 35FB24F177C25DAB5698E48698253AAE, EA0A2D5552AD7ED1BFF8086BE9775FADB370532990F9361DACD4BCB1CABF13B4

Modul: 1
Malware.AI.2635862571, C:\USERS\DAVID\DOWNLOADS\TRICKYHOUSE\TRICKY HOUSE.EXE, Žádná uživatelská akce, 1000000, 0, , , , , 35FB24F177C25DAB5698E48698253AAE, EA0A2D5552AD7ED1BFF8086BE9775FADB370532990F9361DACD4BCB1CABF13B4

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 12
Malware.AI.2635862571, C:\USERS\DAVID\DOWNLOADS\TRICKYHOUSE\TRICKY HOUSE.EXE, Žádná uživatelská akce, 1000000, 0, 1.0.38305, 07C9E999C3283E739D1C122B, dds, 01161733, 35FB24F177C25DAB5698E48698253AAE, EA0A2D5552AD7ED1BFF8086BE9775FADB370532990F9361DACD4BCB1CABF13B4
Malware.AI.11583901, C:\USERS\DAVID\APPDATA\ROAMING\Microsoft\Windows\Recent\Loader-Astron.lnk, Žádná uživatelská akce, 1000000, 0, , , , , BC95B2EE6F58E16FD0308CDBE8778972, 523CF1BE7A64592725FDFC691817543C7B2AF0B9BDF0F5899CFCBE9B32930BEB
Malware.AI.11583901, D:\PROGRAMY\IOBITUNINSTALLERPRO9\LOADER-ASTRON.RAR, Žádná uživatelská akce, 1000000, 0, 1.0.38305, EBFEB63A1AE5ECA300B0C19D, dds, 01161733, A0A6B03EC86FE7FF7D3EBA8A98FC1CC8, 7AF08290877D9776A5C15C68098E9589B7E519530544800C21CAB6C14D230E2B
Malware.AI.767865689, C:\WINDOWS\SETUP\SCRIPTS\WINDOWS7LOADER.EXE, Žádná uživatelská akce, 1000000, 0, 1.0.38305, AE7B531635899E472DC4B359, dds, 01161733, 1FF858465467407315BCCAFACC885B59, 4C9BA22536D51166580EFF3BFEDA9C096B6CAB25DF9C0753FA2E98FE271023EC
RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Žádná uživatelská akce, 5291, 353143, 1.0.38305, , ame, , 5094462D7D0ECA2B0D4AE9FED9A7BD67, BB23EDC8473BF621F0BA6021176C0897E74865261D13C16361782834132213D3
RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Žádná uživatelská akce, 5291, 353149, 1.0.38305, , ame, , 5094462D7D0ECA2B0D4AE9FED9A7BD67, BB23EDC8473BF621F0BA6021176C0897E74865261D13C16361782834132213D3
RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Žádná uživatelská akce, 5291, 543391, 1.0.38305, , ame, , 5094462D7D0ECA2B0D4AE9FED9A7BD67, BB23EDC8473BF621F0BA6021176C0897E74865261D13C16361782834132213D3
Generic.Malware/Suspicious, C:\WINDOWS\N.EXE, Žádná uživatelská akce, 0, 392686, 1.0.38305, , shuriken, , 859B2CC01FC2BFB09D791EC72990494F, 971F3B9109B78FD78672D9517830F27A347725482BDA698D924964C87B0154D2
PUP.Optional.OpenCandy, D:\PROGRAMY\DAEMONTOOLSULTRA410-0489\DUTRA4100489CZ\DAEMONTOOLSULTRA410-0489.EXE, Žádná uživatelská akce, 1307, 297667, 1.0.38305, , ame, , CF8BAC2ED3EED41EB3EA9556D00D2D55, 8C0D50015E219DBF7E8C7F68DC4BA6E5A3588878DAC442562D20379808AD9A39
Malware.AI.11583901, D:\PROGRAMY\IOBITUNINSTALLERPRO9.RAR, Žádná uživatelská akce, 1000000, 0, 1.0.38305, EBFEB63A1AE5ECA300B0C19D, dds, 01161733, 1280F0F64D30B27A510CBD3DBD199DBD, 6A49C5AFBA0BDA2B067A494DE945B9EAA69D1D7F9B6F0BD4F70F27D3D963A032
Generic.Malware/Suspicious, D:\PROGRAMY\SMART_DEFRAG_PRO_6.5_FINAL_CZ+SK+HU!.EXE, Žádná uživatelská akce, 0, 392686, 1.0.38305, , shuriken, , 9D5BB9DF9F5D0903D52E4DF9335A7356, 3E461CFF051E4589E55597EC8C4682CDC6200BFD7AD60F2870243ACA82376F9A
RiskWare.Tool.HCK, D:\PROGRAMY\WINRAR 5.90 CZ FINAL.ZIP, Žádná uživatelská akce, 7421, 65942, 1.0.38305, 6AA2A631A6914F75F91A1AE2, dds, 01161733, F2AEA0A296A586E5441C6538D9955F6D, 9A6E84DA8DC7D714AA97EBC308D7082EF469BD1A868BEBFDD61E6592F0E859F5

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: ntb problem

#9 Příspěvek od Conder »

:arrow: Najdene polozky odporucam zmazat. Dalej, pouzi odinstalator McAfee podla predchadzajuceho prispevku (ak si ho este nepouzil) a nasledne pokracuj AdwCleanerom:

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Spustit skenovani a pockaj na dokoncenie
  • V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena (ak nie su ziadne nalezy, tak na Spustit zakladni opravu)
  • V pripade, ze sa detekuje aj "predinstalovany software", tieto programy mozes, ale nemusis zmazat (toto nie su skodlive programy, ale iba zbytocnosti)
  • Potvrd vyzvu, pockaj na dokoncenie a potvrd restartovanie PC
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#10 Příspěvek od Hraczka »

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-20-2021
# Duration: 00:00:06
# OS: Windows 7 Home Premium
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\David\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1833 octets] - [15/03/2021 20:57:27]
AdwCleaner[C00].txt - [1912 octets] - [15/03/2021 20:57:47]
AdwCleaner[S01].txt - [1595 octets] - [20/03/2021 11:50:08]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#11 Příspěvek od Hraczka »

Nefungoval mi totiž instalační program systému Windows. Konečně jsem ho opravil a už mi funguje instalace esetu.

Ale jinak prosím o kontrolu logu

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: ntb problem

#12 Příspěvek od Conder »

Poprosim o obidva nove logy z FRST (vytvorene v normalnom rezime).
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#13 Příspěvek od Hraczka »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by David (21-03-2021 00:31:59)
Running from C:\Users\David\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2020-01-09 17:49:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3321637588-428875143-3676826485-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3321637588-428875143-3676826485-1004 - Limited - Enabled)
David (S-1-5-21-3321637588-428875143-3676826485-1000 - Administrator - Enabled) => C:\Users\David
Guest (S-1-5-21-3321637588-428875143-3676826485-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3321637588-428875143-3676826485-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AS: ESET Security (Enabled - Up to date) {32D4BD20-1EBB-773C-2B52-7CE89BB0522B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.5.205 - Adobe, Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.76.1090 - AB Team, d.o.o.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
DAEMON Tools Ultra (HKLM\...\DAEMON Tools Ultra) (Version: 4.1.0.0489 - Disc Soft Ltd)
EaseUS MobiMover 5.3.6 (HKLM-x32\...\EaseUS MobiMover_is1) (Version: - EaseUS)
ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 14.0.22.0 - ESET, spol. s r.o.)
Google Video Support Plugin (HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 19.12.1000.0 - Google, LLC.)
Icecream Ebook Reader verze 5.19 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 5.19 - Icecream Apps)
Java 8 Update 261 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180261F0}) (Version: 8.0.2610.12 - Oracle Corporation)
K-Lite Mega Codec Pack 15.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.6.0 - KLCP)
Kodi (HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\Kodi) (Version: - XBMC Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.12527.21686 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\OneDriveSetup.exe) (Version: 20.052.0311.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MIRACLE (HKLM-x32\...\MIRACLE) (Version: 1.00 - Miracle Team)
Mozilla Firefox 86.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 86.0.1 (x64 cs)) (Version: 86.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.2 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B83FC356-B7C0-441F-8A4D-D71E088E7974}) (Version: 9.09.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20988 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20988 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.12527.20988 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.2 - Krzysztof Kowalczyk)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.34161 - Microsoft Corporation)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: - )
USB 2.0 1.3M UVC WebCam (HKLM\...\USB 2.0 1.3M UVC WebCam) (Version: - )
USB Serial Port Driver (x64) (HKLM-x32\...\{53012BD2-D1A3-4530-9AE2-B0C503B5C1C2}) (Version: 2013.30.0.313 - Nokia)
Vzum (HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\6cfa0c5674100ff8) (Version: 1.0.0.38 - Vzum)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3321637588-428875143-3676826485-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3321637588-428875143-3676826485-1000_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\David\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3321637588-428875143-3676826485-1000_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Windows -> Microsoft Corporation)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [126976 2015-10-24] () [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2009-08-18 10:24 - 2009-08-18 10:24 - 000167424 _____ (Microsoft Corporation) [File not signed] c:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\S-1-5-21-3321637588-428875143-3676826485-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://185.49.188.24/dochazka_bd
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {1415E7BB-3C9E-4BC7-A584-5B424FF6710E} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid=QuickSearch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {57D5C9DE-914A-415C-A065-B08B345BB2E7} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {795C8A5A-863C-492B-A3E1-242B22B2C43A} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {B0FC838F-8F9F-4A31-854E-F7F3AA4C0980} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... earch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {B6D7A696-0AAF-490C-B869-B9194CD2C3A8} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... earch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {BB28DE13-B3EA-4DEA-8138-279C55B7AB2D} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {C9D6A5B4-9E4B-4DF3-9032-D464C81A9C96} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... earch_7436
SearchScopes: HKU\S-1-5-21-3321637588-428875143-3676826485-1000 -> {D4B6D89C-83C4-4036-9B10-8084E4C0C959} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_7436
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_261\bin\ssv.dll [2020-10-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-10-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\sharepoint.com -> hxxps://ecentral-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2021-03-17 20:32 - 2021-03-19 20:31 - 000000964 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 telemetry.malwarebytes.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Mozilla\Firefox\Pozadí plochy.bmp
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

17-03-2021 19:07:51 Windows Update
18-03-2021 03:51:38 Windows Defender Checkpoint
20-03-2021 19:46:13 Instalační služba modulů systému Windows
20-03-2021 20:18:27 Created by Wise Registry Cleaner
20-03-2021 20:24:27 Created by Wise Registry Cleaner
20-03-2021 20:43:52 JRT Pre-Junkware Removal
20-03-2021 21:55:09 Installed Microsoft .NET Framework 1.1

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/20/2021 08:10:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ehRecvr.exe, verze: 6.1.7601.23403, časové razítko: 0x56f58116
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.24545, časové razítko: 0x5e0eb67f
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000bf262
ID chybujícího procesu: 0x6dc
Čas spuštění chybující aplikace: 0x01d71dbc8ee82c76
Cesta k chybující aplikaci: C:\Windows\ehome\ehRecvr.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: fa9b063c-89af-11eb-800c-485b39405249

Error: (03/19/2021 11:22:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x80040154, Třída není zaregistrována
.


Operace:
Vytvoření instance serveru VSS

Error: (03/19/2021 11:22:27 PM) (Source: VSS) (EventID: 22) (User: )
Description: Chyba služby Stínová kopie svazku: Důležitá součást požadovaná službou Stínová kopie svazku není registrována.
Pravděpodobnou příčinou je chyba při instalaci systému Windows nebo během instalace zprostředkovatele stínové kopie.
Chyba vrácená funkcí CoCreateInstance pro třídu s identifikátorem CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} a názvem IVssCoordinatorEx2: [0x80040154, Třída není zaregistrována
].


Operace:
Vytvoření instance serveru VSS

Error: (03/19/2021 10:20:17 PM) (Source: Windows Installer 3.1) (EventID: 4373) (User: )
Description: Event-ID 4373

Error: (03/19/2021 10:20:06 PM) (Source: Windows Installer 3.1) (EventID: 4373) (User: )
Description: Event-ID 4373

Error: (03/19/2021 07:38:10 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/18/2021 07:04:52 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (03/18/2021 07:04:49 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown


System errors:
=============
Error: (03/20/2021 10:42:59 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Služba WMPNetworkSvc nebyla spuštěna správně, protože u funkce CoCreateInstance (CLSID_UPnPDeviceFinder) došlo k chybě 0x80004005. Zkontrolujte, zda je spuštěná služba UPnPHost a zda je správně nainstalována součást systému Windows UPnPHost.

Error: (03/20/2021 10:42:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Adaptér naslouchání Net.Pipe neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (03/20/2021 10:42:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Adaptér naslouchání Net.Pipe bylo dosaženo časového limitu (30000 ms).

Error: (03/20/2021 10:41:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Adaptér naslouchání Net.Tcp závisí na službě Služba sdílení portů Net.Tcp, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/20/2021 10:03:09 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Služba WMPNetworkSvc nebyla spuštěna správně, protože u funkce CoCreateInstance (CLSID_UPnPDeviceFinder) došlo k chybě 0x80004005. Zkontrolujte, zda je spuštěná služba UPnPHost a zda je správně nainstalována součást systému Windows UPnPHost.

Error: (03/20/2021 10:02:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Adaptér naslouchání Net.Tcp závisí na službě Služba sdílení portů Net.Tcp, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (03/20/2021 09:53:28 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Služba WMPNetworkSvc nebyla spuštěna správně, protože u funkce CoCreateInstance (CLSID_UPnPDeviceFinder) došlo k chybě 0x80070420. Zkontrolujte, zda je spuštěná služba UPnPHost a zda je správně nainstalována součást systému Windows UPnPHost.

Error: (03/20/2021 09:52:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Adaptér naslouchání Net.Tcp závisí na službě Služba sdílení portů Net.Tcp, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.


Windows Defender:
================
Date: 2021-03-18 03:51:08.267
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... tid=280368
Název:Program:Win32/Ymacco.AA97
Závažnost:Vysoké
Kategorie:Potenciálně nežádoucí software
Nalezeno v cestě:file:C:\Windows\n.exe
Typ zjišťování:Konkrétní
Zdroj zjišťování:Systém
Stav:Neznámý
Uživatel:NT AUTHORITY\NETWORK SERVICE
Název procesu:c:\program files\windows defender\MpCmdRun.exe

==================== Memory info ===========================

BIOS: American Megatrends Inc. 220 01/25/2011
Motherboard: ASUSTeK Computer Inc. K50IJ
Processor: Celeron(R) Dual-Core CPU T3100 @ 1.90GHz
Percentage of memory in use: 66%
Total physical RAM: 4061.09 MB
Available physical RAM: 1354.45 MB
Total Virtual: 8120.32 MB
Available Virtual: 5502.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:116.44 GB) (Free:20.12 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:332.72 GB) (Free:15.93 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=16.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=332.7 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================

Hraczka
Návštěvník
Návštěvník
Příspěvky: 56
Registrován: 17 led 2021 19:51

Re: ntb problem

#14 Příspěvek od Hraczka »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-03-2021
Ran by David (administrator) on DAVID-PC (ASUSTeK Computer Inc. K50IJ) (21-03-2021 00:27:02)
Running from C:\Users\David\Desktop
Loaded Profiles: David
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Disc Soft Ltd -> Disc Soft Ltd) [File not signed] C:\Program Files\DAEMON Tools Ultra\DTAgent.exe
(Disc Soft Ltd -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\egui.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-26] (ESET, spol. s r.o. -> ESET)
HKLM\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files\DAEMON Tools Ultra\DTAgent.exe [4338880 2016-02-02] (Disc Soft Ltd -> Disc Soft Ltd) [File not signed]
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\MountPoints2: {a0a810ce-1622-11eb-bb84-485b39405249} - F:\HiSuiteDownLoader.exe
HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\MountPoints2: {f6176fa3-6eec-11eb-9131-485b39405249} - F:\HiSuiteDownLoader.exe
HKLM\...\Windows x64\Print Processors\Canon MP250 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD9W.DLL [28672 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\HP1020PrintProc: C:\Windows\System32\spool\prtprocs\x64\pphp1020.dll [65024 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP250 series: C:\Windows\system32\CNMLM9W.DLL [336896 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HPLJ1020LM: C:\Windows\system32\zlhp1020.dll [192512 2012-09-18] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BootExecute:
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0744203E-A33F-4CB1-A507-D4C585BE9FF5} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.132\DADUpdater.exe
Task: {15430B55-06E2-461D-9F4E-BD1FDF06754C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {300554B8-F713-40F2-9F4F-025BA7B4330D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694256 2021-03-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {3EC9C8F3-117B-4D60-BE62-B28A1C83C98A} - System32\Tasks\{0DAF34B9-9714-4646-B555-6A5849188FC0} => C:\Program Files (x86)\Rockstar Games\GTAIII\gta3.exe [2379776 2020-10-05] () [File not signed]
Task: {54331C3E-2EE5-4711-9C94-D82EA93D5983} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {5DFD5567-FC80-40F9-A9BD-629400FA0E45} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {5F112118-EAEF-4B1C-BE89-FB6A776DA1BF} - System32\Tasks\{969383CA-78D7-48AC-8B00-C36A6A3B82B7} => C:\Users\David\Downloads\eset_nod32_antivirus_live_installer.exe
Task: {781E2C3C-2064-488F-9201-8F8AD769AC0B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158744 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {80FF1647-F2D3-4EC9-8DCF-F8668D253504} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158568 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DBB20D1-75BE-4EA5-AC70-3A3D5683A8BE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2038144 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {DE3BE071-3745-4268-81FD-6BB5B2AA05B8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6158744 2021-03-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2D48296-0ABE-4661-B14E-B9A5A6944223} - System32\Tasks\{9C79D6C9-C669-402D-A1CF-39AFCBDF54FF} => C:\Program Files (x86)\Rockstar Games\GTAIII\gta3.exe [2379776 2020-10-05] () [File not signed]
Task: {F626A40B-D950-4BE3-BC0F-CDFEF268BC5A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24612256 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Winsock: Catalog5 06 c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Winsock: Catalog5-x64 05 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Winsock: Catalog5-x64 06 c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Hosts: 127.0.0.1 telemetry.malwarebytes.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{CE7D2660-32B2-40A0-A6C0-BDC7051D5DC6}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF DefaultProfile: j1rd7518.default
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j1rd7518.default [2021-03-15]
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\niag4o4o.default-release-1597433812800 [2021-03-20]
FF Notifications: Mozilla\Firefox\Profiles\niag4o4o.default-release-1597433812800 -> hxxps://mail.google.com
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\niag4o4o.default-release-1597433812800\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-03-17]
FF Extension: (Simple Translate) - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\niag4o4o.default-release-1597433812800\Extensions\simple-translate@sienori.xpi [2021-03-12]
FF Plugin: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-10-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-07-19] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2021-03-20]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11137440 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Ultra Bus Service; C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe [1439424 2016-02-02] (Disc Soft Ltd -> Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-17] (Malwarebytes Inc -> Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-03-25] (Microsoft Windows -> Microsoft Corporation)
R2 wlidsvc; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2291568 2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (ZTE CORPORATION -> Google Inc)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2753536 2011-06-27] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2020-03-14] (Tages SA -> )
S3 cpuz145; C:\Windows\temp\cpuz145\cpuz145_x64.sys [49968 2021-03-15] (CPUID -> CPUID)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2020-01-09] (Disc Soft Ltd -> Disc Soft Ltd)
R3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47672 2020-01-09] (Disc Soft Ltd -> Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [160992 2020-10-26] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [190464 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [43720 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [70048 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [56152 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [107784 2020-10-26] (ESET, spol. s r.o. -> ESET)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2019-12-27] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-05-24] (Martin Malik - REALiX -> REALiX(tm))
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2019-12-27] (Huawei Technologies Co., Ltd.) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2020-03-14] (Tages SA -> )
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [58280 2018-07-27] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220616 2021-03-20] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-03-20] (Malwarebytes Inc -> Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (ManyCam LLC -> Visicom Media Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2020-10-05] () [File not signed]
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-06] (SONIX TECHNOLOGY CO. , LTD -> )
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 ST50220; C:\Windows\System32\Drivers\ST50220.sys [51248 2020-05-24] (Chicony Electronics Co., Ltd. -> Sonix)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-21 00:27 - 2021-03-21 00:30 - 000015014 _____ C:\Users\David\Desktop\FRST.txt
2021-03-20 22:36 - 2021-03-20 22:36 - 000000000 ____D C:\Users\David\AppData\Local\ESET
2021-03-20 22:33 - 2021-03-20 22:36 - 000001491 _____ C:\Users\David\Downloads\Eset 100% Workig Keys.rar
2021-03-20 22:06 - 2021-03-20 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2021-03-20 22:06 - 2021-03-20 22:06 - 000000000 ____D C:\ProgramData\ESET
2021-03-20 22:06 - 2021-03-20 22:06 - 000000000 ____D C:\Program Files\ESET
2021-03-20 22:04 - 2021-03-20 22:06 - 000000000 ____D C:\Users\David\AppData\Local\ApplicationHistory
2021-03-20 22:04 - 2021-03-20 22:04 - 000000093 _____ C:\Users\David\AppData\Local\fusioncache.dat
2021-03-20 21:56 - 2021-03-20 21:56 - 000000000 ____D C:\Windows\SysWOW64\URTTEMP
2021-03-20 21:50 - 2021-03-20 21:50 - 000005558 _____ C:\Users\David\Desktop\Soubor Windows Compatibility Report.htm
2021-03-20 21:23 - 2021-03-20 21:43 - 000079460 _____ C:\Windows\ntbtlog.txt
2021-03-20 20:27 - 2021-03-20 21:24 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-03-20 20:24 - 2021-03-20 20:24 - 000024576 _____ C:\Windows\system32\config\SECURITY.rhk
2021-03-20 20:17 - 2021-03-20 20:44 - 000000000 ____D C:\Program Files (x86)\Wise
2021-03-20 20:17 - 2021-03-20 20:17 - 000000000 ____D C:\Windows\system32\Tasks\WiseCleaner
2021-03-20 20:00 - 2021-03-20 20:00 - 000000000 ____D C:\Windows\$regcmp$
2021-03-20 19:59 - 2021-03-20 19:59 - 038463350 _____ C:\Users\David\Documents\ppp.cab
2021-03-20 19:26 - 2021-03-20 19:26 - 000000000 ____D C:\Users\David\AppData\Roaming\iExpert Software
2021-03-19 23:00 - 2021-03-19 23:01 - 000366255 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2021-03-19 23:00 - 2021-03-19 23:00 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2021-03-19 21:27 - 2021-03-19 21:27 - 001053600 _____ (ESET) C:\Users\David\Downloads\ESETUninstaller.exe
2021-03-19 21:01 - 2021-03-19 21:01 - 006341552 _____ (ESET) C:\Users\David\Downloads\eset_internet_security_live_installer.exe
2021-03-19 20:54 - 2021-03-19 20:54 - 000002994 _____ C:\Windows\system32\Tasks\{969383CA-78D7-48AC-8B00-C36A6A3B82B7}
2021-03-17 20:49 - 2021-03-17 20:49 - 000000000 ____D C:\Users\David\AppData\Local\mbam
2021-03-17 20:48 - 2021-03-20 21:53 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-03-17 20:48 - 2021-03-17 20:48 - 000001928 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-17 20:48 - 2021-03-17 20:48 - 000000000 ____D C:\Users\David\Downloads\TrickyHouse
2021-03-17 20:48 - 2021-03-17 20:47 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-03-17 20:47 - 2021-03-17 20:47 - 008216398 _____ C:\Users\David\Downloads\TrickyHouse.rar
2021-03-17 20:45 - 2021-03-17 20:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-17 20:30 - 2021-03-17 20:30 - 073183985 _____ C:\Users\David\Downloads\MB FULL Setup.rar
2021-03-17 19:58 - 2021-03-17 19:58 - 002084016 _____ (Malwarebytes) C:\Users\David\Downloads\MBSetup.exe
2021-03-16 22:44 - 2021-03-16 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-03-16 22:43 - 2021-03-16 22:43 - 011636936 _____ C:\Users\David\Downloads\mb-support-1.8.3.885.exe
2021-03-16 22:32 - 2021-03-16 22:32 - 012792104 _____ (ESET) C:\Users\David\Downloads\avremover_nt64_enu.exe
2021-03-16 22:22 - 2021-03-16 22:55 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2021-03-16 17:31 - 2021-03-21 00:29 - 000000000 ____D C:\FRST
2021-03-16 17:29 - 2021-03-20 20:31 - 002300928 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2021-03-15 21:48 - 2021-03-16 21:46 - 000000000 _____ C:\Users\David\AppData\Roaming\MCVi2UserDetail.ini
2021-03-15 21:18 - 2021-03-15 21:18 - 000001281 _____ C:\Windows\MGH_WFW_Rules.txt
2021-03-15 21:01 - 2021-03-17 20:46 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-15 20:56 - 2021-03-15 20:56 - 000000801 _____ C:\Users\David\Desktop\red clean.lnk
2021-03-15 20:55 - 2021-03-15 20:57 - 000000000 ____D C:\AdwCleaner
2021-03-15 20:53 - 2021-03-20 22:04 - 000000000 ____D C:\Windows\w
2021-03-15 20:53 - 2021-03-20 22:04 - 000000000 ____D C:\Windows\c
2021-03-15 20:53 - 2021-03-12 09:18 - 000000308 _____ C:\Windows\e.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000526 _____ C:\Windows\ct.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000308 _____ C:\Windows\d.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000308 _____ C:\Windows\c.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000302 _____ C:\Windows\mn.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000302 _____ C:\Windows\mf.reg
2021-03-15 20:53 - 2021-01-25 17:45 - 000000001 _____ C:\Windows\y.txt
2021-03-15 18:50 - 2021-03-15 18:50 - 098988032 _____ C:\Windows\system32\config\SOFTWARE.iobit
2021-03-15 18:50 - 2021-03-15 18:50 - 002170880 _____ C:\Windows\system32\config\DEFAULT.iobit
2021-03-15 18:50 - 2021-03-15 18:50 - 000024576 _____ C:\Windows\system32\config\SECURITY.iobit
2021-03-15 18:50 - 2021-03-15 18:50 - 000024576 _____ C:\Windows\system32\config\SAM.iobit
2021-03-15 16:51 - 2021-03-15 16:51 - 017351079 _____ C:\Users\David\Downloads\manual-dji-mavic-pro-cs.pdf
2021-03-15 15:38 - 2021-03-18 16:16 - 000000000 ____D C:\Users\David\Desktop\mix
2021-03-15 15:36 - 2021-03-15 16:22 - 481363223 _____ C:\Users\David\Downloads\Kabala II - 10. cast (pokracovani Pad Kabaly).mkv
2021-03-12 22:17 - 2021-03-12 23:18 - 1047527424 _____ C:\Users\David\Downloads\G1148.part1.rar
2021-03-12 22:17 - 2021-03-12 23:15 - 1027814528 _____ C:\Users\David\Downloads\G1148.part2.rar
2021-03-12 16:25 - 2021-03-12 17:07 - 1242733769 _____ C:\Users\David\Downloads\Tom a Jerry-2021-Webrip-AAC.5.1-1080p.H.264-1920x1036-sk title vlozene vypinatelne.mkv
2021-03-03 20:59 - 2021-03-03 21:35 - 378815107 _____ C:\Users\David\Downloads\Kabala II - 9. část (pokračování desetidílné série Pád Kabaly).mp4
2021-03-02 18:28 - 2021-03-02 18:28 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-02-21 19:06 - 2021-02-14 22:28 - 173248222 _____ C:\Users\David\Desktop\Kabala II (8. část - O Nadaci Billa a Melindy Gatesových a plošném očkování).mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-21 00:26 - 2009-07-14 05:45 - 000029408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-03-21 00:26 - 2009-07-14 05:45 - 000029408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-03-20 22:42 - 2020-01-09 19:29 - 000000000 ____D C:\Users\David\AppData\LocalLow\Mozilla
2021-03-20 22:42 - 2020-01-09 19:29 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-20 22:41 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-03-20 22:07 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-03-20 22:01 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2021-03-20 22:00 - 2020-01-09 20:26 - 001878098 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2021-03-20 22:00 - 2009-07-14 16:18 - 000762136 _____ C:\Windows\system32\perfh005.dat
2021-03-20 22:00 - 2009-07-14 16:18 - 000184378 _____ C:\Windows\system32\perfc005.dat
2021-03-20 21:51 - 2020-01-09 18:55 - 000002679 _____ C:\Windows\diagwrn.xml
2021-03-20 21:51 - 2020-01-09 18:55 - 000001908 _____ C:\Windows\diagerr.xml
2021-03-20 20:25 - 2009-07-14 03:34 - 100139008 _____ C:\Windows\system32\config\SOFTWARE.bak
2021-03-20 20:25 - 2009-07-14 03:34 - 002359296 _____ C:\Windows\system32\config\DEFAULT.bak
2021-03-20 20:25 - 2009-07-14 03:34 - 000262144 _____ C:\Windows\system32\config\SAM.bak
2021-03-20 19:47 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2021-03-20 11:52 - 2020-01-17 18:57 - 000000000 ____D C:\Users\David\AppData\Roaming\IObit
2021-03-20 04:09 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2021-03-20 04:09 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files (x86)\Windows Sidebar
2021-03-18 19:07 - 2009-07-14 03:34 - 000000439 _____ C:\Windows\win.ini
2021-03-17 20:49 - 2020-05-27 22:37 - 000000000 ____D C:\Users\David\AppData\Local\CrashDumps
2021-03-16 22:02 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2021-03-16 21:43 - 2020-05-24 18:09 - 000000000 ____D C:\Windows\pss
2021-03-16 21:36 - 2020-05-24 18:13 - 000000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2021-03-15 21:40 - 2020-04-29 16:46 - 000000000 ____D C:\Program Files (x86)\WinRAR
2021-03-15 21:40 - 2020-02-01 14:12 - 000000000 ____D C:\Program Files\DAEMON Tools Ultra
2021-03-15 19:37 - 2020-01-17 18:58 - 000000000 ____D C:\Users\David\AppData\LocalLow\IObit
2021-03-15 19:37 - 2020-01-17 18:57 - 000000000 ____D C:\ProgramData\IObit
2021-03-15 19:37 - 2020-01-17 18:57 - 000000000 ____D C:\Program Files (x86)\IObit
2021-03-15 19:12 - 2020-01-09 18:49 - 000000000 ____D C:\Users\David
2021-03-15 18:55 - 2020-06-17 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2
2021-03-15 15:22 - 2020-01-09 19:53 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-12 23:35 - 2020-11-09 18:23 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-12 23:35 - 2020-01-22 18:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-11 20:12 - 2020-01-12 22:18 - 000000000 ____D C:\Windows\system32\MRT
2021-03-11 20:04 - 2020-01-12 22:18 - 131005360 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-03-07 19:10 - 2009-07-14 06:13 - 001816272 _____ C:\Windows\system32\PerfStringBackup.INI
2021-03-03 21:31 - 2020-05-18 14:52 - 000000000 ____D C:\Users\David\AppData\Roaming\Kodi
2021-02-21 22:38 - 2020-11-10 23:21 - 000000000 ____D C:\Users\David\AppData\Local\MobiMoverUILaunch
2021-02-21 22:37 - 2020-11-10 23:21 - 000000000 ____D C:\Users\David\AppData\Roaming\MobiMoverUILaunch
2021-02-21 22:26 - 2020-11-10 23:19 - 000000000 ____D C:\ProgramData\EMM
2021-02-21 22:24 - 2021-01-26 19:25 - 000000000 ____D C:\Users\David\AppData\Local\Deployment

==================== Files in the root of some directories ========

2021-03-15 21:48 - 2021-03-16 21:46 - 000000000 _____ () C:\Users\David\AppData\Roaming\MCVi2UserDetail.ini
2021-03-20 22:04 - 2021-03-20 22:04 - 000000093 _____ () C:\Users\David\AppData\Local\fusioncache.dat
2020-05-24 18:10 - 2020-05-24 18:10 - 000000017 _____ () C:\Users\David\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-03-13 00:19
==================== End of FRST.txt ========================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: ntb problem

#15 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    ExportKey: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
    
    HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\MountPoints2: {a0a810ce-1622-11eb-bb84-485b39405249} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3321637588-428875143-3676826485-1000\...\MountPoints2: {f6176fa3-6eec-11eb-9131-485b39405249} - F:\HiSuiteDownLoader.exe
    BootExecute: 
    Task: {0744203E-A33F-4CB1-A507-D4C585BE9FF5} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.132\DADUpdater.exe
    Task: {54331C3E-2EE5-4711-9C94-D82EA93D5983} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
    Task: {5F112118-EAEF-4B1C-BE89-FB6A776DA1BF} - System32\Tasks\{969383CA-78D7-48AC-8B00-C36A6A3B82B7} => C:\Users\David\Downloads\eset_nod32_antivirus_live_installer.exe
    S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
    2021-03-16 22:44 - 2021-03-16 22:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2021-03-16 22:22 - 2021-03-16 22:55 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět