Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

PC od kamaráda

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zamčeno
Zpráva
Autor
toox
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 274
Registrován: 28 dub 2008 18:06
Bydliště: Tromaville

PC od kamaráda

#1 Příspěvek od toox »

Sken z FRST kamarádového PC , díky za rychlé řešení

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020
Ran by Desro (administrator) on DESRO-PC (28-10-2020 14:37:13)
Running from C:\Users\Desro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRJ2U0MI
Loaded Profiles: Desro & UpdatusUser
Platform: Windows 7 Home Premium (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\MountPoints2: {f2c2177e-ce5b-11e8-9d3a-902b34906db4} - E:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-21] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5833F7EC-C6F3-4E2A-BA99-6A3FFFC6021A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {637C17C7-DF95-4E24-9AB5-CD94A4F59A3B} - System32\Tasks\Opera scheduled assistant Autoupdate 1576420791 => C:\Users\Desro\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-04-29] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Desro\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {A3DB3333-3D90-4A1F-B1FD-60B188E277AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-15] (Google Inc -> Google LLC)
Task: {CBDA60C7-4D99-46C3-950D-5159C46D768B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-15] (Google Inc -> Google LLC)
Task: {EB37238C-EB7C-441D-93EF-8E7DA1740B4A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-10-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {F1F9927F-E137-4B65-AA83-4930BF0E4F7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [23571128 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F62650BB-7B0D-4469-AFFB-922F3362117E} - System32\Tasks\Opera scheduled Autoupdate 1576420790 => C:\Users\Desro\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-04-29] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{7F553DA1-B0EA-4A71-8E31-D76D86F0C5E7}: [DhcpNameServer] 62.129.50.20 85.135.32.100

FireFox:
========
FF DefaultProfile: 1cmqp967.default
FF ProfilePath: C:\Users\Desro\AppData\Roaming\Mozilla\Firefox\Profiles\1cmqp967.default [2020-10-25]
FF Extension: (No Name) - C:\Users\Desro\AppData\Roaming\Mozilla\Firefox\Profiles\1cmqp967.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-10-24]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-07-25] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-07-25] (NVIDIA Corporation -> NVIDIA Corporation)

Chrome:
=======
CHR Profile: C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default [2020-10-28]
CHR Notifications: Default -> hxxps://eu1.badoo.com; hxxps://tinder.com; hxxps://www.bombuj.eu; hxxps://www.edarling.cz; hxxps://www.navratdoreality.cz; hxxps://www.netflix.com; hxxps://www.tipsport.cz
CHR Extension: (Prezentace) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Dokumenty) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-07]
CHR Extension: (Tabulky) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-22]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-15]
CHR Extension: (Space) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepnfgiockihbakjbhonkinpagbkaobo [2017-07-07]
CHR Extension: (Excel Online) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2020-04-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-05-07] (Malwarebytes Inc -> Malwarebytes)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28760 2019-12-15] (LAVASOFT SOFTWARE CANADA INC -> )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-05-07] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-05-08] (Malwarebytes Inc -> Malwarebytes)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-28 14:36 - 2020-10-28 14:37 - 000000000 ____D C:\FRST
2020-10-25 10:07 - 2020-10-25 10:07 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-10-24 13:43 - 2020-10-26 06:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-09 10:38 - 2020-10-09 10:39 - 000148335 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_51_051-CS41000055250250.PDF.pdf
2020-10-09 10:38 - 2020-10-09 10:38 - 000177336 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_30_030-CS41000055250231.PDF.pdf
2020-10-09 10:38 - 2020-10-09 10:38 - 000161946 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_46_046-CS41000055250242.PDF.pdf
2020-10-09 10:38 - 2020-10-09 10:38 - 000155863 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_36_036-CS41000055250235.PDF.pdf
2020-10-09 10:38 - 2020-10-09 10:38 - 000154205 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_12_012-CS41000055250199.PDF.pdf
2020-10-09 10:38 - 2020-10-09 10:38 - 000151376 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_17_017-CS41000055250210.PDF.pdf
2020-10-07 10:50 - 2020-10-07 10:50 - 000137416 _____ C:\Users\Desro\Downloads\VyplPaska_202008_141206290a93bdd6664189.pdf
2020-10-06 10:46 - 2020-10-06 10:46 - 000122158 _____ C:\Users\Desro\Downloads\SKM_C25820100515030.pdf
2020-10-06 10:46 - 2020-10-06 10:46 - 000104463 _____ C:\Users\Desro\Downloads\prilohy_404.zip
2020-10-05 12:57 - 2020-10-05 12:57 - 000147930 _____ C:\Users\Desro\Downloads\SKM_C25820100514060 (1).pdf
2020-10-05 12:44 - 2020-10-05 12:44 - 000147930 _____ C:\Users\Desro\Downloads\SKM_C25820100514060.pdf
2020-10-05 09:34 - 2020-10-05 09:34 - 000002137 _____ C:\Users\Desro\Downloads\undefined

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-28 14:33 - 2020-04-25 23:35 - 000000080 _____ C:\Users\Desro\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2020-10-28 14:32 - 2009-07-14 05:45 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-10-28 14:32 - 2009-07-14 05:45 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-10-27 19:25 - 2017-07-07 16:01 - 000000000 ____D C:\Program Files (x86)\Steam
2020-10-27 06:46 - 2009-07-14 16:18 - 000622422 _____ C:\Windows\system32\perfh005.dat
2020-10-27 06:46 - 2009-07-14 16:18 - 000118604 _____ C:\Windows\system32\perfc005.dat
2020-10-27 06:46 - 2009-07-14 06:13 - 001445734 _____ C:\Windows\system32\PerfStringBackup.INI
2020-10-27 06:46 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2020-10-27 06:41 - 2017-07-07 15:39 - 000000000 ____D C:\ProgramData\NVIDIA
2020-10-27 06:41 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-10-26 06:31 - 2017-08-25 16:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-25 12:30 - 2017-08-25 16:15 - 000000000 ____D C:\Users\Desro\AppData\LocalLow\Mozilla
2020-10-25 10:09 - 2019-04-27 17:01 - 000000000 ____D C:\ProgramData\Mozilla
2020-10-21 05:18 - 2019-08-15 19:08 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-21 05:18 - 2019-08-15 19:08 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-21 05:18 - 2019-08-15 19:08 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-18 09:47 - 2017-07-07 15:40 - 000000000 ____D C:\Users\UpdatusUser
2020-10-15 12:57 - 2019-08-15 19:06 - 000003386 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 12:57 - 2019-08-15 19:06 - 000003258 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories ========

2019-12-09 15:02 - 2019-12-19 00:02 - 000000200 _____ () C:\Users\Desro\AppData\Roaming\WB.CFG
2018-05-06 10:37 - 2018-05-06 10:37 - 000000000 _____ () C:\Users\Desro\AppData\Local\{6C4CAE5F-B12B-4E96-B8EF-4F09BDC8E66E}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-10-26 07:08
==================== End of FRST.txt ========================





Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by Desro (28-10-2020 14:38:43)
Running from C:\Users\Desro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRJ2U0MI
Windows 7 Home Premium (X64) (2017-07-07 13:49:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-346022524-4220297796-2099353401-500 - Administrator - Disabled)
Desro (S-1-5-21-346022524-4220297796-2099353401-1000 - Administrator - Enabled) => C:\Users\Desro
Guest (S-1-5-21-346022524-4220297796-2099353401-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-346022524-4220297796-2099353401-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-346022524-4220297796-2099353401-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aktualizace NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
BitTorrent Web (HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\btweb) (Version: 1.0.7 - BitTorrent, Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.66 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 81.0.2 (x64 cs)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
NVIDIA Ovladač 3D Vision 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 305.27 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 305.27 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.27 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
Opera Stable 68.0.3618.63 (HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\Opera 68.0.3618.63) (Version: 68.0.3618.63 - Opera Software)
Ovládací panel NVIDIA 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 305.27 - NVIDIA Corporation) Hidden
qBittorrent 4.2.3 (HKLM-x32\...\qBittorrent) (Version: 4.2.3 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Spotify (HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\Spotify) (Version: 1.1.31.703.g256add22 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Warcraft III verze 1.22 (HKLM-x32\...\{E5EB7710-29E1-47E3-9636-0E8CA5B0D3CA}_is1) (Version: 1.22 - tomi2k9)
Web Companion (HKLM-x32\...\{12410c88-f272-448f-8000-429c5ac96457}) (Version: 4.9.2159.4024 - Lavasoft)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2012-07-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-07-07 15:30 - 2012-03-27 09:12 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKU\S-1-5-21-346022524-4220297796-2099353401-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-346022524-4220297796-2099353401-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Desro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.129.50.20 - 85.135.32.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Opera Browser Assistant => C:\Users\Desro\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
MSCONFIG\startupreg: Spotify => C:\Users\Desro\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{757461A9-CD02-40BF-AC36-64C437F81925}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BD031A75-A9D2-4206-9BAA-1E65D0C0DE00}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A69E879D-0A9E-453A-A5EF-392A8469AEAE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1579D76C-EC3E-4821-9F59-0003346E054E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FF8C86B4-9927-415B-9047-4730BCCF075F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{D582574D-CE8B-4383-B43E-8EC16E3CC09E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{255DD5DE-7A42-4026-9327-AB9FCE8C0717}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe (Valve -> )
FirewallRules: [UDP Query User{E052B79C-D756-476B-86E5-D08575946632}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{D05C3A8B-BA45-4FDF-9923-0888A95FBA92}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe => No File
FirewallRules: [UDP Query User{857E0CB2-ED7D-4A1C-AF08-C18E97097EE0}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe => No File
FirewallRules: [{24BD400E-CD11-4887-91A5-4A039F3126CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8C37184D-3E05-49EF-918F-8E9F786C5E9B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{145F33F7-E4B7-4D2E-8BC6-4F432AEB9EA5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3CDFB475-E325-49C2-A438-18D7FAE9838B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4F0C5420-E3EA-4F46-A021-DB5937A95F39}] => (Allow) C:\Users\Desro\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{339DF616-F22F-4F91-BE36-7E90AD82078F}] => (Allow) C:\Users\Desro\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{3F0A23BA-3D76-4C2A-B3DD-6549B15D260A}] => (Allow) C:\Users\Desro\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{A14C3976-E35A-45F1-A836-F32F52858AB0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{A9B3F385-2D1D-42EC-8A5F-E1549967FDAC}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{AC299F9D-3014-47C6-A460-00F55F28B969}] => (Allow) C:\Users\Desro\AppData\Local\Programs\Opera\67.0.3575.137\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{4EA15B36-8D29-47E8-8C49-719A828F468F}C:\users\desro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\desro\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7868C814-DC88-49AE-96E8-7B48EB9ABD72}C:\users\desro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\desro\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5683C609-7F1E-4343-BD2A-A048101220E5}] => (Allow) C:\Users\Desro\AppData\Local\Programs\Opera\68.0.3618.63\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{5FE60FC9-AE19-4226-AC8E-20CA49B7758D}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{4E3F6DDB-F8C3-4561-869F-B8E669B7502C}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{0879C201-65DC-45E4-8CAA-C2A8A8274649}C:\users\desro\downloads\warcraft\war3.exe] => (Block) C:\users\desro\downloads\warcraft\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{AD2BBD1B-2D57-46A0-9F5F-04BB86088949}C:\users\desro\downloads\warcraft\war3.exe] => (Block) C:\users\desro\downloads\warcraft\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{FCD7C38C-ABD8-42CC-B9FC-77DC466E28C5}C:\program files\warcraft iii\war3.exe] => (Block) C:\program files\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{D9E5B59A-B60E-48EE-89AB-B690CDF2B14A}C:\program files\warcraft iii\war3.exe] => (Block) C:\program files\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{92A5FFE8-8C78-4ADF-9C3F-1EEC50D7B3AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

26-10-2020 07:15:40 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (10/28/2020 02:38:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/28/2020 02:37:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/28/2020 02:37:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/28/2020 02:37:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/28/2020 02:37:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/28/2020 02:37:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/28/2020 02:37:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (10/28/2020 02:37:38 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.


System errors:
=============
Error: (10/28/2020 02:36:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (10/28/2020 02:36:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/28/2020 02:36:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/28/2020 02:36:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (10/28/2020 02:36:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/28/2020 02:36:32 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (10/28/2020 02:36:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (10/28/2020 02:36:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.


CodeIntegrity:
===================================

Date: 2019-12-19 00:29:23.869
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Common Files\adaware\adaware antivirus\updater\12.6.997.11652\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F5 05/14/2012
Motherboard: Gigabyte Technology Co., Ltd. H77-DS3H
Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 38%
Total physical RAM: 8154.32 MB
Available physical RAM: 4976.32 MB
Total Virtual: 10179.28 MB
Available Virtual: 6095.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931 GB) (Free:4.77 GB) NTFS

\\?\Volume{8fe18898-c4ac-45d2-9c0c-f851911d5622}\ (Obnovení) (Fixed) (Total:0.29 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9F2C7ECE)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: PC od kamaráda

#2 Příspěvek od Rudy »

Zdravím!
Řešení čeho? Pokud PC vykazuje známky zavirování, spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

toox
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 274
Registrován: 28 dub 2008 18:06
Bydliště: Tromaville

Re: PC od kamaráda

#3 Příspěvek od toox »

řešení případné nákazy ;) přikládám LOG

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-30-2020
# Duration: 00:00:05
# OS: Windows 7 Home Premium
# Cleaned: 19
# Failed: 0


*** [ Services ] ***

Deleted WCAssistantService

*** [ Folders ] ***

Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\Desro\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_SIQ0LWF3TZGXP2KHFKLLYBK3IDTBEHNG
Deleted C:\Users\Desro\AppData\Roaming\Lavasoft\Web Companion

*** [ Files ] ***

No malicious files cleaned.

*** [ DLL ] ***

No malicious DLLs cleaned.

*** [ WMI ] ***

No malicious WMI cleaned.

*** [ Shortcuts ] ***

No malicious shortcuts cleaned.

*** [ Tasks ] ***

No malicious tasks cleaned.

*** [ Registry ] ***

Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Opera Browser Assistant
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12410c88-f272-448f-8000-429c5ac96457}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12410c88-f272-448f-8000-429c5ac96457}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12410c88-f272-448f-8000-429c5ac96457}|UninstallString
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

*** [ Chromium (and derivatives) ] ***

No malicious Chromium entries cleaned.

*** [ Chromium URLs ] ***

No malicious Chromium URLs cleaned.

*** [ Firefox (and derivatives) ] ***

No malicious Firefox entries cleaned.

*** [ Firefox URLs ] ***

No malicious Firefox URLs cleaned.

*** [ Hosts File Entries ] ***

No malicious hosts file entries cleaned.

*** [ Preinstalled Software ] ***

No Preinstalled Software cleaned.


***********************

[+] Delete Tracing Keys
[+] Reset Winsock

***********************

AdwCleaner[S00].txt - [3247 octets] - [30/10/2020 19:02:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: PC od kamaráda

#4 Příspěvek od Rudy »

Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

toox
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 274
Registrován: 28 dub 2008 18:06
Bydliště: Tromaville

Re: PC od kamaráda

#5 Příspěvek od toox »

omlouvám se za zdržení :(

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2020
Ran by Desro (administrator) on DESRO-PC (06-11-2020 23:27:46)
Running from C:\Users\Desro\Downloads
Loaded Profiles: Desro & UpdatusUser
Platform: Windows 7 Home Premium (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <21>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation -> Intel Corporation)
HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\MountPoints2: {f2c2177e-ce5b-11e8-9d3a-902b34906db4} - E:\HiSuiteDownLoader.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.183\Installer\chrmstp.exe [2020-11-03] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5833F7EC-C6F3-4E2A-BA99-6A3FFFC6021A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {637C17C7-DF95-4E24-9AB5-CD94A4F59A3B} - System32\Tasks\Opera scheduled assistant Autoupdate 1576420791 => C:\Users\Desro\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-04-29] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Desro\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {A3DB3333-3D90-4A1F-B1FD-60B188E277AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-15] (Google Inc -> Google LLC)
Task: {CBDA60C7-4D99-46C3-950D-5159C46D768B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-15] (Google Inc -> Google LLC)
Task: {EB37238C-EB7C-441D-93EF-8E7DA1740B4A} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-10-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {F1F9927F-E137-4B65-AA83-4930BF0E4F7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [23571128 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {F62650BB-7B0D-4469-AFFB-922F3362117E} - System32\Tasks\Opera scheduled Autoupdate 1576420790 => C:\Users\Desro\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-04-29] (Opera Software AS -> Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 62.129.50.20 85.135.32.100
Tcpip\..\Interfaces\{7F553DA1-B0EA-4A71-8E31-D76D86F0C5E7}: [DhcpNameServer] 62.129.50.20 85.135.32.100

FireFox:
========
FF DefaultProfile: 1cmqp967.default
FF ProfilePath: C:\Users\Desro\AppData\Roaming\Mozilla\Firefox\Profiles\1cmqp967.default [2020-10-29]
FF Extension: (No Name) - C:\Users\Desro\AppData\Roaming\Mozilla\Firefox\Profiles\1cmqp967.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-10-24]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-07-25] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-07-25] (NVIDIA Corporation -> NVIDIA Corporation)

Chrome:
=======
CHR Profile: C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default [2020-11-06]
CHR Notifications: Default -> hxxps://eu1.badoo.com; hxxps://tinder.com; hxxps://www.bombuj.eu; hxxps://www.edarling.cz; hxxps://www.navratdoreality.cz; hxxps://www.netflix.com; hxxps://www.tipsport.cz
CHR Extension: (Prezentace) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Dokumenty) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Disk Google) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (YouTube) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-07]
CHR Extension: (Tabulky) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Dokumenty Google offline) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-22]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-29]
CHR Extension: (Space) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hepnfgiockihbakjbhonkinpagbkaobo [2017-07-07]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-11-05]
CHR Extension: (Excel Online) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2020-04-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\Desro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-08]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7265328 2020-10-30] (Malwarebytes Inc -> Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-10-30] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [217600 2020-10-30] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2020-10-30] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [74936 2020-10-30] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-10-30] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [121968 2020-10-30] (Malwarebytes Inc -> Malwarebytes)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-06 23:27 - 2020-11-06 23:28 - 000010705 _____ C:\Users\Desro\Downloads\FRST.txt
2020-11-06 23:27 - 2020-11-06 23:27 - 002298368 _____ (Farbar) C:\Users\Desro\Downloads\FRST64 (2).exe
2020-11-06 23:27 - 2020-11-06 23:27 - 002298368 _____ (Farbar) C:\Users\Desro\Downloads\FRST64 (1).exe
2020-11-06 23:26 - 2020-11-06 23:26 - 002298368 _____ (Farbar) C:\Users\Desro\Downloads\FRST64.exe
2020-10-30 19:23 - 2020-10-30 19:23 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-10-30 19:23 - 2020-10-30 19:23 - 000121968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-10-30 19:23 - 2020-10-30 19:23 - 000074936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-10-30 19:01 - 2020-10-30 19:03 - 000000000 ____D C:\AdwCleaner
2020-10-30 19:01 - 2020-10-30 19:01 - 008447152 _____ (Malwarebytes) C:\Users\Desro\Downloads\adwcleaner_8.0.8.exe
2020-10-30 18:38 - 2020-10-30 18:38 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-10-30 18:37 - 2020-10-30 18:37 - 002062144 _____ (Malwarebytes) C:\Users\Desro\Downloads\MBSetup (3).exe
2020-10-28 14:36 - 2020-11-06 23:28 - 000000000 ____D C:\FRST
2020-10-25 10:07 - 2020-10-25 10:07 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-10-24 13:43 - 2020-10-26 06:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-09 10:38 - 2020-10-09 10:39 - 000148335 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_51_051-CS41000055250250.PDF.pdf
2020-10-09 10:38 - 2020-10-09 10:38 - 000177336 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_30_030-CS41000055250231.PDF.pdf
2020-10-09 10:38 - 2020-10-09 10:38 - 000161946 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_46_046-CS41000055250242.PDF.pdf
2020-10-09 10:38 - 2020-10-09 10:38 - 000155863 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_36_036-CS41000055250235.PDF.pdf
2020-10-09 10:38 - 2020-10-09 10:38 - 000154205 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_12_012-CS41000055250199.PDF.pdf
2020-10-09 10:38 - 2020-10-09 10:38 - 000151376 _____ C:\Users\Desro\Downloads\nazev dokumentu-09_10_2020_11_34_17_017-CS41000055250210.PDF.pdf
2020-10-07 10:50 - 2020-10-07 10:50 - 000137416 _____ C:\Users\Desro\Downloads\VyplPaska_202008_141206290a93bdd6664189.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-06 23:24 - 2009-07-14 05:45 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-11-06 23:24 - 2009-07-14 05:45 - 000009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-11-06 21:58 - 2009-07-14 16:18 - 000622422 _____ C:\Windows\system32\perfh005.dat
2020-11-06 21:58 - 2009-07-14 16:18 - 000118604 _____ C:\Windows\system32\perfc005.dat
2020-11-06 21:58 - 2009-07-14 06:13 - 001445734 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-06 21:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2020-11-06 21:54 - 2017-07-07 15:39 - 000000000 ____D C:\ProgramData\NVIDIA
2020-11-06 21:54 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-03 22:03 - 2019-08-15 19:08 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-03 22:03 - 2019-08-15 19:08 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-03 22:03 - 2019-08-15 19:08 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-01 07:20 - 2017-07-07 15:40 - 000000000 ____D C:\Users\UpdatusUser
2020-11-01 06:50 - 2017-07-07 16:01 - 000000000 ____D C:\Program Files (x86)\Steam
2020-10-30 19:03 - 2019-12-15 15:39 - 000000000 ____D C:\Users\Desro\AppData\Roaming\Lavasoft
2020-10-30 19:03 - 2019-12-15 15:39 - 000000000 ____D C:\Users\Desro\AppData\Local\Lavasoft
2020-10-30 19:03 - 2019-12-15 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-10-30 19:03 - 2019-12-15 15:39 - 000000000 ____D C:\ProgramData\Lavasoft
2020-10-30 19:03 - 2019-12-15 15:39 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-10-30 18:39 - 2020-05-07 18:55 - 000217600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-10-30 18:39 - 2020-04-25 22:55 - 000001920 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-10-30 18:39 - 2020-04-25 22:55 - 000001908 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-10-30 18:39 - 2020-04-25 22:55 - 000001908 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-10-30 18:38 - 2020-04-25 22:54 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-10-29 16:32 - 2017-08-25 16:15 - 000000000 ____D C:\Users\Desro\AppData\LocalLow\Mozilla
2020-10-28 14:33 - 2020-04-25 23:35 - 000000080 _____ C:\Users\Desro\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2020-10-26 06:31 - 2017-08-25 16:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-25 10:09 - 2019-04-27 17:01 - 000000000 ____D C:\ProgramData\Mozilla
2020-10-15 12:57 - 2019-08-15 19:06 - 000003386 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 12:57 - 2019-08-15 19:06 - 000003258 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories ========

2019-12-09 15:02 - 2019-12-19 00:02 - 000000200 _____ () C:\Users\Desro\AppData\Roaming\WB.CFG
2018-05-06 10:37 - 2018-05-06 10:37 - 000000000 _____ () C:\Users\Desro\AppData\Local\{6C4CAE5F-B12B-4E96-B8EF-4F09BDC8E66E}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-11-03 08:21
==================== End of FRST.txt ========================

----


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-11-2020
Ran by Desro (06-11-2020 23:28:55)
Running from C:\Users\Desro\Downloads
Windows 7 Home Premium (X64) (2017-07-07 13:49:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-346022524-4220297796-2099353401-500 - Administrator - Disabled)
Desro (S-1-5-21-346022524-4220297796-2099353401-1000 - Administrator - Enabled) => C:\Users\Desro
Guest (S-1-5-21-346022524-4220297796-2099353401-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-346022524-4220297796-2099353401-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-346022524-4220297796-2099353401-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aktualizace NVIDIA 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
BitTorrent Web (HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\btweb) (Version: 1.0.7 - BitTorrent, Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.66 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.183 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Malwarebytes version 4.2.2.95 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.2.95 - Malwarebytes)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 81.0.2 (x64 cs)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
NVIDIA Ovladač 3D Vision 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 305.27 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 305.27 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.27 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
Opera Stable 68.0.3618.63 (HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\Opera 68.0.3618.63) (Version: 68.0.3618.63 - Opera Software)
Ovládací panel NVIDIA 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 305.27 - NVIDIA Corporation) Hidden
qBittorrent 4.2.3 (HKLM-x32\...\qBittorrent) (Version: 4.2.3 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
Spotify (HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\Spotify) (Version: 1.1.31.703.g256add22 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Warcraft III verze 1.22 (HKLM-x32\...\{E5EB7710-29E1-47E3-9636-0E8CA5B0D3CA}_is1) (Version: 1.22 - tomi2k9)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2012-07-25] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2017-07-07 15:30 - 2012-03-27 09:12 - 000073728 ____R (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKU\S-1-5-21-346022524-4220297796-2099353401-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Windows -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
HKU\S-1-5-21-346022524-4220297796-2099353401-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Desro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.129.50.20 - 85.135.32.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Spotify => C:\Users\Desro\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{757461A9-CD02-40BF-AC36-64C437F81925}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BD031A75-A9D2-4206-9BAA-1E65D0C0DE00}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A69E879D-0A9E-453A-A5EF-392A8469AEAE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1579D76C-EC3E-4821-9F59-0003346E054E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{FF8C86B4-9927-415B-9047-4730BCCF075F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{D582574D-CE8B-4383-B43E-8EC16E3CC09E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{255DD5DE-7A42-4026-9327-AB9FCE8C0717}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe (Valve -> )
FirewallRules: [UDP Query User{E052B79C-D756-476B-86E5-D08575946632}C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{D05C3A8B-BA45-4FDF-9923-0888A95FBA92}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe => No File
FirewallRules: [UDP Query User{857E0CB2-ED7D-4A1C-AF08-C18E97097EE0}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe => No File
FirewallRules: [{24BD400E-CD11-4887-91A5-4A039F3126CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8C37184D-3E05-49EF-918F-8E9F786C5E9B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{145F33F7-E4B7-4D2E-8BC6-4F432AEB9EA5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3CDFB475-E325-49C2-A438-18D7FAE9838B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4F0C5420-E3EA-4F46-A021-DB5937A95F39}] => (Allow) C:\Users\Desro\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{339DF616-F22F-4F91-BE36-7E90AD82078F}] => (Allow) C:\Users\Desro\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{3F0A23BA-3D76-4C2A-B3DD-6549B15D260A}] => (Allow) C:\Users\Desro\AppData\Roaming\BitTorrent Web\btweb.exe (Jenkins Win Client Build SPC -> BitTorrent Inc.) [File not signed]
FirewallRules: [{A14C3976-E35A-45F1-A836-F32F52858AB0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{A9B3F385-2D1D-42EC-8A5F-E1549967FDAC}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{AC299F9D-3014-47C6-A460-00F55F28B969}] => (Allow) C:\Users\Desro\AppData\Local\Programs\Opera\67.0.3575.137\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{4EA15B36-8D29-47E8-8C49-719A828F468F}C:\users\desro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\desro\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{7868C814-DC88-49AE-96E8-7B48EB9ABD72}C:\users\desro\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\desro\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5683C609-7F1E-4343-BD2A-A048101220E5}] => (Allow) C:\Users\Desro\AppData\Local\Programs\Opera\68.0.3618.63\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{5FE60FC9-AE19-4226-AC8E-20CA49B7758D}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{4E3F6DDB-F8C3-4561-869F-B8E669B7502C}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) C:\program files (x86)\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{0879C201-65DC-45E4-8CAA-C2A8A8274649}C:\users\desro\downloads\warcraft\war3.exe] => (Block) C:\users\desro\downloads\warcraft\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{AD2BBD1B-2D57-46A0-9F5F-04BB86088949}C:\users\desro\downloads\warcraft\war3.exe] => (Block) C:\users\desro\downloads\warcraft\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [TCP Query User{FCD7C38C-ABD8-42CC-B9FC-77DC466E28C5}C:\program files\warcraft iii\war3.exe] => (Block) C:\program files\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [UDP Query User{D9E5B59A-B60E-48EE-89AB-B690CDF2B14A}C:\program files\warcraft iii\war3.exe] => (Block) C:\program files\warcraft iii\war3.exe (Blizzard Entertainment) [File not signed]
FirewallRules: [{CCB900BC-0253-44D8-AF48-77D4C4175AF0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

01-11-2020 15:39:21 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptér tunelového režimu Microsoft Teredo
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (11/06/2020 11:26:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/06/2020 11:26:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/06/2020 11:26:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/06/2020 11:26:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/06/2020 11:26:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/06/2020 11:26:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/06/2020 11:26:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/06/2020 11:26:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.


System errors:
=============
Error: (11/01/2020 01:53:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (13:51:49, ‎1.‎11.‎2020) bylo neočekávané.

Error: (11/01/2020 07:18:27 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (7:17:22, ‎1.‎11.‎2020) bylo neočekávané.

Error: (11/01/2020 02:09:48 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Stínové kopie svazku C: byly přerušeny, protože z důvodu limitu stanoveného uživatelem se nepodařilo zvětšit úložiště stínové kopie.

Error: (11/01/2020 01:51:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/01/2020 01:51:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Netman bylo dosaženo časového limitu (30000 ms).

Error: (11/01/2020 01:50:33 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Netman bylo dosaženo časového limitu (30000 ms).

Error: (11/01/2020 01:49:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby Netman bylo dosaženo časového limitu (30000 ms).

Error: (10/30/2020 07:03:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.


CodeIntegrity:
===================================

Date: 2019-12-19 00:29:23.869
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Common Files\adaware\adaware antivirus\updater\12.6.997.11652\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F5 05/14/2012
Motherboard: Gigabyte Technology Co., Ltd. H77-DS3H
Processor: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 65%
Total physical RAM: 8154.32 MB
Available physical RAM: 2817.79 MB
Total Virtual: 15760.01 MB
Available Virtual: 9644.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931 GB) (Free:8.81 GB) NTFS

\\?\Volume{8fe18898-c4ac-45d2-9c0c-f851911d5622}\ (Obnovení) (Fixed) (Total:0.29 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 9F2C7ECE)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: PC od kamaráda

#6 Příspěvek od Rudy »

OK, nic se neděje. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\MountPoints2: {f2c2177e-ce5b-11e8-9d3a-902b34906db4} - E:\HiSuiteDownLoader.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {A3DB3333-3D90-4A1F-B1FD-60B188E277AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-15] (Google Inc -> Google LLC)
Task: {CBDA60C7-4D99-46C3-950D-5159C46D768B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-15] (Google Inc -> Google LLC)
C:\Users\Desro\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Desro\AppData\Local\{6C4CAE5F-B12B-4E96-B8EF-4F09BDC8E66E}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [TCP Query User{D05C3A8B-BA45-4FDF-9923-0888A95FBA92}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe => No File
FirewallRules: [UDP Query User{857E0CB2-ED7D-4A1C-AF08-C18E97097EE0}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe => No File

EmptyTemp:
End
Uložte do C:\Users\Desro\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

toox
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 274
Registrován: 28 dub 2008 18:06
Bydliště: Tromaville

Re: PC od kamaráda

#7 Příspěvek od toox »

Tady to je ;)

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-11-2020
Ran by Desro (07-11-2020 11:27:20) Run:1
Running from C:\Users\Desro\Downloads
Loaded Profiles: Desro & UpdatusUser
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-346022524-4220297796-2099353401-1000\...\MountPoints2: {f2c2177e-ce5b-11e8-9d3a-902b34906db4} - E:\HiSuiteDownLoader.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {A3DB3333-3D90-4A1F-B1FD-60B188E277AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-15] (Google Inc -> Google LLC)
Task: {CBDA60C7-4D99-46C3-950D-5159C46D768B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-08-15] (Google Inc -> Google LLC)
C:\Users\Desro\AppData\Local???????????????????
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Desro\AppData\Local\{6C4CAE5F-B12B-4E96-B8EF-4F09BDC8E66E}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [TCP Query User{D05C3A8B-BA45-4FDF-9923-0888A95FBA92}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe => No File
FirewallRules: [UDP Query User{857E0CB2-ED7D-4A1C-AF08-C18E97097EE0}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-346022524-4220297796-2099353401-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2c2177e-ce5b-11e8-9d3a-902b34906db4} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3DB3333-3D90-4A1F-B1FD-60B188E277AE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3DB3333-3D90-4A1F-B1FD-60B188E277AE}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CBDA60C7-4D99-46C3-950D-5159C46D768B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBDA60C7-4D99-46C3-950D-5159C46D768B}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"C:\Users\Desro\AppData\Local???????????????????" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\Users\Desro\AppData\Local\{6C4CAE5F-B12B-4E96-B8EF-4F09BDC8E66E} => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D05C3A8B-BA45-4FDF-9923-0888A95FBA92}D:\easysetupassistant\easysetupassistant.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{857E0CB2-ED7D-4A1C-AF08-C18E97097EE0}D:\easysetupassistant\easysetupassistant.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14233859 B
Java, Flash, Steam htmlcache => 108007482 B
Windows/system/drivers => 955523 B
Edge => 0 B
Chrome => 296607171 B
Firefox => 395264253 B
Opera => 12343857 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83565 B
systemprofile32 => 149793 B
LocalService => 216501 B
NetworkService => 342449 B
Desro => 91916179 B
UpdatusUser => 91916179 B

RecycleBin => 45605237205 B
EmptyTemp: => 43.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:27:46 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: PC od kamaráda

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

toox
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 274
Registrován: 28 dub 2008 18:06
Bydliště: Tromaville

Re: PC od kamaráda

#9 Příspěvek od toox »

Všechno OK, děkuji mnohokrát :all_coholic:

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118197
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: PC od kamaráda

#10 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno