Dobrý den,
už asi 5 dní v kuse zkouším odstranit adf.ly malware, nejspíš to mám z warcraftu 3(při instalaci se to na instalaci dalších programů neptalo) z uložto. V pc jsem měl malwarebytes i adwcleaner(nastavil jsem i všechny disky a zaškrtnul rootkity), hitman pro, zemana a další, zkusil jsem všechno co jsem našel, nic nepomohlo. Pokaždé když zapnu NTB, nebo se přihlásím, tak vyskočí adf.ly stránka... Už jsem opravdu na prášky, PC jede rychle, nic neblbne, ale mám v něm i docela důležitá data. Používám google chorme, ale když jsem ho odstranil, tak to házelo i v exploreru, nebo edge. Jo než se spustí ten prohlížeč s adf.ly, tak vždy rychle problikne nějaký příkazový řádek, předpokládám, že to s tím souvisí. Mám zkušební verzi placeného esetu, úplná kontrola nic nenašla... Zde jsem se dočetl o nějakých logách z programu FRST, tak je sem přikládám. Velmi děkuji za jakoukoliv pomoc.
zde je jeden log (asi hlavní)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by Legion (administrator) on LAPTOP-2VUTRN91 (LENOVO 81LB) (03-01-2021 10:08:15)
Running from C:\Users\Legion\Desktop
Loaded Profiles: Legion & postgres
Platform: Windows 10 Home Version 2004 19041.685 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <35>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_7ecc5be6ca7b3b0d\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_d52c63e0e1c02c96\jhi_service.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e1356fc87d32eeee\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_e1356fc87d32eeee\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a5d0ffe42e074935\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a5d0ffe42e074935\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\Lenovo.Vantage.AddinHost.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\LenovoVantageService.exe
(LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.19.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvltsi.inf_amd64_aacafe9b3d86dddc\Display.NvContainer\NVDisplay.Container.exe <2>
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(PostgreSQL Global Development Group) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\postgres.exe <7>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\Huion Tablet.exe
(Shenzhen Huion Animation Technology Co.,LTD -> ) C:\Huion Tablet\x64\TabletDriverCore.exe
Failed to access process -> mbamtray.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [878584 2019-05-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [TabletDriver] => C:\Huion Tablet\Huion Tablet.exe [235240 2019-12-04] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [175504 2020-10-26] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4168442402-3509706111-3992125715-1002\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-04-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4168442402-3509706111-3992125715-1002\...\Run: [TabletDriver] => C:\Huion Tablet\x64\TabletDriverCore.exe [335592 2019-12-04] (Shenzhen Huion Animation Technology Co.,LTD -> )
HKU\S-1-5-21-4168442402-3509706111-3992125715-1002\...\MountPoints2: {b4d1f3fa-e3a6-11ea-ae13-283a4d36428a} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-4168442402-3509706111-3992125715-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2021-01-02] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Huion Tablet.lnk [2020-04-18]
ShortcutTarget: Huion Tablet.lnk -> C:\Huion Tablet\Huion Tablet.exe (Shenzhen Huion Animation Technology Co.,LTD -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\updateSteam.bat [2018-02-03] () [File not signed]
BootExecute: autocheck autochk *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {2E055151-8867-493B-B911-25E353C1B8A6} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3D76A5B3-B220-4150-B275-52AFE162B29C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3F9DFA69-4087-48D6-87D8-EEFD381DF33B} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {466DEE85-F9BD-4C70-8AB4-711696813A8C} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {4B1A450D-E135-489F-BC82-D943B815FBCD} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {4C1A5A9B-AA9C-4D49-AAB5-3EC0C778155C} - \Lenovo\ImController\TimeBasedEvents\542c5abc-39a6-450d-a386-673f3beb09ee -> No File <==== ATTENTION
Task: {57BBA088-7D91-40AC-BC1F-8CB6C2B6103E} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {5BAE2012-D0D3-4430-973F-229F919F8606} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\ScheduleEventAction.exe [24408 2020-11-05] (Lenovo -> Lenovo Group Ltd.)
Task: {5C9D70CA-25B1-425E-B5DD-7D01A34F0A71} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {633CDFFA-B0EF-4D91-ADDB-0B1C3FE89C51} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {773391BE-2C2D-4BE6-9EDE-6293A1EB80CB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4168442402-3509706111-3992125715-1004 => C:\Users\Legion\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {7976EC25-046A-4562-AB7D-0BD04A404C04} - \Lenovo\ImController\TimeBasedEvents\1aa8538a-64d4-4d6a-bc18-d4b156f66864 -> No File <==== ATTENTION
Task: {7F18BE1D-552A-4AA1-B95D-781A6A7EC93E} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
Task: {80BDFFCF-AA8F-44B6-AA56-08F7F1C4C682} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {972F90C9-6098-43C3-AF93-4F3D63A46AF0} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Legion\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {977FC050-78D7-427B-975E-82A868A4D843} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {9BDF01EE-3C24-4C48-A763-60DDE4707FE1} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AED1FD53-0BC7-4D54-A7D9-5A638670EED7} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AF223032-65E3-49E0-BBCF-D9F53B469472} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4168442402-3509706111-3992125715-1001 => C:\Users\Legion\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {B39FBC5B-8DA7-43DC-998D-144FEF103635} - System32\Tasks\Lenovo\FBNetFilter PNP Task => C:\WINDOWS\System32\drivers\FBNetFilterInstall.exe [1149352 2019-03-04] (LENOVO (UNITED STATES) INC. -> Lenovo Group Ltd.)
Task: {C3497843-634C-4D17-83BC-CBCC094B6EBF} - System32\Tasks\Agent Activation Runtime\S-1-5-21-4168442402-3509706111-3992125715-1002 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-12-12] (Microsoft Windows -> )
Task: {D2310431-D744-4AA7-89D9-19CBE7D58464} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {D36E6589-FF2C-4A15-9E53-0F306F1BBFBB} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {DE694739-026D-473F-8890-9B26988D6169} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-filipin50@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E24CE25D-E7A2-4A16-A11E-8BDD6E8A30D8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EB712473-C5F2-48FA-97F0-4958B396ED41} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {EF4ACE08-4157-4D98-BE4F-A4DC6A177531} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F0D55613-DBA6-43D9-9743-9223E12CDCAC} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
Task: {F522772F-22EC-449D-BCC7-77A5C10D377A} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-4168442402-3509706111-3992125715-1002 => C:\Users\Legion\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
Task: {F528F1C8-35DF-4826-A8A6-89450EE89B25} - \Lenovo\ImController\TimeBasedEvents\6cd92ccf-3bd8-46f3-8580-3e5e69b7b7da -> No File <==== ATTENTION
Task: {F5FEE290-069D-40C8-9143-6969F7A80166} - \Lenovo\ImController\TimeBasedEvents\5dd02dd5-62a1-439f-9f14-bccfecabf46b -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.77.1
Tcpip\..\Interfaces\{101d0408-cccb-47d0-ad71-8fd8135a5211}: [DhcpNameServer] 192.168.77.1
Tcpip\..\Interfaces\{a3005ae0-efc7-40ad-b04c-502b5927f9de}: [DhcpNameServer] 212.47.1.4 212.47.0.4
Tcpip\..\Interfaces\{fb813eb4-cfcd-4660-8a55-2eba553bff52}: [DhcpNameServer] 212.47.1.4 212.47.0.4
Edge:
======
Edge Profile: C:\Users\Legion\AppData\Local\Microsoft\Edge\User Data\Default [2021-01-03]
Edge HomePage: Default -> hxxp://google.com/
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2020-03-24] (Adobe Systems Incorporated -> )
Chrome:
=======
CHR Profile: C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default [2021-01-03]
CHR Extension: (Prezentace) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-03]
CHR Extension: (Dokumenty) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-03]
CHR Extension: (Disk Google) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-03]
CHR Extension: (YouTube) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-03]
CHR Extension: (Tabulky) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-01-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-03]
CHR Extension: (Gmail) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-03]
CHR Extension: (Chrome Media Router) - C:\Users\Legion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [398352 2018-06-21] (Dolby Laboratories, Inc. -> )
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2595360 2020-10-26] (ESET, spol. s r.o. -> ESET)
S4 FBNetFilterInstall; C:\WINDOWS\System32\drivers\FBNetFilterInstall.exe [1149352 2019-03-04] (LENOVO (UNITED STATES) INC. -> Lenovo Group Ltd.)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [305520 2018-05-30] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.4.16.0\LenovoVantageService.exe [29520 2020-11-05] (Lenovo -> Lenovo Group Ltd.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1270536 2019-02-26] (McAfee, Inc. -> McAfee, Inc.)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3476288 2020-10-26] (Electronic Arts, Inc. -> Electronic Arts)
R2 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [94208 2016-08-09] (PostgreSQL Global Development Group) [File not signed]
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1631360 2020-12-12] (Rockstar Games, Inc. -> Rockstar Games)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvltsi.inf_amd64_aacafe9b3d86dddc\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvltsi.inf_amd64_aacafe9b3d86dddc\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S3 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CinemaCamera; C:\WINDOWS\System32\drivers\CinemaCamera.sys [27368 2020-02-20] (WDKTestCert build,131613220053715806 -> Blackmagic Design)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [160992 2020-10-26] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [109360 2020-10-26] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15288 2020-10-22] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [190464 2020-10-26] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [43720 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [70048 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [107784 2020-10-26] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-01-02] (Malwarebytes Corporation -> Malwarebytes)
S3 FBNetFilter; C:\WINDOWS\System32\drivers\FBNetFlt.sys [52688 2020-05-21] (LENOVO (UNITED STATES) INC. -> Lenovo Group Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220160 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [197792 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [139424 2021-01-02] (Malwarebytes Inc -> Malwarebytes)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [10752 2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-12-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-04] (Microsoft Windows -> Microsoft Corporation)
S1 amsdk; \??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-03 10:08 - 2021-01-03 10:08 - 000023963 _____ C:\Users\Legion\Desktop\FRST.txt
2021-01-03 10:08 - 2021-01-03 10:08 - 000000000 ____D C:\FRST
2021-01-03 10:07 - 2021-01-03 10:07 - 002286592 _____ (Farbar) C:\Users\Legion\Downloads\FRST64.exe
2021-01-03 10:07 - 2021-01-03 10:07 - 002286592 _____ (Farbar) C:\Users\Legion\Desktop\FRST64.exe
2021-01-02 18:33 - 2021-01-02 18:33 - 000000000 ____D C:\Users\Legion\Desktop\autorun
2021-01-02 18:32 - 2021-01-02 18:32 - 002670815 _____ C:\Users\Legion\Downloads\Autoruns.zip
2021-01-02 18:30 - 2021-01-02 18:30 - 000197792 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-01-02 18:30 - 2021-01-02 18:30 - 000139424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-01-02 18:30 - 2021-01-02 18:30 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-01-02 18:22 - 2021-01-02 18:22 - 000248968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-01-02 18:22 - 2021-01-02 18:22 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-01-02 18:22 - 2021-01-02 18:22 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-01-02 18:22 - 2021-01-02 18:22 - 000002004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-01-02 18:22 - 2021-01-02 18:22 - 000001992 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-01-02 18:22 - 2021-01-02 18:22 - 000001992 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-01-02 18:21 - 2021-01-02 18:21 - 000000000 ____D C:\Program Files\Malwarebytes
2021-01-02 18:20 - 2021-01-02 18:20 - 008447152 _____ (Malwarebytes) C:\Users\Legion\Downloads\adwcleaner_8.0.8 (1).exe
2021-01-02 18:19 - 2021-01-02 18:19 - 002086424 _____ (Malwarebytes) C:\Users\Legion\Downloads\MBSetup (1).exe
2021-01-02 18:15 - 2021-01-02 18:15 - 002086424 _____ (Malwarebytes) C:\Users\Legion\Downloads\MBSetup.exe
2021-01-02 18:14 - 2021-01-02 18:15 - 008447152 _____ (Malwarebytes) C:\Users\Legion\Downloads\adwcleaner_8.0.8.exe
2021-01-02 17:54 - 2021-01-02 17:54 - 000002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-01-02 17:54 - 2021-01-02 17:54 - 000002253 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-01-02 17:54 - 2021-01-02 17:54 - 000002253 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-01-02 17:54 - 2021-01-02 17:54 - 000000000 ____D C:\Program Files\Google
2021-01-02 17:53 - 2021-01-02 17:53 - 001321688 _____ (Google LLC) C:\Users\Legion\Downloads\ChromeSetup.exe
2021-01-02 17:50 - 2021-01-02 17:50 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2021-01-02 17:50 - 2021-01-02 17:50 - 000000000 ___HD C:\ProgramData\Documents\AdobeGC
2020-12-31 11:40 - 2020-12-31 11:40 - 000001987 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2020-12-31 11:40 - 2020-12-31 11:40 - 000001987 _____ C:\ProgramData\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2020-12-31 11:39 - 2020-12-31 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-12-31 11:39 - 2020-12-31 11:39 - 000000000 ____D C:\ProgramData\ESET
2020-12-31 11:39 - 2020-12-31 11:39 - 000000000 ____D C:\Program Files\ESET
2020-12-31 11:35 - 2020-12-31 11:35 - 006341552 _____ (ESET) C:\Users\Legion\Downloads\eset_internet_security_live_installer.exe
2020-12-31 11:33 - 2020-12-31 11:33 - 015012440 _____ (ESET spol. s r.o.) C:\Users\Legion\Downloads\esetonlinescanner (1).exe
2020-12-31 11:20 - 2020-12-31 11:20 - 000000662 _____ C:\Users\Legion\Desktop\ESET Online Scanner.lnk
2020-12-31 11:19 - 2020-12-31 11:39 - 000000000 ____D C:\Users\Legion\AppData\Local\ESET
2020-12-31 11:19 - 2020-12-31 11:19 - 015012440 _____ (ESET spol. s r.o.) C:\Users\Legion\Downloads\esetonlinescanner.exe
2020-12-31 11:19 - 2020-12-31 11:19 - 000000790 _____ C:\Users\Legion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-12-31 10:57 - 2020-12-31 10:58 - 147864830 _____ C:\Users\Legion\Downloads\GridinSoft.Anti-Malware.rar
2020-12-31 10:42 - 2020-12-31 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2020-12-31 10:42 - 2020-12-31 10:42 - 000989584 _____ (GridinSoft LLC) C:\Users\Legion\Downloads\install-gridinsoft.exe
2020-12-31 10:42 - 2020-12-31 10:42 - 000000000 ____D C:\ProgramData\GridinSoft
2020-12-31 08:44 - 2020-12-31 10:38 - 000000000 ____D C:\ProgramData\AVG
2020-12-31 08:35 - 2020-12-31 08:35 - 000000000 ____D C:\ProgramData\Emsisoft
2020-12-31 08:34 - 2020-12-31 10:38 - 000000000 ____D C:\EEK
2020-12-31 08:23 - 2020-12-31 08:58 - 000141122 _____ C:\WINDOWS\ZAM.krnl.trace
2020-12-31 08:23 - 2020-12-31 08:23 - 000000000 ____D C:\Users\Legion\AppData\Local\Zemana
2020-12-31 08:18 - 2020-12-31 08:18 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\316526ED.sys
2020-12-31 08:16 - 2021-01-02 18:22 - 000220160 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2020-12-31 08:16 - 2020-12-31 08:25 - 000000000 ____D C:\Users\Legion\Desktop\mbar
2020-12-31 08:16 - 2020-12-31 08:25 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2020-12-31 08:12 - 2020-12-31 08:13 - 000001970 _____ C:\Users\Legion\Desktop\Rkill.txt
2020-12-31 08:06 - 2020-12-31 08:06 - 000000000 ____D C:\_OTM
2020-12-30 13:54 - 2020-12-30 13:54 - 000000616 _____ C:\Users\Public\Desktop\Quake 4.lnk
2020-12-30 13:54 - 2020-12-30 13:54 - 000000616 _____ C:\ProgramData\Desktop\Quake 4.lnk
2020-12-30 13:54 - 2020-12-30 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4
2020-12-30 13:05 - 2020-12-31 08:58 - 000000000 ____D C:\Users\Legion\AppData\Local\AMSDK
2020-12-30 13:04 - 2020-12-30 13:04 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2020-12-30 13:01 - 2020-12-30 13:04 - 000000000 ____D C:\ProgramData\HitmanPro
2020-12-30 12:46 - 2020-12-30 12:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-12-30 12:39 - 2020-12-31 08:28 - 000000000 ____D C:\AdwCleaner
2020-12-30 12:30 - 2020-12-31 08:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-30 12:30 - 2020-12-30 12:30 - 000000000 ____D C:\Users\Legion\AppData\Local\mbam
2020-12-20 09:02 - 2020-12-20 09:02 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Apple Computer
2020-12-20 09:00 - 2020-12-20 09:00 - 000000000 ____D C:\Users\Legion\AppData\Local\Apple
2020-12-20 09:00 - 2020-12-20 09:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2020-12-20 09:00 - 2020-12-20 09:00 - 000000000 ____D C:\ProgramData\Apple Computer
2020-12-20 09:00 - 2020-12-20 09:00 - 000000000 ____D C:\ProgramData\Apple
2020-12-20 09:00 - 2020-12-20 09:00 - 000000000 ____D C:\Program Files (x86)\QuickTime
2020-12-20 08:59 - 2020-12-20 08:59 - 000000000 ____D C:\Users\Legion\AppData\LocalLow\Apple Computer
2020-12-17 11:43 - 2020-12-12 05:01 - 000135408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2020-12-17 11:43 - 2020-12-12 05:01 - 000038640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2020-12-17 11:40 - 2020-12-12 14:50 - 001786584 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2020-12-17 11:40 - 2020-12-12 14:50 - 001786584 _____ C:\WINDOWS\system32\vulkaninfo.exe
2020-12-17 11:40 - 2020-12-12 14:50 - 001454488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2020-12-17 11:40 - 2020-12-12 14:50 - 001382616 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-12-17 11:40 - 2020-12-12 14:50 - 001382616 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2020-12-17 11:40 - 2020-12-12 14:50 - 001193880 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2020-12-17 11:40 - 2020-12-12 14:50 - 001087704 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2020-12-17 11:40 - 2020-12-12 14:50 - 001087704 _____ C:\WINDOWS\system32\vulkan-1.dll
2020-12-17 11:40 - 2020-12-12 14:50 - 000940760 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2020-12-17 11:40 - 2020-12-12 14:50 - 000940760 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2020-12-17 11:40 - 2020-12-12 14:48 - 001512856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2020-12-17 11:40 - 2020-12-12 14:48 - 001164528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2020-12-17 11:40 - 2020-12-12 14:48 - 000685976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2020-12-17 11:40 - 2020-12-12 14:48 - 000680856 _____ C:\WINDOWS\system32\nvofapi64.dll
2020-12-17 11:40 - 2020-12-12 14:48 - 000672496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2020-12-17 11:40 - 2020-12-12 14:48 - 000609688 _____ C:\WINDOWS\system32\nvml.dll
2020-12-17 11:40 - 2020-12-12 14:48 - 000559000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2020-12-17 11:40 - 2020-12-12 14:48 - 000547056 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2020-12-17 11:40 - 2020-12-12 14:47 - 008261360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2020-12-17 11:40 - 2020-12-12 14:47 - 007391984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2020-12-17 11:40 - 2020-12-12 14:47 - 004612504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2020-12-17 11:40 - 2020-12-12 14:47 - 002731928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2020-12-17 11:40 - 2020-12-12 14:47 - 002103024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2020-12-17 11:40 - 2020-12-12 14:47 - 001589144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2020-12-17 11:40 - 2020-12-12 14:47 - 000812784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2020-12-17 11:40 - 2020-12-12 14:47 - 000657816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2020-12-17 11:40 - 2020-12-12 14:47 - 000447384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2020-12-17 11:40 - 2020-12-12 14:46 - 000849648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2020-12-17 11:40 - 2020-12-12 14:45 - 006070008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2020-12-17 11:40 - 2020-12-12 05:01 - 000084008 _____ C:\WINDOWS\system32\nvinfo.pb
2020-12-13 11:11 - 2020-12-13 11:11 - 000000000 ____D C:\ProgramData\Caphyon
2020-12-13 11:09 - 2020-12-13 11:09 - 000000000 ____D C:\Users\Legion\AppData\Roaming\Blizzard
2020-12-12 15:02 - 2020-12-12 15:02 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2020-12-12 15:02 - 2020-12-12 15:02 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2020-12-12 15:02 - 2020-12-12 15:02 - 001333248 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-12-12 15:02 - 2020-12-12 15:02 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-12 15:02 - 2020-12-12 15:02 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2020-12-12 15:02 - 2020-12-12 15:02 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2020-12-12 15:02 - 2020-12-12 15:02 - 000010912 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2020-12-12 15:01 - 2020-12-12 15:01 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-12-12 15:01 - 2020-12-12 15:01 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2020-12-12 15:01 - 2020-12-12 15:01 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2020-12-12 15:01 - 2020-12-12 15:01 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2020-12-12 15:01 - 2020-12-12 15:01 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2020-12-12 15:01 - 2020-12-12 15:01 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2020-12-12 15:01 - 2020-12-12 15:01 - 000165376 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2020-12-12 15:01 - 2020-12-12 15:01 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2020-12-12 15:01 - 2020-12-12 15:01 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2020-12-12 15:01 - 2020-12-12 15:01 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2020-12-12 15:01 - 2020-12-12 15:01 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2020-12-12 15:01 - 2020-12-12 15:01 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2020-12-12 15:01 - 2020-12-12 15:01 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2020-12-12 15:01 - 2020-12-12 15:01 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2020-12-12 15:01 - 2020-12-12 15:01 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2020-12-07 14:47 - 2020-05-21 21:05 - 000052688 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Drivers\FBNetFlt.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-01-03 09:56 - 2018-12-14 21:38 - 000000000 ____D C:\ProgramData\NVIDIA
2021-01-03 09:54 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-01-03 09:54 - 2019-09-13 15:57 - 000000000 __SHD C:\Users\Legion\IntelGraphicsProfiles
2021-01-02 23:40 - 2019-12-31 15:23 - 000000000 ____D C:\Users\Legion\AppData\Local\Battle.net
2021-01-02 21:50 - 2020-09-17 20:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-01-02 19:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-01-02 19:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-01-02 18:37 - 2020-09-17 20:42 - 001725014 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-01-02 18:37 - 2019-12-07 15:41 - 000735572 _____ C:\WINDOWS\system32\perfh005.dat
2021-01-02 18:37 - 2019-12-07 15:41 - 000150284 _____ C:\WINDOWS\system32\perfc005.dat
2021-01-02 18:37 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-01-02 18:30 - 2020-09-17 20:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-01-02 18:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-01-02 18:29 - 2020-09-17 20:31 - 000008192 ___SH C:\DumpStack.log.tmp
2021-01-02 18:29 - 2019-12-07 10:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-01-02 18:22 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-02 17:54 - 2019-09-13 18:14 - 000000000 ____D C:\Users\Legion\AppData\Local\Google
2021-01-02 17:54 - 2019-09-13 18:14 - 000000000 ____D C:\Program Files (x86)\Google
2020-12-31 08:28 - 2020-09-17 20:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2020-12-31 08:28 - 2020-09-17 20:07 - 000000000 ____D C:\WINDOWS\Lenovo
2020-12-31 08:28 - 2020-06-29 08:36 - 000000000 ____D C:\Users\Lucinka\AppData\Local\Lenovo
2020-12-31 08:28 - 2019-09-13 16:21 - 000000000 ____D C:\Users\Legion\AppData\Local\Lenovo
2020-12-31 08:28 - 2019-04-24 01:53 - 000000000 ____D C:\Users\Legion2045167\AppData\Local\Lenovo
2020-12-31 08:28 - 2018-12-14 21:31 - 000000000 ____D C:\ProgramData\Lenovo
2020-12-31 08:28 - 2018-12-14 21:31 - 000000000 ____D C:\Program Files (x86)\Lenovo
2020-12-30 14:08 - 2020-11-05 21:41 - 000000000 ____D C:\WINDOWS\Minidump
2020-12-30 14:08 - 2019-09-17 18:47 - 000000000 ____D C:\Users\Legion\AppData\Local\CrashDumps
2020-12-30 13:26 - 2019-12-04 22:34 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-12-30 13:26 - 2019-12-04 22:34 - 000000000 ___HD C:\ProgramData\Documents\AdobeGCData
2020-12-30 12:45 - 2020-09-17 20:07 - 000000000 ____D C:\Users\postgres
2020-12-28 09:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-12-21 12:35 - 2020-06-26 15:39 - 000007602 _____ C:\Users\Legion\AppData\Local\Resmon.ResmonCfg
2020-12-20 09:37 - 2019-09-13 22:27 - 000000000 ____D C:\Users\Legion\AppData\Roaming\vlc
2020-12-20 06:14 - 2019-09-13 16:08 - 000000000 ____D C:\Users\Legion\AppData\Local\NVIDIA
2020-12-19 12:19 - 2020-06-06 12:15 - 000002430 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-14 19:22 - 2020-09-17 20:07 - 000000000 ____D C:\Users\Legion
2020-12-12 20:39 - 2020-02-12 10:45 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-12-12 20:39 - 2020-02-12 10:44 - 000000000 ____D C:\Program Files\Rockstar Games
2020-12-12 17:46 - 2020-09-17 20:31 - 000258096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-12-12 17:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2020-12-12 17:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2020-12-12 17:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-12-12 17:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2020-12-12 17:46 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-12-12 17:46 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2020-12-12 17:46 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2020-12-12 15:12 - 2019-12-05 20:44 - 000000000 ____D C:\Users\Legion\AppData\Local\ElevatedDiagnostics
2020-12-12 15:06 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-12-12 14:45 - 2020-04-17 14:30 - 007114256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2020-12-09 13:56 - 2020-08-29 12:44 - 000000000 ____D C:\Users\Legion\AppData\Local\LenovoServiceBridge
2020-12-07 14:47 - 2020-03-24 14:50 - 000000000 ____D C:\WINDOWS\TempInst
2020-12-04 12:32 - 2018-04-17 20:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories ========
2019-12-04 22:32 - 2019-12-04 22:32 - 000000410 _____ () C:\Users\Legion\AppData\Local\oobelibMkey.log
2020-06-26 15:39 - 2020-12-21 12:35 - 000007602 _____ () C:\Users\Legion\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
zde je log druhý ADDITIONAL
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by Legion (03-01-2021 10:09:19)
Running from C:\Users\Legion\Desktop
Windows 10 Home Version 2004 19041.685 (X64) (2020-09-17 19:37:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4168442402-3509706111-3992125715-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4168442402-3509706111-3992125715-503 - Limited - Disabled)
Guest (S-1-5-21-4168442402-3509706111-3992125715-501 - Limited - Disabled)
Legion (S-1-5-21-4168442402-3509706111-3992125715-1002 - Administrator - Enabled) => C:\Users\Legion
Lucinka (S-1-5-21-4168442402-3509706111-3992125715-1004 - Limited - Enabled) => C:\Users\Lucinka
postgres (S-1-5-21-4168442402-3509706111-3992125715-1003 - Limited - Enabled) => C:\Users\postgres
WDAGUtilityAccount (S-1-5-21-4168442402-3509706111-3992125715-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B18EDDE1-72EE-79EA-3ABD-EEAF1EE45FED}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{9C542173-96F0-435D-A95C-468CAAC75EA0}) (Version: 10.2.153.1 - Adobe Systems Incorporated)
Adobe Flash Professional CS5.5 (HKLM-x32\...\{23E445D5-FD83-4C50-A211-EB26A2975317}) (Version: 11.5 - Adobe Systems Incorporated)
Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
Balíček ovladače systému Windows - Graphics Tablet (WinUsb) USBDevice (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blackmagic ATEM Switchers (HKLM\...\{DF650C10-6B9D-48D8-A999-DA53CBF5436D}) (Version: 8.2.3.0 - Blackmagic Design)
Blackmagic RAW (HKLM\...\{BE73FED2-8EA3-4C06-A09E-3A4A1CF82E0E}) (Version: 2.0 - Blackmagic Design)
DaVinci Resolve (HKLM\...\{CF87025B-BD09-4F39-8D15-0C138B6EA1B2}) (Version: 16.3.0011 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
ESET Security (HKLM\...\{3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}) (Version: 14.0.22.0 - ESET, spol. s r.o.)
Fairlight Audio Accelerator Utility (HKLM\...\FairlightAudioAccelerator_is1) (Version: 1.0.13 - Blackmagic Design)
Fairlight Sound Library (HKU\S-1-5-21-4168442402-3509706111-3992125715-1002\...\{bb8b53f3-a62c-4d40-9d9d-0b6d216d52cc}) (Version: 1.0.0 - Blackmagic Design)
Fairlight Studio Utility (HKLM\...\{6C7FC3A1-DA64-4ACE-8F05-301CBECD5BE9}) (Version: 1.2.0.0 - Blackmagic Design)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2189.0 - Rockstar Games)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Huion Tablet v14.8.90.1126 (HKLM\...\{62047893-F186-48B8-83A5-1C74D8666D19}_is1) (Version: v14.8.90.1126 - )
Intel(R) Chipset Device Software (HKLM-x32\...\{eb0d4a41-3065-42b0-a868-c60d42d3ea98}) (Version: 10.1.17695.8086 - Intel(R) Corporation) Hidden
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.4.16.0 - Lenovo Group Ltd.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.66 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft Update Health Tools (HKLM\...\{406C9ADB-1325-4FD0-9D13-C119CFF64E0A}) (Version: 2.65.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.87.45080 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
PostgreSQL 9.5 (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group)
Quake 4 verze 1.4.2 (HKLM-x32\...\{79248899-B477-49FB-B6F0-7B5FC8631375}_is1) (Version: 1.4.2 - )
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{344F3227-F502-4219-9DC4-1967E586FAFA}) (Version: 2.51.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_2.1002.243.0_x64__rz1tebttyb220 [2018-12-14] (Dolby Laboratories)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-27] (INTEL CORP)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2011.20.0_x64__k1h2ywk1493x8 [2020-11-25] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.1.19.0_x64__5grkq8ppsgwt4 [2020-12-17] (LENOVO INC) [Startup Task]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.11116.5504.0_x64__8wekyb3d8bbwe [2020-12-16] (Microsoft Corporation)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.959.0_x64__56jybvy8sckqj [2020-12-17] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2020-12-30] (INTEL CORP) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2019-09-19] (Realtek Semiconductor Corp)
Rozšíření pro video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2019-09-24] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4168442402-3509706111-3992125715-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FB783C5FDCA9} -> [Creative Cloud Files] => C:\Users\Legion\Creative Cloud Files [2019-12-04 22:42]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvltsi.inf_amd64_aacafe9b3d86dddc\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-10-26] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-01-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2019-09-13 22:36 - 2016-08-09 06:13 - 000183296 _____ () [File not signed] C:\Program Files\PostgreSQL\9.5\bin\LIBPQ.dll
2019-09-13 22:37 - 2016-07-27 09:08 - 002264576 _____ () [File not signed] C:\Program Files\PostgreSQL\9.5\bin\libxml2.dll
2019-09-13 22:37 - 2015-08-26 09:40 - 001687930 _____ (Free Software Foundation) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\libiconv-2.dll
2019-09-13 22:37 - 2015-08-26 09:40 - 000685350 _____ (Free Software Foundation) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\libintl-8.dll
2020-04-18 13:49 - 2019-12-04 07:26 - 000210432 _____ (Graphics Tablet) [File not signed] C:\WINDOWS\system32\wintab32.dll
2020-05-12 14:33 - 2020-05-12 14:33 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-05-12 14:33 - 2020-05-12 14:33 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2019-09-13 22:37 - 2016-05-05 07:35 - 001655808 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\LIBEAY32.dll
2019-09-13 22:37 - 2016-05-05 07:35 - 000349696 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files\PostgreSQL\9.5\bin\SSLEAY32.dll
2020-05-12 14:33 - 2020-05-12 14:33 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-10-30 20:52 - 2020-05-12 14:33 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-10-30 20:52 - 2020-05-12 14:33 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-10-30 20:52 - 2020-05-12 14:33 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-10-30 20:52 - 2020-05-12 14:33 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-10-30 20:52 - 2020-05-12 14:33 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-10-30 20:52 - 2020-05-12 14:33 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-4168442402-3509706111-3992125715-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4168442402-3509706111-3992125715-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4168442402-3509706111-3992125715-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4168442402-3509706111-3992125715-1002 -> DefaultScope {DE6BA080-4D90-4E02-A383-9CAF8E3B18A3} URL =
SearchScopes: HKU\S-1-5-21-4168442402-3509706111-3992125715-1002 -> {DE6BA080-4D90-4E02-A383-9CAF8E3B18A3} URL =
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-12 00:38 - 2021-01-02 18:29 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-10-14 17:21 - 2020-11-02 02:42 - 000000519 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4168442402-3509706111-3992125715-1002\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-4168442402-3509706111-3992125715-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.77.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{5E3903A0-EF3C-4279-B328-BAB292783FFF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{754CDD0D-C4F5-4836-9CFA-9B3FC321DD5E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{352669FC-2904-4ED7-BD0F-A337EE8384B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{147142FE-7EA3-43D1-A736-67A0F6171F46}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6350B4ED-2D7B-4A45-9608-6900B4FEC6DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1904DDE0-A449-4AE1-BC0D-F15C05001B0A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D4093FBB-E1EE-49FE-ACAF-4B18AF0E8A79}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{93736116-5228-423A-A479-EFF9DE99F173}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BD43EE95-9153-470A-A3BA-61820D6013C0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AAB824C0-448B-49E4-8767-0848195AAA78}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{37545B6D-2EDB-4D09-B800-7797B4B29B14}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A18F94CB-5FAE-4EDD-8F6F-2ACB02753790}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Restore Points =========================
20-12-2020 09:00:13 Installed QuickTime 7
27-12-2020 20:42:59 Naplánovaný kontrolní bod
30-12-2020 13:03:39 Checkpoint by HitmanPro
31-12-2020 08:28:39 AdwCleaner_BeforeCleaning_31/12/2020_08:28:39
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (01/02/2021 06:30:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamtray.exe, verze: 4.0.0.865, časové razítko: 0x5fc55b58
Název chybujícího modulu: Qt5Core.dll, verze: 5.14.1.0, časové razítko: 0x5f84e8d4
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000219dc5
ID chybujícího procesu: 0x2600
Čas spuštění chybující aplikace: 0x01d6e12ce997d558
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID zprávy: 5a8920c7-58e6-49a4-95c9-c7a0de1d6d5d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (01/02/2021 06:10:01 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (01/02/2021 06:10:01 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
Error: (01/02/2021 06:10:01 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
Error: (01/02/2021 03:14:18 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)
Error: (12/31/2020 11:49:27 AM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002
Error: (12/31/2020 11:49:27 AM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002
Error: (12/31/2020 11:49:27 AM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003
System errors:
=============
Error: (01/03/2021 10:09:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (01/03/2021 09:55:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (01/03/2021 09:54:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (01/03/2021 09:54:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba System Interface Foundation Service neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.
Error: (01/02/2021 07:29:33 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 15612 při pokusu o spuštění služby GamingServices s argumenty Není k dispozici za účelem spuštění serveru:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}
Error: (01/02/2021 07:29:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 15612 při pokusu o spuštění služby GamingServices s argumenty Není k dispozici za účelem spuštění serveru:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}
Error: (01/02/2021 07:29:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 15612 při pokusu o spuštění služby GamingServices s argumenty Není k dispozici za účelem spuštění serveru:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}
Error: (01/02/2021 07:25:29 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 15612 při pokusu o spuštění služby GamingServices s argumenty Není k dispozici za účelem spuštění serveru:
{3E8C9ABE-9226-4609-BF5B-60288A391DEE}
Windows Defender:
===================================
Date: 2020-12-31 10:29:03.0020000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B27789A4-DC4E-411A-B111-12450D3D7C25}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-12-31 08:56:10.1200000Z
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.D2!ml
ID: 2147757781
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Legion\AppData\Local\Temp\tmp00000395\tmp0023dfbe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-2VUTRN91\Legion
Název procesu: C:\EEK\bin64\a2emergencykit.exe
Verze bezpečnostních informací: AV: 1.329.1401.0, AS: 1.329.1401.0, NIS: 1.329.1401.0
Verze modulu: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2020-12-29 13:21:21.3150000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {ECAC9464-78AB-4645-877C-CB56DE7D8DB0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-12-29 12:47:08.6130000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6A0D3D60-270F-406C-8A05-BFD646C3262E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: LAPTOP-2VUTRN91\Legion
Date: 2020-12-28 14:45:33.3540000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {F8BC8588-C719-41FF-89F5-75BBECBD0E60}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-12-30 12:46:12.3080000Z
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.
CodeIntegrity:
===================================
Date: 2021-01-02 19:15:47.6300000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-02 19:15:47.6250000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-02 19:15:47.6130000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-02 18:42:13.0540000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-02 18:34:06.5760000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-02 18:34:06.5730000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-02 18:34:06.5640000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2021-01-02 18:32:10.4880000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
BIOS: LENOVO 9VCN20WW 06/15/2020
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 16257.3 MB
Available physical RAM: 9735.79 MB
Total Virtual: 19201.3 MB
Available Virtual: 10916.51 MB
==================== Drives ================================
Drive c: (Windows-SSD) (Fixed) (Total:237.23 GB) (Free:158.29 GB) NTFS
Drive d: (Data) (Fixed) (Total:1863 GB) (Free:222.48 GB) NTFS
\\?\Volume{717f00a1-75db-4238-a8e8-de98d59598d6}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{ec4a076e-454d-4ab0-add4-5bc5c6da801e}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 7F4B1B45)
Partition: GPT.
==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 5A6FC2CC)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
adf.ly popup při startu ntb
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: adf.ly popup při startu ntb
Zdrvím!
Smažte tento soubor:
Smažte tento soubor:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\updateSteam.bat
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: adf.ly popup při startu ntb
Děkuju Vám moc za rychlou a účinnou odpověď 
.
.-
Rudy
- Site Admin
- Příspěvky: 119412
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: adf.ly popup při startu ntb
Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?