Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Prosím o kontrolu logu

#16 Příspěvek od Peelie »

Inak keď dám spustiť malwarebytes tool ako správca, píše počas toho downloading FIRST 64 ?? a potom to zlýha. Ako keby sa spúšťal tá utilita FIRST a pritom som stiahol malwarebytes tool.
Nahoru
Conder
VIP
VIP
Příspěvky: 4400
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#17 Příspěvek od Conder »

Ano, zobrazi sa to pri spustani toho nastroja Malwarebytes Support Tool (mb-support-1.8.0.848.exe). Zobrazi sa nejaka chybova hlaska?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Prosím o kontrolu logu

#18 Příspěvek od Peelie »

Ano ta co som uviedol.
Nahoru
Conder
VIP
VIP
Příspěvky: 4400
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#19 Příspěvek od Conder »

No a po zobrazeni nacitavania s hlaskou "Downloading FRST64.exe" nasleduje co? Aka chybova hlaska?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Prosím o kontrolu logu

#20 Příspěvek od Peelie »

We were unable to lunch sucssessfully. Please try again.
Nahoru
Conder
VIP
VIP
Příspěvky: 4400
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#21 Příspěvek od Conder »

Spusti Windows v nudzovom rezime podla tohto navodu: https://support.microsoft.com/sk-sk/win ... e5e56fe234
V nudzovom rezime potom otvor Malwarebytes a skus spustit sken (podla predchadzajucich navodov)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Prosím o kontrolu logu

#22 Příspěvek od Peelie »

Posielam výsledok scanu. Podarilo sa spustiť Malwarebytes v núdzovom režime.


Malwarebytes
www.malwarebytes.com

-Podrobnosti denníka-
Dátum skenovania: 13. 1. 2021
Čas skenovania: 12:46
Súbor denníka: ec1b9843-5594-11eb-817d-000000000000.json

-Údaje o softvéri-
Verzia: 4.3.0.98
Verzia súčastí: 1.0.1130
Aktualizovať verziu balíka: 1.0.35675
Licencia: Skúšobná verzia

-Systémové informácie-
OS: Windows 7 Service Pack 1
Procesor: x64
Systém súborov: NTFS
Používateľ: Martin-PC\Martin

-Zhrnutie skenovania-
Typ skenovania: Vlastné skenovanie
Skenovanie bolo spustené: Manuálne
Výsledok: Dokončené
Preskenované objekty: 234726
Zistené hrozby: 2
Hrozby umiestnené do karantény: 2
Uplynulý čas: 3 h, 6 min, 30 s

-Možnosti skenovania-
Pamäť: Povolené
Spúšťanie: Povolené
Systém súborov: Povolené
Archívy: Povolené
Rootkity: Povolené
Heuristika: Povolené
PUP: Zistiť
PUM: Zistiť

-Podrobnosti skenovania-
Proces: 0
(Nezistili sa nijaké škodlivé položky)

Modul: 0
(Nezistili sa nijaké škodlivé položky)

Kľúč databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Hodnota databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Údaje databázy Registry: 0
(Nezistili sa nijaké škodlivé položky)

Prúd údajov: 0
(Nezistili sa nijaké škodlivé položky)

Priečinok: 0
(Nezistili sa nijaké škodlivé položky)

Súbor: 2
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\SURFING PROTECTION\BROWERPROTECT\NP_ASC_PLUGIN.DLL, Umiestené do karantény, 8063, 396386, 1.0.35675, , ame, , 6EA3310070AEFD3E0CE2668DB3FF8BDE, F30FA5E2FE579AB6ADEFFA9C5B1C078FD3DF2DB32783D946D79AED632ABA9FD3
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\SURFING PROTECTION\BROWERPROTECT\ASCPLUGIN_PROTECTION.DLL, Umiestené do karantény, 8063, 396386, 1.0.35675, , ame, , EDF9D5A6EABD82C3A6C44651A3438532, CDC7102A463DC71CC7EEBF1C8FF84D09B09440EF6E011734844675B91A65DBBE

Fyzický sektor: 0
(Nezistili sa nijaké škodlivé položky)

WMI: 0
(Nezistili sa nijaké škodlivé položky)


(end)
Nahoru
Conder
VIP
VIP
Příspěvky: 4400
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#23 Příspěvek od Conder »

Pardon za zdrzanie. Poprosim o nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Prosím o kontrolu logu

#24 Příspěvek od Peelie »

To je v poriadku. Posielam logy.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2021
Ran by Martin (administrator) on MARTIN-PC (16-01-2021 09:52:08)
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Martin\AppData\Local\Temp\mwb7139.tmp\MBSTIPostRebootService.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Seznam.cz, a.s. -> ) C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Seznam.cz, a.s. -> ) C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\szndesktop.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [seznam-listicka-distribuce] => "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [Opera Browser Assistant] => C:\Users\Martin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2990E96C-8B06-42BE-AD4D-55D150BA7F10} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Martin => F:\1servis\PROGRAMS\Hard Disk Sentinel\HDSentinel.exe
Task: {4FCE8287-F99D-421F-A8BB-94F04C6C99A0} - System32\Tasks\Opera scheduled Autoupdate 1477133455 => C:\Program Files (x86)\Opera\launcher.exe
Task: {64196B48-0E0D-48F9-A169-4E22EEFA744C} - System32\Tasks\Opera scheduled Autoupdate 1588766768 => C:\Users\Martin\AppData\Local\Programs\Opera\launcher.exe [1583256 2021-01-05] (Opera Software AS -> Opera Software)
Task: {776464BC-99BD-4D1E-AB41-9CE8D2E4F386} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-07] (Google Inc -> Google Inc.)
Task: {AD9E773B-3189-4F77-9067-8AB3787B7FB0} - System32\Tasks\Opera scheduled Autoupdate 1497815344 => C:\Program Files (x86)\Opera\launcher.exe
Task: {B63BFCAD-865B-4F42-90A8-A24ABED387A7} - System32\Tasks\Opera scheduled assistant Autoupdate 1588766823 => C:\Users\Martin\AppData\Local\Programs\Opera\launcher.exe [1583256 2021-01-05] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Martin\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {B6FD9B73-770A-4ECA-9D64-9F036E29C6C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {D037912B-7859-49BC-BFD0-C482F1CF161D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {D685FBD3-3F61-4B51-8098-F5939AE599DB} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Martin\AppData\Local\Temp\scoped_dir2744_29998\esetonlinescanner_sky.exe <==== ATTENTION
Task: {DA19EA11-F8FD-4C36-9BC5-C92AA6DBE2BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-11-07] (Google Inc -> Google Inc.)
Task: {DE09111B-73DD-4875-876D-C293F20E8F18} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Martin\AppData\Local\Temp\scoped_dir2744_29998\esetonlinescanner_sky.exe <==== ATTENTION
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{e8baf6a8-c7f7-43b9-aa58-2a9ac8e1b6e2} <==== ATTENTION (Restriction - IP)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B2F2584-F723-4A83-BF46-B8559A5CFF4A}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8822FF15-14BC-4210-83C2-B21BB7BFC82D}: [DhcpNameServer] 192.168.0.2 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{B5844788-BED4-4849-99BF-940E9B612EC4}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF DefaultProfile: ef26py92.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default [2021-01-13]
FF Homepage: Mozilla\SeaMonkey\Profiles\ii5mfmc2.default -> www.google.com
FF NewTab: Mozilla\SeaMonkey\Profiles\ii5mfmc2.default -> about:newtab
FF Extension: (DOM Inspector) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\inspector@mozilla.org [2016-09-22] [Legacy]
FF Extension: (ChatZilla) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-09-30] [Legacy]
FF Extension: (NoScript) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-09-23] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-08] [Legacy]
FF Extension: (JavaScript Debugger) - C:\Users\Martin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ii5mfmc2.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2016-09-22] [Legacy]
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\hziuv0tv.default-release-1597237312874 [2021-01-13]
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default [2021-01-13]
FF Extension: (MEGA) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\firefox@mega.co.nz.xpi [2020-05-01] [UpdateUrl:hxxps://mega.nz/firefox-web-extension-updates.json]
FF Extension: (Seznam doplněk - Esko) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-12-05]
FF Extension: (Popup Blocker Ultimate) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2020-03-09]
FF Extension: (Seznam doplněk - Email) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-12-05]
FF Extension: (No Name) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\a8zub8k1.default [2021-01-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Martin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> D:\Adobe\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2021-01-13]
CHR Extension: (Dokumenty) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-27]
CHR Extension: (Disk Google) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-27]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-27]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-09-01]
CHR Extension: (Ace Script) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2019-02-01]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-01]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-09-01]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-09-02]
CHR HKU\S-1-5-21-515885200-768628804-3900138106-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]

Opera:
=======
OPR Extension: (AdBlock) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2020-04-28]
OPR Extension: (Rich Hints Agent) - C:\Users\Martin\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-23]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Dropbox, Inc.)
R2 MBSTIPostRebootService; C:\Users\Martin\AppData\Local\Temp\mwb7139.tmp\MBSTIPostRebootService.exe [4089456 2021-01-08] (Malwarebytes Inc -> Malwarebytes) <==== ATTENTION
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S2 luminati_net_updater_win_hola_org; "C:/Program Files/Hola/app/net_updater64.exe" --updater win_hola.org [X]
S2 MBAMService; "D:\MB\MBAMService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2012-04-22] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [197240 2017-12-03] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-01-13] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-13] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-01-13] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2021-01-13] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [127088 2021-01-13] (Malwarebytes Inc -> Malwarebytes)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0121.sys [38432 2016-09-18] (SoftEther Corporation -> SoftEther Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [7947096 2019-01-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
S1 staport; C:\Windows\System32\Drivers\staport.sys [44568 2021-01-03] (AVAST Software s.r.o. -> )
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (TunnelBear, Inc. -> The OpenVPN Project)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-06-28] (AnchorFree Inc -> Anchorfree Inc.)
U5 UnlockerDriver5; D:\Nový priečinok\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] (Empty Loop -> )
S3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2016-10-13] (Wondershare Software Co., Ltd. -> Wondershare)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-16 09:52 - 2021-01-16 09:53 - 000015922 _____ C:\Users\Martin\Desktop\FRST.txt
2021-01-16 09:51 - 2021-01-16 09:52 - 000000000 ____D C:\FRST
2021-01-16 09:50 - 2021-01-16 09:50 - 002281472 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2021-01-14 10:27 - 2021-01-14 10:27 - 032047467 _____ C:\Users\Martin\Downloads\UNCUT - march.pdf
2021-01-13 15:57 - 2021-01-13 15:59 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\IGDump
2021-01-13 15:57 - 2021-01-13 15:57 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-13 15:57 - 2021-01-13 15:57 - 000127088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-01-13 15:57 - 2021-01-13 15:57 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-01-11 13:44 - 2021-01-13 12:45 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-01-11 13:43 - 2021-01-13 12:40 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-01-11 13:43 - 2021-01-11 13:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-01-08 11:27 - 2021-01-08 11:27 - 000000000 ____D C:\Users\Martin\AppData\Local\mbam
2021-01-05 11:10 - 2021-01-05 11:10 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-01-05 10:59 - 2021-01-16 09:49 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Seznam.cz
2021-01-05 10:59 - 2021-01-08 11:12 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-01-05 10:59 - 2021-01-05 10:59 - 000001530 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2021-01-05 10:59 - 2021-01-05 10:59 - 000001530 _____ C:\ProgramData\Desktop\Acrobat Reader DC.lnk
2021-01-05 10:57 - 2021-01-05 10:58 - 062087952 _____ C:\Users\Martin\Downloads\AcroRdrDC1500720033_cs_CZ.exe
2021-01-03 10:48 - 2021-01-03 10:01 - 000585330 _____ C:\Users\Martin\Documents\TDSSKiller.3.1.0.28_03.01.2021_09.56.41_log.txt
2021-01-03 09:41 - 2021-01-03 09:44 - 000000000 ____D C:\Program Files (x86)\GUM144B.tmp
2020-12-31 15:11 - 2020-12-31 15:12 - 006922240 _____ C:\Program Files (x86)\GUT6C89.tmp
2020-12-31 15:11 - 2020-12-31 15:11 - 000000000 ____D C:\Program Files (x86)\GUM6C78.tmp
2020-12-31 15:09 - 2021-01-03 09:39 - 000044568 _____ () C:\Windows\system32\Drivers\staport.sys
2020-12-31 15:06 - 2020-12-31 15:06 - 000000000 ____D C:\Users\Public\Security Sessions
2020-12-31 14:46 - 2020-12-31 14:46 - 000000000 ____D C:\Users\Martin\AppData\Local\Avira
2020-12-30 17:46 - 2020-12-30 17:51 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb
2020-12-18 15:35 - 2020-12-18 16:17 - 000000000 ____D C:\Users\Martin\AppData\Local\Maxthon

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-16 09:51 - 2009-07-14 05:45 - 000021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-16 09:51 - 2009-07-14 05:45 - 000021392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-16 09:49 - 2009-07-14 06:13 - 000785302 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-16 09:49 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-01-16 09:44 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-13 16:00 - 2020-08-12 14:01 - 000000000 ____D C:\Users\Martin\AppData\Local\CrashDumps
2021-01-13 12:40 - 2020-07-30 08:47 - 000000522 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-13 10:41 - 2014-08-24 11:31 - 000000000 ____D C:\Users\Martin\AppData\Local\ElevatedDiagnostics
2021-01-08 13:05 - 2020-05-06 13:06 - 000004084 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1588766768
2021-01-05 10:53 - 2014-07-30 18:56 - 000000000 ____D C:\ProgramData\Adobe
2021-01-03 14:11 - 2020-05-06 13:07 - 000004308 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1588766823
2021-01-03 14:11 - 2019-07-21 10:54 - 000003782 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2021-01-03 14:11 - 2019-07-21 10:54 - 000003342 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2021-01-03 14:11 - 2017-06-18 20:49 - 000003860 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1497815344
2021-01-03 14:11 - 2016-11-07 16:20 - 000003370 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-03 14:11 - 2016-11-07 16:20 - 000003242 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-03 14:11 - 2016-10-22 11:50 - 000003836 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1477133455
2021-01-03 14:11 - 2015-01-08 22:31 - 000003116 _____ C:\Windows\system32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A}
2021-01-03 09:44 - 2015-01-27 12:23 - 000000000 ____D C:\Program Files (x86)\Google
2020-12-31 15:13 - 2015-09-03 09:08 - 000413936 _____ C:\Windows\system32\FNTCACHE.DAT
2020-12-31 15:06 - 2015-12-11 18:15 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-31 15:05 - 2018-09-04 13:28 - 000000000 ____D C:\Windows\system32\Tasks\Avira
2020-12-31 14:51 - 2015-09-03 09:10 - 000108008 _____ C:\Users\Martin\AppData\Local\GDIPFONTCACHEV1.DAT
2020-12-31 14:39 - 2014-07-28 18:02 - 000767122 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-12-31 12:44 - 2014-11-01 16:21 - 000000000 ____D C:\Windows\Minidump
2020-12-28 13:31 - 2020-12-14 17:28 - 000000000 ____D C:\Users\Martin\AppData\Local\vback
2020-12-27 10:50 - 2014-07-29 12:15 - 000000000 ____D C:\Windows\system32\Macromed
2020-12-27 10:49 - 2014-07-29 12:15 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-12-22 13:16 - 2014-11-20 19:21 - 000000193 _____ C:\Windows\WORDPAD.INI
2020-12-20 11:45 - 2020-03-18 13:28 - 000000000 ____D C:\Users\Martin\AppData\Local\TP-Link

==================== Files in the root of some directories ========

2020-12-31 15:11 - 2020-12-31 15:12 - 006922240 _____ () C:\Program Files (x86)\GUT6C89.tmp
2014-05-08 05:05 - 2014-05-08 05:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\159 dk orange bl 4.ADO
2015-02-12 06:07 - 2015-02-12 06:07 - 000000213 _____ () C:\Users\Martin\AppData\Roaming\3BSYBS1_DDVW_ErrLog.txt
2013-10-02 03:55 - 2013-10-02 03:55 - 000000940 _____ () C:\Users\Martin\AppData\Roaming\admon.graphics.extension.xml
2014-05-08 06:44 - 2014-05-08 06:44 - 000003523 _____ () C:\Users\Martin\AppData\Roaming\Adobe-Japan1-0
2013-10-02 03:54 - 2013-10-02 03:54 - 000000453 _____ () C:\Users\Martin\AppData\Roaming\Aqtau
2013-10-02 03:54 - 2013-10-02 03:54 - 000000065 _____ () C:\Users\Martin\AppData\Roaming\Bangui
2014-05-08 05:05 - 2014-05-08 05:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\BMC blue 4.ADO
2010-07-19 22:16 - 2010-07-19 22:16 - 000004751 _____ () C:\Users\Martin\AppData\Roaming\b_no.jpg
2013-10-02 03:54 - 2013-10-02 03:54 - 000000549 _____ () C:\Users\Martin\AppData\Roaming\Catamarca
2013-10-02 03:55 - 2013-10-02 03:55 - 000001978 _____ () C:\Users\Martin\AppData\Roaming\caution.tif
2014-05-08 06:44 - 2014-05-08 06:44 - 000002828 _____ () C:\Users\Martin\AppData\Roaming\CNS2-V
2013-10-02 03:56 - 2013-10-02 03:56 - 000001266 _____ () C:\Users\Martin\AppData\Roaming\compact.list.item.spacing.xml
2014-05-08 05:05 - 2014-05-08 05:05 - 000000524 _____ () C:\Users\Martin\AppData\Roaming\Cool Gray 9 bl 4.ADO
2015-05-20 02:28 - 2015-05-20 02:28 - 000002176 _____ () C:\Users\Martin\AppData\Roaming\C_Enabled.png
2011-03-21 17:48 - 2011-03-21 17:48 - 000000512 _____ () C:\Users\Martin\AppData\Roaming\data2.cab
2013-10-02 03:55 - 2013-10-02 03:55 - 000002654 _____ () C:\Users\Martin\AppData\Roaming\dbtoepub
2013-10-02 03:56 - 2013-10-02 03:56 - 000001013 _____ () C:\Users\Martin\AppData\Roaming\double.sided.xml
2015-05-20 02:28 - 2015-05-20 02:28 - 000004817 _____ () C:\Users\Martin\AppData\Roaming\dsc_checkup_tile.png
2015-05-20 02:28 - 2015-05-20 02:28 - 000004997 _____ () C:\Users\Martin\AppData\Roaming\dsc_drivers_tile.png
2014-05-08 06:44 - 2014-05-08 06:44 - 000002862 _____ () C:\Users\Martin\AppData\Roaming\dut1995phon.env
2015-05-20 02:28 - 2015-05-20 02:28 - 000004279 _____ () C:\Users\Martin\AppData\Roaming\dxdiag.png
2007-01-16 01:00 - 2007-01-16 01:00 - 000003294 _____ () C:\Users\Martin\AppData\Roaming\Extravagancy.Y
2015-05-20 02:28 - 2015-05-20 02:28 - 000001592 _____ () C:\Users\Martin\AppData\Roaming\forward32.png
2013-10-02 03:54 - 2013-10-02 03:54 - 000001676 _____ () C:\Users\Martin\AppData\Roaming\Gibraltar
2013-10-02 03:56 - 2013-10-02 03:56 - 000005030 _____ () C:\Users\Martin\AppData\Roaming\graphics.xsl
2014-05-08 06:44 - 2014-05-08 06:44 - 000000672 _____ () C:\Users\Martin\AppData\Roaming\gre.fca
2013-10-02 03:54 - 2013-10-02 03:54 - 000000137 _____ () C:\Users\Martin\AppData\Roaming\Guatemala
2015-05-20 02:28 - 2015-05-20 02:28 - 000003291 _____ () C:\Users\Martin\AppData\Roaming\history_report_gray.png
2013-10-02 03:56 - 2013-10-02 03:56 - 000000941 _____ () C:\Users\Martin\AppData\Roaming\htmlhelp.autolabel.xml
2013-10-02 03:56 - 2013-10-02 03:56 - 000000963 _____ () C:\Users\Martin\AppData\Roaming\ignore.image.scaling.xml
2015-05-20 02:28 - 2015-05-20 02:28 - 000002116 _____ () C:\Users\Martin\AppData\Roaming\internetProperties.png
1987-02-02 01:00 - 1987-02-02 01:00 - 000046203 _____ () C:\Users\Martin\AppData\Roaming\Introvert.j6a
2013-10-02 03:56 - 2013-10-02 03:56 - 000001015 _____ () C:\Users\Martin\AppData\Roaming\javahelp.encoding.xml
2015-05-20 02:28 - 2015-05-20 02:28 - 000004676 _____ () C:\Users\Martin\AppData\Roaming\lid_closure.png
2014-05-08 05:05 - 2014-05-08 05:05 - 000000117 _____ () C:\Users\Martin\AppData\Roaming\More Saturated.hdt
2013-10-02 03:54 - 2013-10-02 03:54 - 000000097 _____ () C:\Users\Martin\AppData\Roaming\Nairobi
2013-10-02 03:56 - 2013-10-02 03:56 - 000001093 _____ () C:\Users\Martin\AppData\Roaming\navig.graphics.xml
2015-05-20 02:28 - 2015-05-20 02:28 - 000001519 _____ () C:\Users\Martin\AppData\Roaming\not_applicable_2.png
2015-05-20 02:28 - 2015-05-20 02:28 - 000001315 _____ () C:\Users\Martin\AppData\Roaming\pcdrfingerprintreader.p5m
2015-05-20 02:28 - 2015-05-20 02:28 - 000000781 _____ () C:\Users\Martin\AppData\Roaming\phone.png
2014-05-08 05:08 - 2014-05-08 05:08 - 000001433 _____ () C:\Users\Martin\AppData\Roaming\Plastic - Violet Purple, Strong & Flexible.3PP
2014-05-08 06:44 - 2014-05-08 06:44 - 000000972 _____ () C:\Users\Martin\AppData\Roaming\pol.fca
2013-10-02 03:55 - 2013-10-02 03:55 - 000001597 _____ () C:\Users\Martin\AppData\Roaming\projectteam.xml
2013-10-02 03:56 - 2013-10-02 03:56 - 000001085 _____ () C:\Users\Martin\AppData\Roaming\qanda.inherit.numeration.xml
2015-05-20 02:28 - 2015-05-20 02:28 - 000004156 _____ () C:\Users\Martin\AppData\Roaming\quick-test.png
2014-05-08 06:44 - 2014-05-08 06:44 - 000000889 _____ () C:\Users\Martin\AppData\Roaming\README_gu.txt
2014-05-08 06:44 - 2014-05-08 06:44 - 000001614 _____ () C:\Users\Martin\AppData\Roaming\s29.png
2015-05-20 02:28 - 2015-05-20 02:28 - 000003676 _____ () C:\Users\Martin\AppData\Roaming\save.png
2013-10-02 03:56 - 2013-10-02 03:56 - 000000883 _____ () C:\Users\Martin\AppData\Roaming\section.autolabel.xml
2013-10-02 03:56 - 2013-10-02 03:56 - 000001102 _____ () C:\Users\Martin\AppData\Roaming\section.title.level5.properties.xml
2015-05-20 02:28 - 2015-05-20 02:28 - 000001421 _____ () C:\Users\Martin\AppData\Roaming\security.png
2015-05-20 02:28 - 2015-05-20 02:28 - 000002649 _____ () C:\Users\Martin\AppData\Roaming\sysinfopage_forfile.css
2015-05-20 02:14 - 2015-05-20 02:14 - 000000110 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_ar.p5p
2015-05-20 02:14 - 2015-05-20 02:14 - 000000095 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_it.p5p
2015-05-20 02:14 - 2015-05-20 02:14 - 000000112 _____ () C:\Users\Martin\AppData\Roaming\tweakChkDsk_nl.p5p
2015-05-20 02:14 - 2015-05-20 02:14 - 000001728 _____ () C:\Users\Martin\AppData\Roaming\tweakNetworkingManual_ko.p5p
2013-10-02 03:56 - 2013-10-02 03:56 - 000001323 _____ () C:\Users\Martin\AppData\Roaming\ulink.show.xml
2015-05-20 02:28 - 2015-05-20 02:28 - 000001543 _____ () C:\Users\Martin\AppData\Roaming\user_attention.png
2017-10-17 20:40 - 2017-10-17 20:40 - 000009029 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2015-06-16 16:54 - 2015-06-16 16:54 - 000000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-01-13 11:44
==================== End of FRST.txt ========================














==================== Accounts: =============================

Administrator (S-1-5-21-515885200-768628804-3900138106-500 - Administrator - Disabled)
Guest (S-1-5-21-515885200-768628804-3900138106-501 - Limited - Disabled)
Martin (S-1-5-21-515885200-768628804-3900138106-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F37078EA-4B6A-1D6F-6FED-3EDF2117B42C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.35.1 - Asmedia Technology)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: - )
Indeo® Software (HKLM-x32\...\Indeo® Software) (Version: - )
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoGP URT 3 (HKLM-x32\...\MotoGP URT 3_is1) (Version: - THQ)
Opera Stable 73.0.3856.329 (HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Opera 73.0.3856.329) (Version: 73.0.3856.329 - Opera Software)
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Quake II (HKLM-x32\...\Quake2UninstallKey) (Version: - )
Seznam Software (HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\SeznamInstall) (Version: 2.1.35 - Seznam.cz)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tomb Raider III (HKLM-x32\...\Tomb Raider III) (Version: - )
TP-Link Archer T2U Plus Driver (HKLM-x32\...\{D646A985-33A6-4D98-973F-44CC267BD834}) (Version: 2.1.0 - TP-Link)
TP-LINK Wireless Client Utility (HKLM-x32\...\{7A2A107B-9695-423F-9462-8F17C178BD35}) (Version: 7.0 - TP-LINK)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.6 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [.Akclap5962] -> {8a9b264c-eb61-4135-a455-0f6767c09462} => C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962.dll [2016-07-08] (BEIJING KUWO TECHNOLOGY CO.,LTD. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\MB\mbshlext.dll -> No File
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => D:\Nový priečinok\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-07-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\MB\mbshlext.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => D:\Nový priečinok\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.yvu9] => C:\Windows\SysWOW64\iyvu9_32.dll [56320 2000-06-22] () [File not signed]
HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32.dll [746496 2009-07-14] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2009-07-14] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv41] => C:\Windows\SysWOW64\ir41_32.ax [839680 2009-07-14] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [vidc.iv31] => C:\Windows\SysWOW64\ir32_32.dll [197632 2009-07-14] (Microsoft Windows -> Intel(R) Corporation)
HKLM\...\Drivers32: [vidc.iv32] => C:\Windows\SysWOW64\ir32_32.dll [197632 2009-07-14] (Microsoft Windows -> Intel(R) Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2015-07-28 21:45 - 2015-07-28 21:45 - 000127488 _____ () [File not signed] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [127]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19294763.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46505285.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69658559.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dump_61A1F6F0.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19294763.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46505285.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69658559.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dump_61A1F6F0.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> {A8A2381B-85B6-4030-B763-863A4F470EAD} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc -> Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07] (Google Inc -> Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07] (Google Inc -> Google Inc.)
Toolbar: HKU\S-1-5-21-515885200-768628804-3900138106-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-10-25 09:56 - 000000128 _____ C:\Windows\system32\drivers\etc\hosts
0.0.0.0 www.mefeedia.com
0.0.0.0 www.mefeedia.com
0.0.0.0 delivery.anchorfree.us/land.php

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515885200-768628804-3900138106-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Avira SystrayStartTrigger => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: Spotify => C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
MSCONFIG\startupreg: Spotify Web Helper => C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: TIDAL => C:\Users\Martin\AppData\Local\TIDAL\update.exe --processStart TIDAL.exe --process-start-args " -autostart -minimized"
MSCONFIG\startupreg: Vivaldi Update Notifier => "D:\zde\html\vivaldi\Application\update_notifier.exe"
MSCONFIG\startupreg: ZPNConnect => C:\Program Files (x86)\ZPN Connect\ZpnCli.exe

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{646DCD8D-DF44-49C1-8F8E-C9FF2902413E}] => (Allow) D:\PROGRAMY\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A2AD1C24-3EE8-4850-8E35-DFBB4C259DAA}] => (Allow) D:\PROGRAMY\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D7B9C5CE-4AC8-48C1-BD71-B357B8BF3E5F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed]
FirewallRules: [{9A8EE00C-D15B-4081-98BC-A1B3116BD335}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed]
FirewallRules: [{E15D46E9-0EA6-489E-9917-B27393EA56A1}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe (Eidos Inc.) [File not signed]
FirewallRules: [{B12F4E68-0197-4558-B750-D4D26A9EAC50}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider Legend\trl.exe (Eidos Inc.) [File not signed]
FirewallRules: [TCP Query User{C5EB449F-BED4-49D4-8CE4-ADA02F25B1F3}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe (杭州缪斯客网络科技有限公司 -> xiami)
FirewallRules: [UDP Query User{E20D8B8E-7B76-46C2-9AC2-8FCEA7D0CA8B}C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe] => (Allow) C:\users\martin\appdata\roaming\xmusicupdate\xmusicserver.exe (杭州缪斯客网络科技有限公司 -> xiami)
FirewallRules: [TCP Query User{916542B8-37B2-4B45-8060-109345C8D7D2}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe () [File not signed]
FirewallRules: [UDP Query User{94383437-B0C7-46BF-8400-48F5FAA98512}D:\motogp urt 3\motogp.exe] => (Allow) D:\motogp urt 3\motogp.exe () [File not signed]
FirewallRules: [{4340AC80-268D-4F82-98E3-E4FE4E6330BE}] => (Allow) LPort=58172
FirewallRules: [{7F90DB53-54DC-467F-B390-D2E4D32DC869}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{50D55F4D-4E3B-41B2-A715-3ECA3D36AE4A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FE49B77-DD32-436C-BCF3-3F2E7A138D35}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{156B5BE0-89CD-4A0C-9D50-93A6ABE80ADF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FC1D952F-5E1F-4A2D-8A00-7F2DAB0A4362}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Winquake.exe () [File not signed]
FirewallRules: [{18D07B99-F756-477C-A3F8-9A0E0671E1AE}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Winquake.exe () [File not signed]
FirewallRules: [{E4DE097F-E158-4E61-AF35-6722290BF174}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\qwcl.exe () [File not signed]
FirewallRules: [{528A0558-DB36-443A-970A-4BE62F812E2F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\qwcl.exe () [File not signed]
FirewallRules: [{96BD2439-CF1D-4FFD-A2D3-2C51B89B4E94}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Glquake.exe () [File not signed]
FirewallRules: [{B587AAA2-75F6-4894-800A-E35868546DD4}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\Glquake.exe () [File not signed]
FirewallRules: [{EA984656-E4B7-4B8B-898D-9986FA114EFB}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\glqwcl.exe () [File not signed]
FirewallRules: [{9FD3D1A5-524A-4C0F-9EF3-ECB25CE0FD4F}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Quake\glqwcl.exe () [File not signed]
FirewallRules: [{48884CF9-C9F6-4B7B-9618-519346195568}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Doom 3\Doom3.exe (id Software) [File not signed]
FirewallRules: [{567B0639-D3DD-4FFE-A048-2B77CADBD5F6}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Doom 3\Doom3.exe (id Software) [File not signed]
FirewallRules: [{DFBD8EE5-F740-42B6-A2AB-6A21270C36C0}] => (Allow) D:\PROGRAMY\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{27B11473-F9D8-410F-9C78-6F50A32938CD}] => (Allow) D:\PROGRAMY\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{77265782-1673-4971-9015-3242B795AFD4}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider (IV) The Last Revelation\tomb4.exe () [File not signed]
FirewallRules: [{1378041D-0AAC-4736-9316-F58DB6F5D296}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Tomb Raider (IV) The Last Revelation\tomb4.exe () [File not signed]
FirewallRules: [{3343048D-CB83-403B-9590-C86A67F302B0}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe (DOSBox Team) [File not signed]
FirewallRules: [{DDC707A2-7CCE-45D4-AC71-4CED9833256E}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Ultimate Doom\base\dosbox.exe (DOSBox Team) [File not signed]
FirewallRules: [{5B93A129-36D2-44F2-ADDD-B66A0A4E4028}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Portal\hl2.exe (Valve -> )
FirewallRules: [{5B1E9D5E-BAE6-48F2-A668-38CBDD0A3F61}] => (Allow) D:\PROGRAMY\Steam\steamapps\common\Portal\hl2.exe (Valve -> )
FirewallRules: [TCP Query User{A8186A9F-348F-41F8-9193-C1E00E438A16}D:\motogp urt 3\motogp.exe] => (Block) D:\motogp urt 3\motogp.exe () [File not signed]
FirewallRules: [UDP Query User{E285566E-D64D-4500-885E-74FDD1149332}D:\motogp urt 3\motogp.exe] => (Block) D:\motogp urt 3\motogp.exe () [File not signed]
FirewallRules: [{0EAC026A-F042-4768-8CBF-FD0B8DF8E2DD}] => (Allow) C:\Users\Martin\AppData\Local\Programs\Opera\73.0.3856.284\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{21258AE2-A1A4-4465-838F-9C3F99363929}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{98C156FD-A928-4EF3-BCF6-07C6AD0666EA}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{DFA12FF2-AE78-4B11-AF59-446F287F445F}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{9573238F-0E31-4266-ABD6-56398490E6F4}] => (Allow) C:\Users\Martin\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

13-08-2020 12:07:50 Plánovaný kontrolný bod
20-08-2020 13:52:05 Plánovaný kontrolný bod
27-08-2020 15:15:13 Plánovaný kontrolný bod
05-09-2020 10:02:38 Plánovaný kontrolný bod
13-09-2020 13:17:40 Plánovaný kontrolný bod
21-09-2020 13:23:00 Plánovaný kontrolný bod
29-09-2020 14:23:08 Plánovaný kontrolný bod
11-10-2020 12:57:07 Plánovaný kontrolný bod
20-10-2020 14:18:00 Plánovaný kontrolný bod
28-10-2020 11:09:22 Plánovaný kontrolný bod
07-11-2020 16:15:50 Plánovaný kontrolný bod
15-11-2020 14:03:14 Plánovaný kontrolný bod
31-12-2020 14:41:30 Inštalátor modulov systému Windows
31-12-2020 15:06:42 Removed Avira Home Guard
31-12-2020 15:26:16 Removed Adobe Acrobat Reader DC - Slovak.
05-01-2021 10:41:10 Installed Adobe Reader XI - Slovak.
05-01-2021 10:53:35 Removed Adobe Reader XI - Slovak.
05-01-2021 10:59:01 Installed Adobe Acrobat Reader DC - Czech.
13-01-2021 11:52:17 Plánovaný kontrolný bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/16/2021 09:53:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (01/16/2021 09:53:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (01/16/2021 09:53:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (01/16/2021 09:53:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (01/16/2021 09:53:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (01/16/2021 09:53:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (01/16/2021 09:53:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.

Error: (01/16/2021 09:53:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Zlyhala extrakcia zoznamu koreňových certifikátov nezávislých vydavateľov z kabinetu automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri spracovaní reťazca certifikátov sa reťazec ukončil pri koreňovom certifikáte, pretože dôveryhodný poskytovateľ ho nepovažuje za dôveryhodný.
.


System errors:
=============
Error: (01/16/2021 09:44:36 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/16/2021 09:44:33 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/16/2021 09:44:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/16/2021 09:44:26 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (01/16/2021 09:44:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nasledujúce ovládače pre spustenie zavedenia alebo spustenie systému zlyhali pri načítaní:
staport

Error: (01/16/2021 09:44:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Malwarebytes Service zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (01/16/2021 09:44:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby Luminati Net Updater (win_hola.org) zlyhalo kvôli nasledujúcej chybe:
Systém nemôže nájsť zadaný súbor.

Error: (01/16/2021 09:44:19 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: Modul WLAN Extensibility Module sa nepodarilo spustiť.

Cesta k modulu: C:\Windows\system32\athExt.dll
Kód chyby: 126


Windows Defender:
===================================
Date: 2018-09-06 11:08:41.156
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{AE98B6B0-B283-436D-B583-8F2BFBCEDAF1}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-09-06 11:08:37.365
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{7078D724-96C6-46FD-A887-ACE1D1591977}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

Date: 2018-09-06 11:07:54.903
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{3B58ABC9-4977-4189-B41B-3D214B4BA97C}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2021-01-16 09:53:32.908
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\staport.sys because the set of per-page image hashes could not be found on the system.

Date: 2021-01-16 09:53:32.908
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\staport.sys because the set of per-page image hashes could not be found on the system.

Date: 2021-01-16 09:53:32.908
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\staport.sys because the set of per-page image hashes could not be found on the system.

Date: 2021-01-16 09:53:32.908
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\staport.sys because the set of per-page image hashes could not be found on the system.

Date: 2021-01-16 09:53:12.660
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\staport.sys because the set of per-page image hashes could not be found on the system.

Date: 2021-01-16 09:53:12.660
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\staport.sys because the set of per-page image hashes could not be found on the system.

Date: 2021-01-16 09:44:09.306
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\staport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-01-16 09:44:09.306
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\staport.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 0705 08/22/2011
Motherboard: ASUSTeK Computer INC. M5A97
Processor: AMD Athlon(tm) II X3 460 Processor
Percentage of memory in use: 30%
Total physical RAM: 8154.46 MB
Available physical RAM: 5696.36 MB
Total Virtual: 16307.1 MB
Available Virtual: 13828.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:107.32 GB) (Free:13.67 GB) NTFS
Drive d: () (Fixed) (Total:358.34 GB) (Free:327.7 GB) NTFS

\\?\Volume{3ccbebad-1674-11e4-ba11-806e6f6e6963}\ (Vyhradené systémom) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: A4C80B1C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=358.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
Nahoru
Conder
VIP
VIP
Příspěvky: 4400
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#25 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\Users\Martin\AppData\LocalLow\IGDump
Folder: C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb
ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

HKLM-x32\...\Run: [seznam-listicka-distribuce] => "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
BootExecute: autocheck autochk * sdnclean64.exe
Task: {D685FBD3-3F61-4B51-8098-F5939AE599DB} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Martin\AppData\Local\Temp\scoped_dir2744_29998\esetonlinescanner_sky.exe <==== ATTENTION
Task: {DE09111B-73DD-4875-876D-C293F20E8F18} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Martin\AppData\Local\Temp\scoped_dir2744_29998\esetonlinescanner_sky.exe <==== ATTENTION
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"
FF Extension: (No Name) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Martin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
2021-01-13 15:57 - 2021-01-13 15:59 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\IGDump
2021-01-03 09:41 - 2021-01-03 09:44 - 000000000 ____D C:\Program Files (x86)\GUM144B.tmp
2020-12-31 15:11 - 2020-12-31 15:12 - 006922240 _____ C:\Program Files (x86)\GUT6C89.tmp
2020-12-31 15:11 - 2020-12-31 15:11 - 000000000 ____D C:\Program Files (x86)\GUM6C78.tmp
2020-12-30 17:46 - 2020-12-30 17:51 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb
2020-12-31 15:11 - 2020-12-31 15:12 - 006922240 _____ () C:\Program Files (x86)\GUT6C89.tmp
2015-06-16 16:54 - 2015-06-16 16:54 - 000000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} =>  -> No File
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\MB\mbshlext.dll -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\MB\mbshlext.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} =>  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [127]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19294763.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46505285.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69658559.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dump_61A1F6F0.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19294763.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46505285.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69658559.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dump_61A1F6F0.sys => ""="Driver"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

EmptyTemp:
End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Prosím o kontrolu logu

#26 Příspěvek od Peelie »

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-01-2021
Ran by Martin (17-01-2021 09:38:40) Run:1
Running from C:\Users\Martin\Desktop
Loaded Profiles: Martin
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\Users\Martin\AppData\LocalLow\IGDump
Folder: C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb
ExportKey: HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

HKLM-x32\...\Run: [seznam-listicka-distribuce] => "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [cz.seznam.software.autoupdate] => C:\Users\Martin\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Run: [cz.seznam.software.szndesktop] => C:\Users\Martin\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
BootExecute: autocheck autochk * sdnclean64.exe
Task: {D685FBD3-3F61-4B51-8098-F5939AE599DB} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Martin\AppData\Local\Temp\scoped_dir2744_29998\esetonlinescanner_sky.exe <==== ATTENTION
Task: {DE09111B-73DD-4875-876D-C293F20E8F18} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Martin\AppData\Local\Temp\scoped_dir2744_29998\esetonlinescanner_sky.exe <==== ATTENTION
Task: {F96B2165-AA32-4349-B138-0B738423926C} - System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => C:\Windows\system32\pcalua.exe -a C:\Windows\IsUninst.exe -c -f"d:\Thomb raider 3\Uninst.isu"
FF Extension: (No Name) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} [not found]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKU\S-1-5-21-515885200-768628804-3900138106-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Martin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => not found
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
2021-01-13 15:57 - 2021-01-13 15:59 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\IGDump
2021-01-03 09:41 - 2021-01-03 09:44 - 000000000 ____D C:\Program Files (x86)\GUM144B.tmp
2020-12-31 15:11 - 2020-12-31 15:12 - 006922240 _____ C:\Program Files (x86)\GUT6C89.tmp
2020-12-31 15:11 - 2020-12-31 15:11 - 000000000 ____D C:\Program Files (x86)\GUM6C78.tmp
2020-12-30 17:46 - 2020-12-30 17:51 - 000000000 ____D C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb
2020-12-31 15:11 - 2020-12-31 15:12 - 006922240 _____ () C:\Program Files (x86)\GUT6C89.tmp
2015-06-16 16:54 - 2015-06-16 16:54 - 000000000 _____ () C:\Users\Martin\AppData\Local\Temp.dat
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers2: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\MB\mbshlext.dll -> No File
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File
ContextMenuHandlers4: [duba_64bit] -> {DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers4: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\MB\mbshlext.dll -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [SpyEmergency] -> {2E9FFF5C-4375-494d-951F-098BAA42239E} => -> No File
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [127]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19294763.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46505285.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\69658559.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dump_61A1F6F0.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19294763.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46505285.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\69658559.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dump_61A1F6F0.sys => ""="Driver"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 7
Average :
Sum : 4588815
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========


========================= Folder: C:\Users\Martin\AppData\LocalLow\IGDump ========================


====== End of Folder: ======


========================= Folder: C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb ========================

2019-03-14 15:20 - 2019-03-14 15:20 - 000018232 ____A [E2F648AE40D234A3892E1455B4DBBE05] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-core-file-l1-2-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000018232 ____A [E479444BDD4AE4577FD32314A68F5D28] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-core-file-l2-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000020792 ____A [EFF11130BFE0D9C90C0026BF2FB219AE] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-core-localization-l1-2-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000018744 ____A [D0289835D97D103BAD0DD7B9637538A1] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-core-processthreads-l1-1-1.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000018744 ____A [0D1AA99ED8069BA73CFD74B0FDDC7B3A] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-core-synch-l1-2-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000018224 ____A [BABF80608FD68A09656871EC8597296C] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-core-timezone-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000022328 ____A [72E28C902CD947F9A3425B19AC5A64BD] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-convert-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000018736 ____A [AC290DAD7CB4CA2D93516580452EDA1C] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-environment-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000020280 ____A [AEC2268601470050E62CB8066DD41A59] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-filesystem-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000019256 ____A [93D3DA06BF894F4FA21007BEE06B5E7D] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-heap-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000018744 ____A [A2F2258C32E3BA9ABF9E9E38EF7DA8C9] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-locale-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000028984 ____A [8B0BA750E7B15300482CE6C961A932F0] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-math-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000026424 ____A [35FC66BD813D0F126883E695664E7B83] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-multibyte-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000022840 ____A [41A348F9BEDC8681FB30FA78E45EDB24] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-runtime-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000024368 ____A [FEFB98394CB9EF4368DA798DEAB00E21] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-stdio-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000023488 ____A [404604CD100A1E60DFDAF6ECF5BA14C0] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-string-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000020792 ____A [849F2C3EBF1FCBA33D16153692D5810F] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-time-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000018744 ____A [B52A0CA52C9C207874639B62B6082242] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\api-ms-win-crt-utility-l1-1-0.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000137168 ____A [EAE9273F8CDCF9321C6C37C244773139] (Mozilla Foundation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\mozglue.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000440120 ____A [109F0F02FD37C84BFC7508D4227D7ED5] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\msvcp140.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 001245136 ____A [02CC7B8EE30056D5912DE54F1BDFC219] (Mozilla Foundation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\nss3.dll
2019-03-14 15:20 - 2019-03-14 15:20 - 000083784 ____A [7587BF9CB4147022CD5681B015183046] (Microsoft Corporation) C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb\vcruntime140.dll

====== End of Folder: ======

================== ExportKey: ===================

[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]
"ActivePolicy"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{e8baf6a8-c7f7-43b9-aa58-2a9ac8e1b6e2}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{d7ae2bb3-37e5-4c40-9823-c58774dd6e89}]
"className"="ipsecFilter"
"name"="ipsecFilter{d7ae2bb3-37e5-4c40-9823-c58774dd6e89}"
"ipsecName"="Filter1"
"ipsecID"="{d7ae2bb3-37e5-4c40-9823-c58774dd6e89}"
"ipsecDataType"="256"
"ipsecData"="b520dc80c82ed111a89e00a0248d3021a60400001100000002000000000002000000000002000000000011431ae6ff120a499a06299ff29cfd3a01000000000000000000000000000000ffffffff00000000060000000000bd0100000000020000000000 (the data entry has 2228 more characters)."
"whenChanged"="1609346672"
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{be87f8fc-4389-4753-8483-5315b5e630ca}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{765fd4b3-d8df-4b65-9718-4d238664196a}]
"className"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{765fd4b3-d8df-4b65-9718-4d238664196a}"
"ipsecID"="{765fd4b3-d8df-4b65-9718-4d238664196a}"
"ipsecDataType"="256"
"ipsecData"="b820dc80c82ed111a89e00a0248d3021c0000000b3d45f76dfd8654b97184d238664196a00000000000000000000000000000000000000008070000000000000000000000000000000000000000000000200000000000000030000004000000008000000 (the data entry has 226 more characters)."
"whenChanged"="1609346670"
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{e8baf6a8-c7f7-43b9-aa58-2a9ac8e1b6e2}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{16f48853-a822-4cda-bbaa-e96375495cf9}]
"className"="ipsecNegotiationPolicy"
"name"="ipsecNegotiationPolicy{16f48853-a822-4cda-bbaa-e96375495cf9}"
"ipsecName"="FilteraAtion1"
"ipsecID"="{16f48853-a822-4cda-bbaa-e96375495cf9}"
"ipsecNegotiationPolicyAction"="{3f91a819-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
"ipsecDataType"="256"
"ipsecData"="b920dc80c82ed111a89e00a0248d3021040000000000000000"
"whenChanged"="1609346672"
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{be87f8fc-4389-4753-8483-5315b5e630ca}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{7606ceae-202e-4f53-82a1-28b512903cee}]
"className"="ipsecNegotiationPolicy"
"name"="ipsecNegotiationPolicy{7606ceae-202e-4f53-82a1-28b512903cee}"
"ipsecID"="{7606ceae-202e-4f53-82a1-28b512903cee}"
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
"ipsecDataType"="256"
"ipsecData"="b920dc80c82ed111a89e00a0248d3021a40000000200000000000000000000000000000000000000010000000300000002000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 (the data entry has 170 more characters)."
"whenChanged"="1609346671"
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{128a628a-0cdf-452f-bab8-2a6f3ed76ebd}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{128a628a-0cdf-452f-bab8-2a6f3ed76ebd}]
"className"="ipsecNFA"
"name"="ipsecNFA{128a628a-0cdf-452f-bab8-2a6f3ed76ebd}"
"ipsecID"="{128a628a-0cdf-452f-bab8-2a6f3ed76ebd}"
"ipsecDataType"="256"
"ipsecData"="00acbb118d49d111863900a0248d30212a0000000100000005000000020000000000fdffffff0200000000000000000000000000000000000200000000000101010101010101010101010101010101000000050000000000000001010101010101010101 (the data entry has 30 more characters)."
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNegotiationPolicy{7606ceae-202e-4f53-82a1-28b512903cee}"
"whenChanged"="1609346671"
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{e8baf6a8-c7f7-43b9-aa58-2a9ac8e1b6e2}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{be87f8fc-4389-4753-8483-5315b5e630ca}]
"className"="ipsecNFA"
"name"="ipsecNFA{be87f8fc-4389-4753-8483-5315b5e630ca}"
"ipsecName"="Rule1"
"ipsecID"="{be87f8fc-4389-4753-8483-5315b5e630ca}"
"ipsecDataType"="256"
"ipsecData"="00acbb118d49d111863900a0248d30212a0000000100000005000000020000000000fdffffff0200000000000000000000000000010000000200000000000101010101010101010101010101010101000000050000000000000001010101010101010101 (the data entry has 30 more characters)."
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNegotiationPolicy{16f48853-a822-4cda-bbaa-e96375495cf9}"
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecFilter{d7ae2bb3-37e5-4c40-9823-c58774dd6e89}"
"whenChanged"="1609346672"
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{e8baf6a8-c7f7-43b9-aa58-2a9ac8e1b6e2}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{e8baf6a8-c7f7-43b9-aa58-2a9ac8e1b6e2}]
"className"="ipsecPolicy"
"name"="ipsecPolicy{e8baf6a8-c7f7-43b9-aa58-2a9ac8e1b6e2}"
"ipsecName"="qianye"
"ipsecID"="{e8baf6a8-c7f7-43b9-aa58-2a9ac8e1b6e2}"
"ipsecDataType"="256"
"ipsecData"="632120224c4fd111863b00a0248d302104000000302a000000"
"ipsecISAKMPReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecISAKMPPolicy{765fd4b3-d8df-4b65-9718-4d238664196a}"
"whenChanged"="1609346672"
"ipsecNFAReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{be87f8fc-4389-4753-8483-5315b5e630ca}*SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{128a628a-0cdf-452f-bab8-2a6f3ed76e (the data entry has 3 more characters)."

=== End of ExportKey ===
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce" => removed successfully
"HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate" => removed successfully
"HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop" => removed successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D685FBD3-3F61-4B51-8098-F5939AE599DB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D685FBD3-3F61-4B51-8098-F5939AE599DB}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE09111B-73DD-4875-876D-C293F20E8F18}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE09111B-73DD-4875-876D-C293F20E8F18}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F96B2165-AA32-4349-B138-0B738423926C} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F96B2165-AA32-4349-B138-0B738423926C} => removed successfully
C:\Windows\System32\Tasks\{F529C778-212F-4A4C-A435-C1F3B293A60A} => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F529C778-212F-4A4C-A435-C1F3B293A60A} => removed successfully
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ef26py92.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b} => path removed successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removed successfully
"HKU\S-1-5-21-515885200-768628804-3900138106-1000\Software\Mozilla\Firefox\Extensions\\acewebextension_unlisted@acestream.org" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh => removed successfully
C:\Users\Martin\AppData\LocalLow\IGDump => moved successfully
C:\Program Files (x86)\GUM144B.tmp => moved successfully
C:\Program Files (x86)\GUT6C89.tmp => moved successfully
C:\Program Files (x86)\GUM6C78.tmp => moved successfully
C:\Users\Martin\AppData\LocalLow\nb98wqnehe8bw89hb => moved successfully
"C:\Program Files (x86)\GUT6C89.tmp" => not found
C:\Users\Martin\AppData\Local\Temp.dat => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SpyEmergency => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\duba_64bit => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt => removed successfully
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => could not remove. Access Denied.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\###MegaContextMenuExt => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\duba_64bit => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\SpyEmergency => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\MBAMShlExt => removed successfully
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SpyEmergency => removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\19294763.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\46505285.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\69658559.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dump_61A1F6F0.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\19294763.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\46505285.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\69658559.sys => removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dump_61A1F6F0.sys => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5163963 B
Java, Flash, Steam htmlcache => 194727079 B
Windows/system/drivers => 4167545 B
Edge => 0 B
Chrome => 783327 B
Firefox => 109992078 B
Opera => 283980417 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 288 B
LocalService => 288 B
NetworkService => 288 B
Martin => 7507028 B

RecycleBin => 0 B
EmptyTemp: => 586.2 MB temporary data Removed.

================================
Nahoru
Conder
VIP
VIP
Příspěvky: 4400
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#27 Příspěvek od Conder »

Ako to momentalne vyzera s PC?

Mas programy Seznam Software (a Seznam doplnky v prehliadacoch) a Google Toolbar nainstalovane umyselne? Ak nie, odporucam ich odinstalovat.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Prosím o kontrolu logu

#28 Příspěvek od Peelie »

Nie je ziadny problem.
Nahoru
Conder
VIP
VIP
Příspěvky: 4400
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Prosím o kontrolu logu

#29 Příspěvek od Conder »

OK, este odporucam spustit nasledovne:
:arrow: Spusti kontrolu integrity systemovych suborov:
  • Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
  • Skopiruj a spusti prikaz:

    Kód: Vybrat vše

    sfc /scannow
  • Po dokonceni skopiruj a spusti tento prikaz:

    Kód: Vybrat vše

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
  • Na ploche sa vytvori subor sfcdetails.txt, zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
  • Restartuj PC a napis ako sa chova PC
Ak nebudu ziadne problemy, tak potom staci uz iba upratat po nastrojoch.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!
Nahoru
Peelie
Návštěvník
Návštěvník
Příspěvky: 287
Registrován: 09 říj 2006 18:03

Re: Prosím o kontrolu logu

#30 Příspěvek od Peelie »

Dobre.Dakujem za cas a ochotu.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“