Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Spomalenie, kontrola logu, prosím.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Spomalenie, kontrola logu, prosím.
Prosím o pomoc.
Okrem celkového spomalenia sa občas objaví malé okno(á) BEZ hlavičky a oznámenia dole na lište:
a veľmi často mrzne software touchpadu - čiže celkové ovládanie touchpadom (je to vidieť aj na anim. ikonke v oblasti oznámení).
Prečistené AdwCleanerom, potom FRST.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Pedro (administrator) on LENPEDRO (12-01-2018 13:31:21)
Running from C:\Users\Pedro\Desktop
Loaded Profiles: Pedro (Available Profiles: Pedro)
Platform: Windows 8.1 (Update) (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Spoločnosť Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Spoločnosť Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(Firebird Project) C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.METREL\MSSQL\Binn\sqlservr.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(IntelliBreeze Software AB) C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe
(Thomas Ascher) C:\Program Files (x86)\ATnotes\ATnotes.exe
(GeB Development) C:\Program Files (x86)\aWARemote Server\aWARemote Server.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-09-26] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-09-26] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [5158144 2017-02-14] (Realtek semiconductor)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe [329632 2009-01-21] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2017-12-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [GmailNotifierPro] => C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe [2882400 2017-05-18] (IntelliBreeze Software AB)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [ATnotes.exe] => C:\Program Files (x86)\ATnotes\ATnotes.exe [1015808 2005-01-05] (Thomas Ascher)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\Pedro\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2016-11-02] (Epic Privacy Browser)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-03] (Skype Technologies S.A.)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [aWARemote 3.0] => C:\Program Files (x86)\aWARemote Server\aWARemote Server.exe [1733120 2014-11-02] (GeB Development)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2017-06-14]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk [2017-09-02]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{77CB70A9-B7E7-4F09-AAF3-0C44EF06DD83}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.sk/
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> DefaultScope {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2017-12-31] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2017-12-31] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-15] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-15] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> is enabled.
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: esgz87fp.default
FF ProfilePath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default [2018-01-10]
FF Homepage: Mozilla\Firefox\Profiles\esgz87fp.default -> google.sk
FF Session Restore: Mozilla\Firefox\Profiles\esgz87fp.default -> is enabled.
FF Extension: (Flash Video Downloader) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\artur.dubovoy@gmail.com.xpi [2017-11-22]
FF Extension: (MEGA) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\firefox@mega.co.nz.xpi [2017-12-22]
FF Extension: (Magic Actions for YouTube™) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2017-01-09]
FF Extension: (Slovak (SK) Language Pack) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\langpack-sk@firefox.mozilla.org.xpi [2017-11-23] [Legacy]
FF Extension: (Slovníky slovenského pravopisu) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\sk@dictionaries.addons.mozilla.org [2017-01-16] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-22]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-10-13]
FF Extension: (JavaScript Debugger) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-05-02] [Legacy]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2017-12-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2017-12-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @google.com/zxwebplugin -> C:\windows\system32\npzxwebplugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-11-20] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2013-03-04] ()
FF Plugin HKU\S-1-5-21-2121847970-1608828601-3914908799-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Pedro\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-11-02] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-2121847970-1608828601-3914908799-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Pedro\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-11-02] (Epic Privacy Browser)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://user:password@192.168.1.1/cgi-bin/online3.cgi?ifno=3
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default [2018-01-12]
CHR Extension: (QR kód) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2015-04-08]
CHR Extension: (Prezentácie) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2018-01-10]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-04-08]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2017-07-26]
CHR Extension: (Angry Birds) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-04-08]
CHR Extension: (Magio GO) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\anoiechkjklgabdfompidjolhpfdpjdd [2017-05-09]
CHR Extension: (Dokumenty) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Disk Google) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Browser To Phone) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmhcfmipjjciolmfonkjnhpbnfniahh [2015-04-08]
CHR Extension: (YouTube) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (uBlock) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-10-22]
CHR Extension: (Tabuľky) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Marlies Dekkers) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepnljgdbelppefncogilfbjikmnbhjm [2015-04-08]
CHR Extension: (Web Components) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\filcobblndaenakhejinpjdblekilpgn [2016-03-02]
CHR Extension: (Vzdialená plocha Chrome) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-11-08]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (The Great Suspender) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-06-13]
CHR Extension: (Google Play) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-04-08]
CHR Extension: (Save as PDF) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2017-11-12]
CHR Extension: (Push2Droid) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgneokpcgdgkphbfhcjgindnaembamlf [2017-09-13]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-04-08]
CHR Extension: (Plants vs Zombies) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-04-08]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-07-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Psykopaint) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-04-08]
CHR Extension: (Gmail) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
CHR Extension: (FullRip.net YT Mp3 Downloader) - C:\Program Files (x86)\Google\Chrome\Application\addon [2016-11-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128944 2017-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1526832 2017-12-15] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [444600 2017-12-21] (Avira Operations GmbH & Co. KG)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Spoločnosť Google Inc.)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [98304 2009-03-10] (SEIKO EPSON CORPORATION) [File not signed]
R2 FirebirdServerKROS_20400; C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [3764224 2011-10-11] (Firebird Project) [File not signed]
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
R2 hasplms; C:\windows\system32\hasplms.exe [4683144 2014-07-17] (SafeNet Inc.)
R2 ibtsiva; C:\windows\system32\ibtsiva.exe [184064 2017-04-15] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-26] (Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-09-26] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSSQL$METREL; C:\Program Files\Microsoft SQL Server\MSSQL11.METREL\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-25] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-25] (PointGrab LTD)
S3 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-09-26] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-09-26] (Lenovo)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI) [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
S4 SQLAgent$METREL; C:\Program Files\Microsoft SQL Server\MSSQL11.METREL\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-09-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-09-26] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [60920 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [178840 2017-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169376 2017-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\windows\System32\Drivers\avusbflt.sys [38048 2017-06-14] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [24056 2016-01-14] ()
R0 EPMVolFlt; C:\windows\System32\drivers\EPMVolFlt.sys [20936 2017-11-23] (Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
S3 FTDIBUS; C:\windows\system32\drivers\ftdibus.sys [129448 2017-09-19] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\windows\system32\drivers\ftser2k.sys [89800 2017-08-24] (Future Technology Devices International Ltd.)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331608 2014-07-17] (SafeNet Inc.)
S3 HPEWSFXBULK; C:\windows\system32\drivers\hpfx64bulk.sys [29200 2017-03-06] (Hewlett Packard)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-11] (REALiX(tm))
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [229632 2017-04-15] (Intel Corporation)
S3 IT9135BDA; C:\windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE )
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-12] (Malwarebytes)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\Netwbw02.sys [3517200 2017-02-14] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 NPF; C:\Program Files\iVMS-4200 Station\iVMS-4200\iVMS-4200 Client\npf64.sys [36600 2016-08-17] (Riverbed Technology, Inc.)
S4 RsFx0201; C:\windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [237968 2013-11-18] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39056 2013-11-18] (REALTEK SEMICONDUCTOR Corp.)
R3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [418784 2017-02-14] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [3127552 2017-02-14] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2017-03-12] (Synaptics Incorporated)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-12-31] (Basil Projects)
R3 WinDriver6; C:\windows\system32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-12 13:31 - 2018-01-12 13:36 - 000034760 _____ C:\Users\Pedro\Desktop\FRST.txt
2018-01-12 09:27 - 2018-01-12 09:28 - 000043307 _____ C:\Users\Pedro\Desktop\Addition.txt
2018-01-12 09:06 - 2018-01-12 09:06 - 000112640 _____ (forum.viry.cz) C:\Users\Pedro\Desktop\FRSTLauncher.exe
2018-01-12 09:01 - 2018-01-12 09:01 - 002393088 _____ (Farbar) C:\Users\Pedro\Desktop\FRST64.exe
2018-01-11 18:29 - 2018-01-11 18:29 - 000000354 _____ C:\Users\Pedro\Desktop\materiál fara dec2017
2018-01-10 22:39 - 2018-01-12 13:12 - 000253880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-01-10 18:33 - 2018-01-12 08:40 - 000000000 ____D C:\AdwCleaner
2018-01-10 17:47 - 2018-01-10 17:47 - 008198432 _____ (Malwarebytes) C:\Users\Pedro\Desktop\AdwCleaner.exe
2018-01-06 12:34 - 2018-01-06 12:50 - 000000458 _____ C:\Users\Pedro\Desktop\Sescom januar 2018.txt
2018-01-01 19:26 - 2018-01-01 19:26 - 000001365 _____ C:\Users\Public\Desktop\EaseUS Partition Master 12.8.lnk
2018-01-01 19:26 - 2018-01-01 19:26 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-01-01 19:26 - 2018-01-01 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.8
2018-01-01 19:25 - 2018-01-01 19:25 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-01-01 19:25 - 2017-12-06 12:47 - 004094608 _____ C:\windows\system32\BootMan.exe
2018-01-01 19:25 - 2017-12-06 12:47 - 003076240 _____ C:\windows\SysWOW64\BootMan.exe
2018-01-01 19:25 - 2017-12-01 16:32 - 000131728 _____ C:\windows\system32\setupempdrvx64.exe
2018-01-01 19:25 - 2017-11-23 11:47 - 000020936 _____ (Windows (R) Codename Longhorn DDK provider) C:\windows\system32\EPMVolFlt.sys
2018-01-01 19:25 - 2017-11-23 11:47 - 000020936 _____ (Windows (R) Codename Longhorn DDK provider) C:\windows\system32\Drivers\EPMVolFlt.sys
2018-01-01 19:25 - 2016-07-11 10:01 - 000010848 _____ C:\windows\system32\EuGdiDrv.sys
2018-01-01 19:25 - 2016-01-14 10:05 - 000024056 _____ C:\windows\system32\epmntdrv.sys
2018-01-01 19:25 - 2014-11-18 14:46 - 000021088 _____ C:\windows\SysWOW64\EuEpmGdi.dll
2018-01-01 19:25 - 2014-11-18 14:46 - 000017504 _____ C:\windows\system32\EuEpmGdi.dll
2017-12-31 22:55 - 2017-12-31 22:56 - 000001398 _____ C:\Users\Pedro\Desktop\rufus-2.12.lnk
2017-12-31 11:00 - 2017-12-31 11:00 - 000000000 ____D C:\windows\SysWOW64\rufus_files
2017-12-31 10:41 - 2017-12-31 10:40 - 000111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-12-31 10:29 - 2017-12-31 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-12-30 17:13 - 2017-12-30 17:14 - 000000000 ___HD C:\$SysReset
2017-12-29 20:02 - 2017-12-29 18:12 - 000014060 ____N C:\Users\Pedro\Desktop\aa_skin_values.night.lua
2017-12-29 19:58 - 2017-12-29 18:12 - 000013970 ____N C:\Users\Pedro\Desktop\aa_skin_values.day.lua
2017-12-23 18:13 - 2017-12-23 18:13 - 000000000 ____D C:\windows\LastGood.Tmp
2017-12-23 18:03 - 2017-12-23 18:03 - 000000000 ____D C:\Users\Pedro\AppData\Local\Metrel_d.d
2017-12-23 17:56 - 2017-12-23 17:57 - 000000000 ____D C:\Program Files (x86)\Metrel
2017-12-23 17:56 - 2017-12-23 17:56 - 000001952 _____ C:\Users\Public\Desktop\Metrel PATLink PRO.lnk
2017-12-23 17:56 - 2017-12-23 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metrel
2017-12-23 17:43 - 2012-02-11 19:02 - 000045656 _____ (Microsoft Corporation) C:\windows\SysWOW64\perf-MSSQL11.METREL-sqlagtctr.dll
2017-12-23 17:43 - 2012-02-11 17:44 - 000054360 _____ (Microsoft Corporation) C:\windows\system32\perf-MSSQL11.METREL-sqlagtctr.dll
2017-12-23 17:42 - 2012-02-11 19:03 - 000082520 _____ (Microsoft Corporation) C:\windows\SysWOW64\perf-MSSQL$METREL-sqlctr11.1.3000.0.dll
2017-12-23 17:42 - 2012-02-11 17:46 - 000180312 _____ (Microsoft Corporation) C:\windows\system32\hadrres.dll
2017-12-23 17:42 - 2012-02-11 17:46 - 000082520 _____ (Microsoft Corporation) C:\windows\system32\fssres.dll
2017-12-23 17:42 - 2012-02-11 17:44 - 000095832 _____ (Microsoft Corporation) C:\windows\system32\perf-MSSQL$METREL-sqlctr11.1.3000.0.dll
2017-12-23 17:39 - 2017-12-23 17:39 - 000000000 ____D C:\windows\system32\RsFx
2017-12-23 17:38 - 2017-12-23 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2017-12-23 17:37 - 2017-12-23 17:37 - 000000000 ____D C:\windows\system32\1033
2017-12-23 17:28 - 2017-12-23 17:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2017-12-19 09:24 - 2017-12-19 09:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-19 09:24 - 2017-11-29 09:11 - 000077432 _____ C:\windows\system32\Drivers\mbae64.sys
2017-12-19 09:22 - 2017-12-19 09:22 - 000000000 ____D C:\ProgramData\MB3CoreBackup
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-12 13:35 - 2014-12-31 15:04 - 000000000 ___RD C:\gd
2018-01-12 13:32 - 2017-01-09 21:46 - 000000000 ____D C:\Users\Pedro\AppData\LocalLow\Mozilla
2018-01-12 13:30 - 2015-01-24 14:13 - 000024800 _____ C:\Users\Pedro\AppData\Roaming\Notepad2.ini
2018-01-12 13:30 - 2015-01-02 09:50 - 000000000 ____D C:\Users\Pedro\AppData\Local\GmailNotifierPro
2018-01-12 13:11 - 2013-08-22 15:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-01-12 13:10 - 2014-09-26 21:37 - 000006656 _____ C:\windows\system32\VfService.trf
2018-01-12 12:48 - 2015-01-02 09:50 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\GmailNotifierPro
2018-01-12 11:55 - 2017-04-18 21:40 - 000000416 _____ C:\windows\Tasks\update-sys.job
2018-01-12 09:38 - 2017-04-18 20:46 - 000000406 _____ C:\windows\Tasks\update-S-1-5-21-2121847970-1608828601-3914908799-1001.job
2018-01-12 09:24 - 2016-06-17 14:34 - 000000000 ____D C:\FRST
2018-01-12 09:08 - 2015-01-02 17:57 - 000000000 ____D C:\=DOWNLOADS=
2018-01-12 08:58 - 2014-03-18 10:53 - 000987220 _____ C:\windows\system32\PerfStringBackup.INI
2018-01-12 08:58 - 2013-08-22 14:36 - 000000000 ____D C:\windows\Inf
2018-01-11 00:09 - 2017-03-03 19:35 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\aWARemote Server
2018-01-10 23:21 - 2015-01-07 23:51 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\MPC-HC
2018-01-10 22:19 - 2015-01-02 17:53 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\uTorrent
2018-01-10 22:16 - 2017-08-13 17:46 - 000000000 ____D C:\ProgramData\firebird
2018-01-10 17:14 - 2017-05-31 16:03 - 000004992 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Lenpedro-Pedro Lenpedro
2018-01-10 16:46 - 2014-12-30 22:24 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2121847970-1608828601-3914908799-1001
2018-01-10 11:08 - 2016-12-18 13:11 - 000000000 ____D C:\Users\Pedro\AppData\LocalLow\uTorrent
2018-01-09 20:47 - 2015-03-22 14:18 - 000004288 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 20:47 - 2013-08-22 16:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-01-09 20:47 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\Macromed
2018-01-08 23:13 - 2014-09-26 20:53 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-08 23:08 - 2013-08-22 14:25 - 000524288 ___SH C:\windows\system32\config\BBI
2018-01-08 16:15 - 2017-11-19 20:18 - 000003872 _____ C:\windows\System32\Tasks\CCleaner Update
2018-01-08 16:15 - 2017-02-07 20:54 - 000000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-08 12:22 - 2014-12-31 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-01-06 11:30 - 2015-04-06 00:28 - 000002238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-04 23:54 - 2015-01-26 12:59 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\Mp3tag
2018-01-03 18:00 - 2017-03-14 22:18 - 000000290 __RSH C:\ProgramData\ntuser.pol
2018-01-03 00:23 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\NDF
2018-01-01 18:52 - 2014-12-31 19:33 - 000000000 ____D C:\+SHARE+
2018-01-01 17:54 - 2015-03-08 17:46 - 000000132 _____ C:\Users\Pedro\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2017-12-31 10:57 - 2013-08-22 16:36 - 000000000 ___HD C:\windows\system32\GroupPolicy
2017-12-31 10:57 - 2013-08-22 16:36 - 000000000 ____D C:\windows\SysWOW64\GroupPolicy
2017-12-31 10:32 - 2014-12-30 22:18 - 000000000 ____D C:\Users\Pedro\AppData\Local\Packages
2017-12-31 10:28 - 2015-01-24 18:50 - 000000000 ____D C:\Program Files\Java
2017-12-23 17:41 - 2014-12-31 22:29 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-12-23 17:40 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-23 17:38 - 2014-12-31 22:29 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-12-23 17:37 - 2015-01-08 18:52 - 000000000 ____D C:\windows\SysWOW64\1033
2017-12-22 17:51 - 2015-08-19 19:33 - 000000000 ____D C:\Users\Pedro\Documents\Fax
2017-12-22 17:51 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\FxsTmp
2017-12-15 08:14 - 2015-01-08 19:09 - 000000000 ____D C:\Users\Pedro\AppData\Local\ElevatedDiagnostics
2017-12-15 00:15 - 2014-12-31 00:26 - 000178840 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2017-12-15 00:15 - 2014-12-31 00:26 - 000169376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2017-12-14 10:49 - 2017-12-12 20:22 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\Foxit Scanner Images
==================== Files in the root of some directories =======
2015-01-21 16:05 - 2000-06-08 14:46 - 000003638 _____ () C:\Program Files (x86)\Common Files\Config.ico
2015-01-21 16:05 - 2008-07-25 11:17 - 000558080 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCP80.dll
2015-01-21 16:05 - 2008-07-25 11:17 - 000635904 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCR80.dll
2015-02-12 18:16 - 2015-04-21 12:03 - 000000132 _____ () C:\Users\Pedro\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2015-03-08 17:46 - 2018-01-01 17:54 - 000000132 _____ () C:\Users\Pedro\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2015-01-24 14:13 - 2018-01-12 13:30 - 000024800 _____ () C:\Users\Pedro\AppData\Roaming\Notepad2.ini
2017-08-07 23:12 - 2017-11-17 21:02 - 000003584 _____ () C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-18 20:02 - 2017-11-18 20:02 - 000000218 _____ () C:\Users\Pedro\AppData\Local\recently-used.xbel
2015-01-02 12:47 - 2015-01-02 12:47 - 000000017 _____ () C:\Users\Pedro\AppData\Local\resmon.resmoncfg
2016-05-19 08:08 - 2016-05-19 08:08 - 000000003 _____ () C:\Users\Pedro\AppData\Local\updater.log
2016-05-19 08:08 - 2017-05-08 08:26 - 000000425 _____ () C:\Users\Pedro\AppData\Local\UserProducts.xml
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-07 12:43
==================== End of FRST.txt ============================
Okrem celkového spomalenia sa občas objaví malé okno(á) BEZ hlavičky a oznámenia dole na lište:
a veľmi často mrzne software touchpadu - čiže celkové ovládanie touchpadom (je to vidieť aj na anim. ikonke v oblasti oznámení).
Prečistené AdwCleanerom, potom FRST.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by Pedro (administrator) on LENPEDRO (12-01-2018 13:31:21)
Running from C:\Users\Pedro\Desktop
Loaded Profiles: Pedro (Available Profiles: Pedro)
Platform: Windows 8.1 (Update) (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Spoločnosť Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Spoločnosť Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe
(Firebird Project) C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.METREL\MSSQL\Binn\sqlservr.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\WebcamSplitterServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Lenovo) C:\ProgramData\LenovoTransition\Server\x64\ymc.exe
() C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(IntelliBreeze Software AB) C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe
(Thomas Ascher) C:\Program Files (x86)\ATnotes\ATnotes.exe
(GeB Development) C:\Program Files (x86)\aWARemote Server\aWARemote Server.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [Yoga PhoneCompanion] => C:\Program Files\Lenovo Yoga PhoneCompanion\Yoga Phone Companion.exe [844304 2014-09-26] (Lenovo)
HKLM\...\Run: [AutoStartTransition] => C:\Program Files (x86)\Lenovo\Lenovo Transition\Transition.exe [294672 2014-09-26] ()
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [5158144 2017-02-14] (Realtek semiconductor)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe [329632 2009-01-21] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2017-12-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [41061856 2017-11-20] ()
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [GmailNotifierPro] => C:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe [2882400 2017-05-18] (IntelliBreeze Software AB)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [ATnotes.exe] => C:\Program Files (x86)\ATnotes\ATnotes.exe [1015808 2005-01-05] (Thomas Ascher)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [Epic Privacy Browser Installer] => C:\Users\Pedro\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe [509096 2016-11-02] (Epic Privacy Browser)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-03] (Skype Technologies S.A.)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [aWARemote 3.0] => C:\Program Files (x86)\aWARemote Server\aWARemote Server.exe [1733120 2014-11-02] (GeB Development)
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2017-06-14]
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk [2017-09-02]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{77CB70A9-B7E7-4F09-AAF3-0C44EF06DD83}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.sk/
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> DefaultScope {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-11-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2017-12-31] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2017-12-31] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-15] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-11-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-15] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> is enabled.
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: esgz87fp.default
FF ProfilePath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default [2018-01-10]
FF Homepage: Mozilla\Firefox\Profiles\esgz87fp.default -> google.sk
FF Session Restore: Mozilla\Firefox\Profiles\esgz87fp.default -> is enabled.
FF Extension: (Flash Video Downloader) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\artur.dubovoy@gmail.com.xpi [2017-11-22]
FF Extension: (MEGA) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\firefox@mega.co.nz.xpi [2017-12-22]
FF Extension: (Magic Actions for YouTube™) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2017-01-09]
FF Extension: (Slovak (SK) Language Pack) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\langpack-sk@firefox.mozilla.org.xpi [2017-11-23] [Legacy]
FF Extension: (Slovníky slovenského pravopisu) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\sk@dictionaries.addons.mozilla.org [2017-01-16] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-22]
FF Extension: (Simple YouTube MP3 Button) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi [2017-10-13]
FF Extension: (JavaScript Debugger) - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-05-02] [Legacy]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2017-12-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2017-12-31] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-09] ()
FF Plugin-x32: @google.com/zxwebplugin -> C:\windows\system32\npzxwebplugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-11-20] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2013-03-04] ()
FF Plugin HKU\S-1-5-21-2121847970-1608828601-3914908799-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=3 -> C:\Users\Pedro\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-11-02] (Epic Privacy Browser)
FF Plugin HKU\S-1-5-21-2121847970-1608828601-3914908799-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Pedro\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2016-11-02] (Epic Privacy Browser)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://user:password@192.168.1.1/cgi-bin/online3.cgi?ifno=3
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default [2018-01-12]
CHR Extension: (QR kód) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaephdgbinagkeepamlbkhkfbiaedabm [2015-04-08]
CHR Extension: (Prezentácie) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-24]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2018-01-10]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-04-08]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2017-07-26]
CHR Extension: (Angry Birds) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-04-08]
CHR Extension: (Magio GO) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\anoiechkjklgabdfompidjolhpfdpjdd [2017-05-09]
CHR Extension: (Dokumenty) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-24]
CHR Extension: (Disk Google) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Browser To Phone) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgmhcfmipjjciolmfonkjnhpbnfniahh [2015-04-08]
CHR Extension: (YouTube) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (uBlock) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-10-22]
CHR Extension: (Tabuľky) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-24]
CHR Extension: (Marlies Dekkers) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepnljgdbelppefncogilfbjikmnbhjm [2015-04-08]
CHR Extension: (Web Components) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\filcobblndaenakhejinpjdblekilpgn [2016-03-02]
CHR Extension: (Vzdialená plocha Chrome) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-11-08]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (The Great Suspender) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-06-13]
CHR Extension: (Google Play) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-04-08]
CHR Extension: (Save as PDF) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2017-11-12]
CHR Extension: (Push2Droid) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgneokpcgdgkphbfhcjgindnaembamlf [2017-09-13]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2015-04-08]
CHR Extension: (Plants vs Zombies) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-04-08]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-07-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Psykopaint) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2015-04-08]
CHR Extension: (Gmail) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-13]
CHR Extension: (FullRip.net YT Mp3 Downloader) - C:\Program Files (x86)\Google\Chrome\Application\addon [2016-11-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1128944 2017-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [492560 2018-01-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1526832 2017-12-15] (Avira Operations GmbH & Co. KG)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [444600 2017-12-21] (Avira Operations GmbH & Co. KG)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe [71512 2017-11-02] (Spoločnosť Google Inc.)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [98304 2009-03-10] (SEIKO EPSON CORPORATION) [File not signed]
R2 FirebirdServerKROS_20400; C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [3764224 2011-10-11] (Firebird Project) [File not signed]
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
R2 hasplms; C:\windows\system32\hasplms.exe [4683144 2014-07-17] (SafeNet Inc.)
R2 ibtsiva; C:\windows\system32\ibtsiva.exe [184064 2017-04-15] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\windows\system32\igfxCUIService.exe [282072 2014-03-10] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-26] (Lenovo(beijing) Limited)
R2 LsvUIService; C:\Program Files (x86)\Lenovo\Lenovo Smart Voice\LsvUIService.exe [70416 2014-09-26] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 MSSQL$METREL; C:\Program Files\Microsoft SQL Server\MSSQL11.METREL\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [167176 2014-02-25] (PointGrab LTD)
R2 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [512776 2014-02-25] (PointGrab LTD)
S3 PhoneCompanionPusher; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionPusher.exe [285712 2014-09-26] (Lenovo)
S3 PhoneCompanionVap; C:\Program Files\Lenovo Yoga PhoneCompanion\PhoneCompanionVap.exe [304144 2014-09-26] (Lenovo)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI) [File not signed]
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
S4 SQLAgent$METREL; C:\Program Files\Microsoft SQL Server\MSSQL11.METREL\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-09-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ymc; C:\ProgramData\LenovoTransition\Server\x64\ymc.exe [33040 2014-09-26] (Lenovo)
R2 YogaPicks.AppService; C:\Program Files (x86)\Lenovo\Yoga Picks\Service\x64\YogaPicks.AppService.exe [19440 2014-01-06] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avdevprot; C:\windows\System32\DRIVERS\avdevprot.sys [60920 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [178840 2017-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\system32\DRIVERS\avipbb.sys [169376 2017-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [44488 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\system32\DRIVERS\avnetflt.sys [88488 2017-03-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\windows\System32\Drivers\avusbflt.sys [38048 2017-06-14] (Avira Operations GmbH & Co. KG)
S3 AX88772; C:\windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 dg_ssudbus; C:\windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [24056 2016-01-14] ()
R0 EPMVolFlt; C:\windows\System32\drivers\EPMVolFlt.sys [20936 2017-11-23] (Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [10848 2016-07-11] () [File not signed]
S3 FTDIBUS; C:\windows\system32\drivers\ftdibus.sys [129448 2017-09-19] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\windows\system32\drivers\ftser2k.sys [89800 2017-08-24] (Future Technology Devices International Ltd.)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331608 2014-07-17] (SafeNet Inc.)
S3 HPEWSFXBULK; C:\windows\system32\drivers\hpfx64bulk.sys [29200 2017-03-06] (Hewlett Packard)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-11] (REALiX(tm))
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [229632 2017-04-15] (Intel Corporation)
S3 IT9135BDA; C:\windows\System32\Drivers\IT9135BDA.sys [113280 2010-02-03] (ITE )
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-12] (Malwarebytes)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\Netwbw02.sys [3517200 2017-02-14] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R2 NPF; C:\Program Files\iVMS-4200 Station\iVMS-4200\iVMS-4200 Client\npf64.sys [36600 2016-08-17] (Riverbed Technology, Inc.)
S4 RsFx0201; C:\windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [237968 2013-11-18] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39056 2013-11-18] (REALTEK SEMICONDUCTOR Corp.)
R3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [418784 2017-02-14] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [3127552 2017-02-14] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2017-03-12] (Synaptics Incorporated)
S3 ssudmdm; C:\windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 usbrndis6; C:\windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-12-31] (Basil Projects)
R3 WinDriver6; C:\windows\system32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-12 13:31 - 2018-01-12 13:36 - 000034760 _____ C:\Users\Pedro\Desktop\FRST.txt
2018-01-12 09:27 - 2018-01-12 09:28 - 000043307 _____ C:\Users\Pedro\Desktop\Addition.txt
2018-01-12 09:06 - 2018-01-12 09:06 - 000112640 _____ (forum.viry.cz) C:\Users\Pedro\Desktop\FRSTLauncher.exe
2018-01-12 09:01 - 2018-01-12 09:01 - 002393088 _____ (Farbar) C:\Users\Pedro\Desktop\FRST64.exe
2018-01-11 18:29 - 2018-01-11 18:29 - 000000354 _____ C:\Users\Pedro\Desktop\materiál fara dec2017
2018-01-10 22:39 - 2018-01-12 13:12 - 000253880 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-01-10 18:33 - 2018-01-12 08:40 - 000000000 ____D C:\AdwCleaner
2018-01-10 17:47 - 2018-01-10 17:47 - 008198432 _____ (Malwarebytes) C:\Users\Pedro\Desktop\AdwCleaner.exe
2018-01-06 12:34 - 2018-01-06 12:50 - 000000458 _____ C:\Users\Pedro\Desktop\Sescom januar 2018.txt
2018-01-01 19:26 - 2018-01-01 19:26 - 000001365 _____ C:\Users\Public\Desktop\EaseUS Partition Master 12.8.lnk
2018-01-01 19:26 - 2018-01-01 19:26 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-01-01 19:26 - 2018-01-01 19:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.8
2018-01-01 19:25 - 2018-01-01 19:25 - 000000000 ____D C:\Program Files (x86)\EaseUS
2018-01-01 19:25 - 2017-12-06 12:47 - 004094608 _____ C:\windows\system32\BootMan.exe
2018-01-01 19:25 - 2017-12-06 12:47 - 003076240 _____ C:\windows\SysWOW64\BootMan.exe
2018-01-01 19:25 - 2017-12-01 16:32 - 000131728 _____ C:\windows\system32\setupempdrvx64.exe
2018-01-01 19:25 - 2017-11-23 11:47 - 000020936 _____ (Windows (R) Codename Longhorn DDK provider) C:\windows\system32\EPMVolFlt.sys
2018-01-01 19:25 - 2017-11-23 11:47 - 000020936 _____ (Windows (R) Codename Longhorn DDK provider) C:\windows\system32\Drivers\EPMVolFlt.sys
2018-01-01 19:25 - 2016-07-11 10:01 - 000010848 _____ C:\windows\system32\EuGdiDrv.sys
2018-01-01 19:25 - 2016-01-14 10:05 - 000024056 _____ C:\windows\system32\epmntdrv.sys
2018-01-01 19:25 - 2014-11-18 14:46 - 000021088 _____ C:\windows\SysWOW64\EuEpmGdi.dll
2018-01-01 19:25 - 2014-11-18 14:46 - 000017504 _____ C:\windows\system32\EuEpmGdi.dll
2017-12-31 22:55 - 2017-12-31 22:56 - 000001398 _____ C:\Users\Pedro\Desktop\rufus-2.12.lnk
2017-12-31 11:00 - 2017-12-31 11:00 - 000000000 ____D C:\windows\SysWOW64\rufus_files
2017-12-31 10:41 - 2017-12-31 10:40 - 000111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2017-12-31 10:29 - 2017-12-31 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-12-30 17:13 - 2017-12-30 17:14 - 000000000 ___HD C:\$SysReset
2017-12-29 20:02 - 2017-12-29 18:12 - 000014060 ____N C:\Users\Pedro\Desktop\aa_skin_values.night.lua
2017-12-29 19:58 - 2017-12-29 18:12 - 000013970 ____N C:\Users\Pedro\Desktop\aa_skin_values.day.lua
2017-12-23 18:13 - 2017-12-23 18:13 - 000000000 ____D C:\windows\LastGood.Tmp
2017-12-23 18:03 - 2017-12-23 18:03 - 000000000 ____D C:\Users\Pedro\AppData\Local\Metrel_d.d
2017-12-23 17:56 - 2017-12-23 17:57 - 000000000 ____D C:\Program Files (x86)\Metrel
2017-12-23 17:56 - 2017-12-23 17:56 - 000001952 _____ C:\Users\Public\Desktop\Metrel PATLink PRO.lnk
2017-12-23 17:56 - 2017-12-23 17:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metrel
2017-12-23 17:43 - 2012-02-11 19:02 - 000045656 _____ (Microsoft Corporation) C:\windows\SysWOW64\perf-MSSQL11.METREL-sqlagtctr.dll
2017-12-23 17:43 - 2012-02-11 17:44 - 000054360 _____ (Microsoft Corporation) C:\windows\system32\perf-MSSQL11.METREL-sqlagtctr.dll
2017-12-23 17:42 - 2012-02-11 19:03 - 000082520 _____ (Microsoft Corporation) C:\windows\SysWOW64\perf-MSSQL$METREL-sqlctr11.1.3000.0.dll
2017-12-23 17:42 - 2012-02-11 17:46 - 000180312 _____ (Microsoft Corporation) C:\windows\system32\hadrres.dll
2017-12-23 17:42 - 2012-02-11 17:46 - 000082520 _____ (Microsoft Corporation) C:\windows\system32\fssres.dll
2017-12-23 17:42 - 2012-02-11 17:44 - 000095832 _____ (Microsoft Corporation) C:\windows\system32\perf-MSSQL$METREL-sqlctr11.1.3000.0.dll
2017-12-23 17:39 - 2017-12-23 17:39 - 000000000 ____D C:\windows\system32\RsFx
2017-12-23 17:38 - 2017-12-23 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2017-12-23 17:37 - 2017-12-23 17:37 - 000000000 ____D C:\windows\system32\1033
2017-12-23 17:28 - 2017-12-23 17:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2012
2017-12-19 09:24 - 2017-12-19 09:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-19 09:24 - 2017-11-29 09:11 - 000077432 _____ C:\windows\system32\Drivers\mbae64.sys
2017-12-19 09:22 - 2017-12-19 09:22 - 000000000 ____D C:\ProgramData\MB3CoreBackup
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-12 13:35 - 2014-12-31 15:04 - 000000000 ___RD C:\gd
2018-01-12 13:32 - 2017-01-09 21:46 - 000000000 ____D C:\Users\Pedro\AppData\LocalLow\Mozilla
2018-01-12 13:30 - 2015-01-24 14:13 - 000024800 _____ C:\Users\Pedro\AppData\Roaming\Notepad2.ini
2018-01-12 13:30 - 2015-01-02 09:50 - 000000000 ____D C:\Users\Pedro\AppData\Local\GmailNotifierPro
2018-01-12 13:11 - 2013-08-22 15:45 - 000000006 ____H C:\windows\Tasks\SA.DAT
2018-01-12 13:10 - 2014-09-26 21:37 - 000006656 _____ C:\windows\system32\VfService.trf
2018-01-12 12:48 - 2015-01-02 09:50 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\GmailNotifierPro
2018-01-12 11:55 - 2017-04-18 21:40 - 000000416 _____ C:\windows\Tasks\update-sys.job
2018-01-12 09:38 - 2017-04-18 20:46 - 000000406 _____ C:\windows\Tasks\update-S-1-5-21-2121847970-1608828601-3914908799-1001.job
2018-01-12 09:24 - 2016-06-17 14:34 - 000000000 ____D C:\FRST
2018-01-12 09:08 - 2015-01-02 17:57 - 000000000 ____D C:\=DOWNLOADS=
2018-01-12 08:58 - 2014-03-18 10:53 - 000987220 _____ C:\windows\system32\PerfStringBackup.INI
2018-01-12 08:58 - 2013-08-22 14:36 - 000000000 ____D C:\windows\Inf
2018-01-11 00:09 - 2017-03-03 19:35 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\aWARemote Server
2018-01-10 23:21 - 2015-01-07 23:51 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\MPC-HC
2018-01-10 22:19 - 2015-01-02 17:53 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\uTorrent
2018-01-10 22:16 - 2017-08-13 17:46 - 000000000 ____D C:\ProgramData\firebird
2018-01-10 17:14 - 2017-05-31 16:03 - 000004992 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Lenpedro-Pedro Lenpedro
2018-01-10 16:46 - 2014-12-30 22:24 - 000003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2121847970-1608828601-3914908799-1001
2018-01-10 11:08 - 2016-12-18 13:11 - 000000000 ____D C:\Users\Pedro\AppData\LocalLow\uTorrent
2018-01-09 20:47 - 2015-03-22 14:18 - 000004288 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2018-01-09 20:47 - 2013-08-22 16:36 - 000000000 ____D C:\windows\SysWOW64\Macromed
2018-01-09 20:47 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\Macromed
2018-01-08 23:13 - 2014-09-26 20:53 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-08 23:08 - 2013-08-22 14:25 - 000524288 ___SH C:\windows\system32\config\BBI
2018-01-08 16:15 - 2017-11-19 20:18 - 000003872 _____ C:\windows\System32\Tasks\CCleaner Update
2018-01-08 16:15 - 2017-02-07 20:54 - 000000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-08 12:22 - 2014-12-31 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-01-06 11:30 - 2015-04-06 00:28 - 000002238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-04 23:54 - 2015-01-26 12:59 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\Mp3tag
2018-01-03 18:00 - 2017-03-14 22:18 - 000000290 __RSH C:\ProgramData\ntuser.pol
2018-01-03 00:23 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\NDF
2018-01-01 18:52 - 2014-12-31 19:33 - 000000000 ____D C:\+SHARE+
2018-01-01 17:54 - 2015-03-08 17:46 - 000000132 _____ C:\Users\Pedro\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2017-12-31 10:57 - 2013-08-22 16:36 - 000000000 ___HD C:\windows\system32\GroupPolicy
2017-12-31 10:57 - 2013-08-22 16:36 - 000000000 ____D C:\windows\SysWOW64\GroupPolicy
2017-12-31 10:32 - 2014-12-30 22:18 - 000000000 ____D C:\Users\Pedro\AppData\Local\Packages
2017-12-31 10:28 - 2015-01-24 18:50 - 000000000 ____D C:\Program Files\Java
2017-12-23 17:41 - 2014-12-31 22:29 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-12-23 17:40 - 2013-08-22 16:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-23 17:38 - 2014-12-31 22:29 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-12-23 17:37 - 2015-01-08 18:52 - 000000000 ____D C:\windows\SysWOW64\1033
2017-12-22 17:51 - 2015-08-19 19:33 - 000000000 ____D C:\Users\Pedro\Documents\Fax
2017-12-22 17:51 - 2013-08-22 16:36 - 000000000 ____D C:\windows\system32\FxsTmp
2017-12-15 08:14 - 2015-01-08 19:09 - 000000000 ____D C:\Users\Pedro\AppData\Local\ElevatedDiagnostics
2017-12-15 00:15 - 2014-12-31 00:26 - 000178840 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2017-12-15 00:15 - 2014-12-31 00:26 - 000169376 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2017-12-14 10:49 - 2017-12-12 20:22 - 000000000 ____D C:\Users\Pedro\AppData\Roaming\Foxit Scanner Images
==================== Files in the root of some directories =======
2015-01-21 16:05 - 2000-06-08 14:46 - 000003638 _____ () C:\Program Files (x86)\Common Files\Config.ico
2015-01-21 16:05 - 2008-07-25 11:17 - 000558080 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCP80.dll
2015-01-21 16:05 - 2008-07-25 11:17 - 000635904 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCR80.dll
2015-02-12 18:16 - 2015-04-21 12:03 - 000000132 _____ () C:\Users\Pedro\AppData\Roaming\Adobe Formát GIF CS5 – předvolby
2015-03-08 17:46 - 2018-01-01 17:54 - 000000132 _____ () C:\Users\Pedro\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2015-01-24 14:13 - 2018-01-12 13:30 - 000024800 _____ () C:\Users\Pedro\AppData\Roaming\Notepad2.ini
2017-08-07 23:12 - 2017-11-17 21:02 - 000003584 _____ () C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-18 20:02 - 2017-11-18 20:02 - 000000218 _____ () C:\Users\Pedro\AppData\Local\recently-used.xbel
2015-01-02 12:47 - 2015-01-02 12:47 - 000000017 _____ () C:\Users\Pedro\AppData\Local\resmon.resmoncfg
2016-05-19 08:08 - 2016-05-19 08:08 - 000000003 _____ () C:\Users\Pedro\AppData\Local\updater.log
2016-05-19 08:08 - 2017-05-08 08:26 - 000000425 _____ () C:\Users\Pedro\AppData\Local\UserProducts.xml
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-07 12:43
==================== End of FRST.txt ============================
- Přílohy
-
- Addition.rar
- (21.39 KiB) Staženo 80 x
- Rudy
- Site Admin
- Příspěvky: 118744
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalenie, kontrola logu, prosím.
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Spomalenie, kontrola logu, prosím.
Už som na začiatku písal, že som prečistil ADW, ale asi treba log, takže ešte raz opakujem.
Ten doplnok, či čo to od slunečnice.cz tam nájde vždy ...ako sa to stáva? nikdy tú stránku nespúšťam, dá sa tomu zabrániť? Može to byť stránkou s online filmami, kde vyskakujú okná s reklamami? Tie sa dajú blokovať?
Ďakujem.
# AdwCleaner 7.0.6.0 - Logfile created on Sat Jan 13 14:36:56 2018
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
No malicious registry entries deleted.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
SearchProvider deleted: slunecnice.cz - slunecnice.cz
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [1227 B] - [2018/1/10 21:33:19]
C:/AdwCleaner/AdwCleaner[C1].txt - [1362 B] - [2018/1/12 7:41:45]
C:/AdwCleaner/AdwCleaner[S0].txt - [1228 B] - [2018/1/10 21:30:29]
C:/AdwCleaner/AdwCleaner[S1].txt - [1364 B] - [2018/1/12 7:40:24]
C:/AdwCleaner/AdwCleaner[S2].txt - [1392 B] - [2018/1/13 14:28:37]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########
Ten doplnok, či čo to od slunečnice.cz tam nájde vždy ...ako sa to stáva? nikdy tú stránku nespúšťam, dá sa tomu zabrániť? Može to byť stránkou s online filmami, kde vyskakujú okná s reklamami? Tie sa dajú blokovať?
Ďakujem.
# AdwCleaner 7.0.6.0 - Logfile created on Sat Jan 13 14:36:56 2018
# Updated on 2017/21/12 by Malwarebytes
# Running on Windows 8.1 (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
No malicious folders deleted.
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
No malicious registry entries deleted.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
SearchProvider deleted: slunecnice.cz - slunecnice.cz
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [1227 B] - [2018/1/10 21:33:19]
C:/AdwCleaner/AdwCleaner[C1].txt - [1362 B] - [2018/1/12 7:41:45]
C:/AdwCleaner/AdwCleaner[S0].txt - [1228 B] - [2018/1/10 21:30:29]
C:/AdwCleaner/AdwCleaner[S1].txt - [1364 B] - [2018/1/12 7:40:24]
C:/AdwCleaner/AdwCleaner[S2].txt - [1392 B] - [2018/1/13 14:28:37]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt ##########
- Rudy
- Site Admin
- Příspěvky: 118744
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalenie, kontrola logu, prosím.
Zřejmě tam asi byl, jinak by ho nemazal. Proč se mu ale nelíbí, nevím. Podstatné to není. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> DefaultScope {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {AEAA6EA5-7D7A-44A3-B02A-50AB9A95C50F} - System32\Tasks\{319D25E8-1C2C-4AB7-BAB6-A383029AFAA7} => C:\windows\system32\pcalua.exe -a E:\Driver\DrvInstall.exe -d E:\Driver
Task: {B282EEF9-22B2-49C5-8081-635652852A4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F309BEFF-48D6-4202-90A2-F93E25B52580} - System32\Tasks\{86E03862-9E13-4B2A-8A9F-2EED0A2A1DEA} => C:\windows\system32\pcalua.exe -a \\kroenenamd\F\autorun.exe -d \\kroenenamd\F
C:\Users\Pedro\AppData\Local\Temp
C:\Program Files\Bonjour
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Spomalenie, kontrola logu, prosím.
Nabudúce by som vedel niečo spraviť pre zachovanie kariet v prehliadačoch? Teraz nevadí, len že či by to šlo.
Fix result of Farbar Recovery Scan Tool (x64) Version: 13.01.2018 01
Ran by Pedro (13-01-2018 16:29:06) Run:5
Running from C:\Users\Pedro\Desktop
Loaded Profiles: Pedro (Available Profiles: Pedro)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> DefaultScope {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {AEAA6EA5-7D7A-44A3-B02A-50AB9A95C50F} - System32\Tasks\{319D25E8-1C2C-4AB7-BAB6-A383029AFAA7} => C:\windows\system32\pcalua.exe -a E:\Driver\DrvInstall.exe -d E:\Driver
Task: {B282EEF9-22B2-49C5-8081-635652852A4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F309BEFF-48D6-4202-90A2-F93E25B52580} - System32\Tasks\{86E03862-9E13-4B2A-8A9F-2EED0A2A1DEA} => C:\windows\system32\pcalua.exe -a \\kroenenamd\F\autorun.exe -d \\kroenenamd\F
C:\Users\Pedro\AppData\Local\Temp
C:\Program Files\Bonjour
EmptyTemp:
End
*****************
"C:\windows\system32\GroupPolicy\Machine" => not found
"HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC5134AD-236A-4D0A-996F-7C41A1CC9C50} => key not found
HKLM\Software\Classes\CLSID\{EC5134AD-236A-4D0A-996F-7C41A1CC9C50} => key not found
"C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key not found
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEAA6EA5-7D7A-44A3-B02A-50AB9A95C50F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEAA6EA5-7D7A-44A3-B02A-50AB9A95C50F}" => removed successfully
C:\windows\System32\Tasks\{319D25E8-1C2C-4AB7-BAB6-A383029AFAA7} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{319D25E8-1C2C-4AB7-BAB6-A383029AFAA7} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B282EEF9-22B2-49C5-8081-635652852A4C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B282EEF9-22B2-49C5-8081-635652852A4C}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F309BEFF-48D6-4202-90A2-F93E25B52580}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F309BEFF-48D6-4202-90A2-F93E25B52580}" => removed successfully
C:\windows\System32\Tasks\{86E03862-9E13-4B2A-8A9F-2EED0A2A1DEA} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86E03862-9E13-4B2A-8A9F-2EED0A2A1DEA} => could not remove key. ErrorCode1: 0x00000002
"C:\Users\Pedro\AppData\Local\Temp" folder move:
Could not move "C:\Users\Pedro\AppData\Local\Temp" => Scheduled to move on reboot.
C:\Program Files\Bonjour => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22243429 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 28928 B
Edge => 0 B
Chrome => 460547807 B
Firefox => 74385589 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 36464 B
LocalService => 125552 B
NetworkService => 0 B
Pedro => 466668872 B
RecycleBin => 90942 B
EmptyTemp: => 984.7 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-01-2018 16:38:25)
C:\Users\Pedro\AppData\Local\Temp => moved successfully
==== End of Fixlog 16:38:28 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 13.01.2018 01
Ran by Pedro (13-01-2018 16:29:06) Run:5
Running from C:\Users\Pedro\Desktop
Loaded Profiles: Pedro (Available Profiles: Pedro)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
GroupPolicy: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> DefaultScope {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
Task: {AEAA6EA5-7D7A-44A3-B02A-50AB9A95C50F} - System32\Tasks\{319D25E8-1C2C-4AB7-BAB6-A383029AFAA7} => C:\windows\system32\pcalua.exe -a E:\Driver\DrvInstall.exe -d E:\Driver
Task: {B282EEF9-22B2-49C5-8081-635652852A4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F309BEFF-48D6-4202-90A2-F93E25B52580} - System32\Tasks\{86E03862-9E13-4B2A-8A9F-2EED0A2A1DEA} => C:\windows\system32\pcalua.exe -a \\kroenenamd\F\autorun.exe -d \\kroenenamd\F
C:\Users\Pedro\AppData\Local\Temp
C:\Program Files\Bonjour
EmptyTemp:
End
*****************
"C:\windows\system32\GroupPolicy\Machine" => not found
"HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKU\S-1-5-21-2121847970-1608828601-3914908799-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EC5134AD-236A-4D0A-996F-7C41A1CC9C50} => key not found
HKLM\Software\Classes\CLSID\{EC5134AD-236A-4D0A-996F-7C41A1CC9C50} => key not found
"C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key not found
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEAA6EA5-7D7A-44A3-B02A-50AB9A95C50F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEAA6EA5-7D7A-44A3-B02A-50AB9A95C50F}" => removed successfully
C:\windows\System32\Tasks\{319D25E8-1C2C-4AB7-BAB6-A383029AFAA7} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{319D25E8-1C2C-4AB7-BAB6-A383029AFAA7} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B282EEF9-22B2-49C5-8081-635652852A4C}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B282EEF9-22B2-49C5-8081-635652852A4C}" => removed successfully
C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F309BEFF-48D6-4202-90A2-F93E25B52580}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F309BEFF-48D6-4202-90A2-F93E25B52580}" => removed successfully
C:\windows\System32\Tasks\{86E03862-9E13-4B2A-8A9F-2EED0A2A1DEA} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{86E03862-9E13-4B2A-8A9F-2EED0A2A1DEA} => could not remove key. ErrorCode1: 0x00000002
"C:\Users\Pedro\AppData\Local\Temp" folder move:
Could not move "C:\Users\Pedro\AppData\Local\Temp" => Scheduled to move on reboot.
C:\Program Files\Bonjour => moved successfully
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22243429 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 28928 B
Edge => 0 B
Chrome => 460547807 B
Firefox => 74385589 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 36464 B
LocalService => 125552 B
NetworkService => 0 B
Pedro => 466668872 B
RecycleBin => 90942 B
EmptyTemp: => 984.7 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-01-2018 16:38:25)
C:\Users\Pedro\AppData\Local\Temp => moved successfully
==== End of Fixlog 16:38:28 ====
- Rudy
- Site Admin
- Příspěvky: 118744
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalenie, kontrola logu, prosím.
Z prohlížečů se prakticky nic nemazalo, jen prázdné položky:
Na prohlížeče máme jiné utility. Jinak smazáno. Nastala nějaká změna?SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> DefaultScope {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
SearchScopes: HKU\S-1-5-21-2121847970-1608828601-3914908799-1001 -> {EC5134AD-236A-4D0A-996F-7C41A1CC9C50} URL =
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Spomalenie, kontrola logu, prosím.
Ano, už je to v pohode.
Možem sa ešte spýtať na tie prehliadače? Naozaj mi to teraz po fix-e zmazalo karty aj v Chrome, aj v Firefoxe (mám nastavené - pamätať si posledné otvorené karty). Tentoraz nevadí, ale keby som nabudúce ich chcel zachovať, bolo by nejaké riešenie?
Možem sa ešte spýtať na tie prehliadače? Naozaj mi to teraz po fix-e zmazalo karty aj v Chrome, aj v Firefoxe (mám nastavené - pamätať si posledné otvorené karty). Tentoraz nevadí, ale keby som nabudúce ich chcel zachovať, bolo by nejaké riešenie?
- Rudy
- Site Admin
- Příspěvky: 118744
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalenie, kontrola logu, prosím.
FRST to nebyl. Možná ADW. Nastaveni Chrome lze zazálohovat pomocí ChromeBackup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ a FF pomocí Mozbackup: http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/ . Po čištění lze je pomocí těch utilit snadno obnovit.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Spomalenie, kontrola logu, prosím.
Aha, vyborne, nabudúce vyskúšam.
Tak ešte raz, vďaka za pomoc!
Tak ešte raz, vďaka za pomoc!
- Rudy
- Site Admin
- Příspěvky: 118744
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalenie, kontrola logu, prosím.
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Spomalenie, kontrola logu, prosím.
V prvom prspevku, čo som na obr. ukázal, aké okienka mi vyskakujú, tak práve mi vyskočilo zasa na cca 5 sekund.
Ale žiadne spomalenie, mrznutie ..všetko OK, iba sa to zobrazilo. Neškodné? Žeby nejaký program blbol? Pretože od čistenia som k pc nič nepripájal, a stránky iba boli spustené - viry, youtube, csfd, netflix.
Ale žiadne spomalenie, mrznutie ..všetko OK, iba sa to zobrazilo. Neškodné? Žeby nejaký program blbol? Pretože od čistenia som k pc nič nepripájal, a stránky iba boli spustené - viry, youtube, csfd, netflix.
- Rudy
- Site Admin
- Příspěvky: 118744
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalenie, kontrola logu, prosím.
Zkusíme vyčistit prohlížeče. Spusťte postupně tyto utility:
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Spomalenie, kontrola logu, prosím.
Zoek.exe v5.0.0.1 Updated 24-October-2017
Tool run by Pedro on ne 14.01.2018 at 19:05:25,36.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Pedro\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2018-01-14-170526.log 2097 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== FireFox Fix ======================
Deleted from C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [26.01.2016 14:59]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default
- Slovnky slovenskho pravopisu - %ProfilePath%\extensions\sk@dictionaries.addons.mozilla.org
- Undetermined - %ProfilePath%\extensions\artur.dubovoy@gmail.com.xpi
- Undetermined - %ProfilePath%\extensions\firefox@mega.co.nz.xpi
- Undetermined - %ProfilePath%\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
- Slovak SK Language Pack - %ProfilePath%\extensions\langpack-sk@firefox.mozilla.org.xpi
- Undetermined - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Undetermined - %ProfilePath%\extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default
3C7D15CB1D90ABBE57164A4C5DBDEA0A - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
DE55E02E638B38DD3DD4BFECC53D9D82 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
4DD36616DCCCB299EEF3E997D2CCA1AD - C:\Users\Pedro\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll - Epic Privacy Browser Installer
6A87A31774C96A22954884CC4929FEFF - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
CCE0BF095D9237DE969C6584B502753D - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
D16896ABE7C64F3E8805266F1A76A591 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.sk/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{EC5134AD-236A-4D0A-996F-7C41A1CC9C50}"
HKLM\SearchScopes\{EC5134AD-236A-4D0A-996F-7C41A1CC9C50} - http://www.bing.com/search?q={searchTer ... TR&pc=LCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{EC5134AD-236A-4D0A-996F-7C41A1CC9C50}"
HKLM\Wow6432Node\SearchScopes\{EC5134AD-236A-4D0A-996F-7C41A1CC9C50} - http://www.bing.com/search?q={searchTer ... TR&pc=LCJB
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
==== Reset Google Chrome ======================
C:\Users\Pedro\AppData\Local\Epic Privacy Browser\User Data\Default\Preferences was reset successfully
C:\Users\Pedro\AppData\Local\Epic Privacy Browser\User Data\Default\Secure Preferences was reset successfully
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pedro\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pedro\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Pedro\AppData\Local\Mozilla\Firefox\Profiles\esgz87fp.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== Empty Temp Folders ======================
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Pedro\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 14.01.2018 at 19:21:51,11 ======================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64
Ran by Pedro (Administrator) on ne 14.01.2018 at 19:26:47,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder)
Successfully deleted: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\extensions\artur.dubovoy@gmail.com.xpi (File)
Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\windows\system32\Tasks\Driver Booster SkipUAC (Pedro) (Task)
Successfully deleted: C:\windows\system32\Tasks\update-S-1-5-21-2121847970-1608828601-3914908799-1001 (Task)
Successfully deleted: C:\windows\system32\Tasks\update-sys (Task)
Successfully deleted: C:\windows\Tasks\update-S-1-5-21-2121847970-1608828601-3914908799-1001.job (Task)
Successfully deleted: C:\windows\Tasks\update-sys.job (Task)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 14.01.2018 at 19:32:16,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tool run by Pedro on ne 14.01.2018 at 19:05:25,36.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Pedro\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2018-01-14-170526.log 2097 bytes
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== FireFox Fix ======================
Deleted from C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Added to C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" [26.01.2016 14:59]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default
- Slovnky slovenskho pravopisu - %ProfilePath%\extensions\sk@dictionaries.addons.mozilla.org
- Undetermined - %ProfilePath%\extensions\artur.dubovoy@gmail.com.xpi
- Undetermined - %ProfilePath%\extensions\firefox@mega.co.nz.xpi
- Undetermined - %ProfilePath%\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
- Slovak SK Language Pack - %ProfilePath%\extensions\langpack-sk@firefox.mozilla.org.xpi
- Undetermined - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Undetermined - %ProfilePath%\extensions\{e33788ea-0bb9-4502-9c77-bdc551afc8ab}.xpi
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default
3C7D15CB1D90ABBE57164A4C5DBDEA0A - C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U31
DE55E02E638B38DD3DD4BFECC53D9D82 - C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.310.13
4DD36616DCCCB299EEF3E997D2CCA1AD - C:\Users\Pedro\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll - Epic Privacy Browser Installer
6A87A31774C96A22954884CC4929FEFF - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight
CCE0BF095D9237DE969C6584B502753D - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
D16896ABE7C64F3E8805266F1A76A591 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.sk/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{EC5134AD-236A-4D0A-996F-7C41A1CC9C50}"
HKLM\SearchScopes\{EC5134AD-236A-4D0A-996F-7C41A1CC9C50} - http://www.bing.com/search?q={searchTer ... TR&pc=LCJB
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{EC5134AD-236A-4D0A-996F-7C41A1CC9C50}"
HKLM\Wow6432Node\SearchScopes\{EC5134AD-236A-4D0A-996F-7C41A1CC9C50} - http://www.bing.com/search?q={searchTer ... TR&pc=LCJB
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
==== Reset Google Chrome ======================
C:\Users\Pedro\AppData\Local\Epic Privacy Browser\User Data\Default\Preferences was reset successfully
C:\Users\Pedro\AppData\Local\Epic Privacy Browser\User Data\Default\Secure Preferences was reset successfully
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
==== Empty IE Cache ======================
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pedro\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pedro\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Pedro\AppData\Local\Mozilla\Firefox\Profiles\esgz87fp.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== Empty Temp Folders ======================
C:\windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\windows\Temp successfully emptied
C:\Users\Pedro\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 14.01.2018 at 19:21:51,11 ======================
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 x64
Ran by Pedro (Administrator) on ne 14.01.2018 at 19:26:47,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg (Folder)
Successfully deleted: C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\esgz87fp.default\extensions\artur.dubovoy@gmail.com.xpi (File)
Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\windows\system32\Tasks\Driver Booster SkipUAC (Pedro) (Task)
Successfully deleted: C:\windows\system32\Tasks\update-S-1-5-21-2121847970-1608828601-3914908799-1001 (Task)
Successfully deleted: C:\windows\system32\Tasks\update-sys (Task)
Successfully deleted: C:\windows\Tasks\update-S-1-5-21-2121847970-1608828601-3914908799-1001.job (Task)
Successfully deleted: C:\windows\Tasks\update-sys.job (Task)
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 14.01.2018 at 19:32:16,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Spomalenie, kontrola logu, prosím.
Ešte pred týmito dvomi cleanermi som išiel písať, že systém opäť začína spomaľovať (pritom som nič nedôveryhodné nespúšťal), ale po tomto ide systém ešte rýchlejšie
a veľmi rýchlo sa načítavajú web stránky. Ani som nevedel že je taká rýchlosť možná Čo ich mohlo doteraz spomaľovať?
Ale povypínali sa mi niektoré potrebné programy v pozadí (Google drive, touchpad, Avira...), je to OK, možem pozapínať?
//edit:
Tak a je to zasa naspäť. Po reštarte sa spomínané programy pospúšťali a systém ide zasa ťažko/namáhavo, ventilátor, pomaly načítava stránky, ako predtým
a veľmi rýchlo sa načítavajú web stránky. Ani som nevedel že je taká rýchlosť možná Čo ich mohlo doteraz spomaľovať?
Ale povypínali sa mi niektoré potrebné programy v pozadí (Google drive, touchpad, Avira...), je to OK, možem pozapínať?
//edit:
Tak a je to zasa naspäť. Po reštarte sa spomínané programy pospúšťali a systém ide zasa ťažko/namáhavo, ventilátor, pomaly načítava stránky, ako predtým
- Rudy
- Site Admin
- Příspěvky: 118744
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Spomalenie, kontrola logu, prosím.
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.