Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

divné chování ntb a správce souborů... prosím o kontrolu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Příspěvky: 31
Registrován: 29 pro 2015 01:52

divné chování ntb a správce souborů... prosím o kontrolu

#1 Příspěvek od lammtech »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-03-2021
Ran by uživatel (administrator) on LENOVO (LENOVO 80MR) (02-04-2021 05:16:56)
Loaded Profiles: uživatel
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(IP Izmaylov Artem Andreevich -> AIMP DevTeam) D:\programy\AIMP\AIMP.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\plugins_nms.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe
(PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\Universal Control.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\iSkysoft\UniConverter(IS)\WSVCUUpdateHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [seznam-listicka-distribuce] => "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\Run: [SpyEmergency] => D:\programy\Spy Emergency\SpyEmergency.exe
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\Run: [Universal Control] => C:\Program Files\PreSonus\Universal Control\Universal Control.exe [18298368 2020-02-20] (PreSonus) [File not signed]
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\MountPoints2: {62a1e345-826d-11ea-8291-68f728befd68} - "E:\AutoRun.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2019-08-21]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26E97C34-464A-42C9-89C6-6BB969605A2C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {3A06E549-FDCC-44F3-80FC-47E998E39731} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{0177963A-7B59-4E6D-B99A-192D6ABF0FCE}" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {9EA9555C-2284-46BE-9D59-8898C0EB43B0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {E95CD146-EC55-4FD1-892C-8A818D433A19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{0A679C5A-4F02-4B9C-9825-D3F85B953F9F}: [NameServer],
Tcpip\..\Interfaces\{B5C6359A-28A2-41F8-95A7-84FA94DE1577}: [DhcpNameServer]
Tcpip\..\Interfaces\{F403AA2A-6AE1-4351-8DBF-46E7A487AD7D}: [DhcpNameServer]

FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @videolan.org/vlc,version=3.0.10 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version= -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)

CHR DefaultProfile: Default
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default [2021-04-02]
CHR DownloadDir: D:\
CHR Notifications: Default -> hxxps://www.xvideos.com
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Ochrana Kaspersky) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-03-11]
CHR Extension: (Disk Google) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-30]
CHR Extension: (Adblocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eomjepbbibnhjbekbabbpgbkknienden [2019-04-18]
CHR Extension: (Click&Clean) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-03-26]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-01]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-03-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-15]
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-02-26]
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-15]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKU\S-1-5-21-2330612324-4196637853-554147409-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-15] (Adobe Inc. -> Adobe)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 BITCOMET_HELPER_SERVICE; D:\programy\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2021-03-01] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-27] (GOG Sp. z o.o. -> GOG.com)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 PreSonus Hardware Access Service; C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe [432640 2020-02-20] (PreSonus) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 SpyEmrgHealth; D:\programy\Spy Emergency\SpyEmergencyHealth.exe [X]
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\UniConverter(IS)\Transfer\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4267008 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657176 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [1400584 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [230976 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [86656 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [275664 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [101112 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [190952 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 PaeStudioUsb; C:\Windows\System32\drivers\PaeStudioUsb.sys [374000 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 PaeStudioUsbks; C:\Windows\system32\DRIVERS\PaeStudioUsbks.sys [54000 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 PaeStudioUsb_loopback; C:\Windows\System32\drivers\PaeStudioUsb_loopback.sys [42736 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 teVirtualMIDI64; C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [41016 2016-08-31] (Tobias Erichsen -> Tobias Erichsen)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-02 05:16 - 2021-04-02 05:17 - 000000000 ___DC C:\FRST
2021-03-26 10:00 - 2021-03-26 10:00 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2021-03-26 09:50 - 2021-03-26 09:50 - 000000000 ___HC C:\Users\uživatel\Documents\Default.rdp
2021-03-12 10:08 - 2021-03-12 10:08 - 000000000 ___DC C:\ProgramData\Realtek
2021-03-11 22:17 - 2021-03-11 22:17 - 000275664 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000230976 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000190952 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000101112 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000086656 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2021-03-11 22:15 - 2021-02-19 22:09 - 000110176 ____C (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2021-03-11 22:15 - 2021-02-19 22:08 - 001042712 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2021-03-11 22:15 - 2021-02-19 22:08 - 000514840 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2021-03-11 21:56 - 2021-03-11 21:56 - 000000000 ___DC C:\Users\uživatel\AppData\Local\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 22:32 - 000000000 ___DC C:\ProgramData\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 22:16 - 000003032 ____C C:\Windows\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2021-03-11 21:54 - 2021-03-11 22:15 - 000000000 ___DC C:\Program Files\Common Files\AV
2021-03-11 21:54 - 2021-03-11 22:15 - 000000000 ___DC C:\Program Files (x86)\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 21:54 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-03-07 00:16 - 2021-03-07 00:16 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\Portforward.com
2021-03-06 13:23 - 2021-03-06 13:23 - 002549521 ____C C:\Users\uživatel\Documents\Návod-na-používání-a-interpretace-výsledků-antigenního-testu-pro-detekci-viru-SARS-CoV-2-covid-19-ve-výtěru-z-nosohlatnu.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-02 02:15 - 2019-04-16 12:18 - 000003974 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0177963A-7B59-4E6D-B99A-192D6ABF0FCE}
2021-04-02 02:13 - 2019-04-18 05:31 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\AIMP
2021-04-02 01:52 - 2019-04-18 07:32 - 000000000 __HDC C:\Users\uživatel\OneDrive
2021-04-02 01:09 - 2014-11-21 06:53 - 001661194 ____C C:\Windows\system32\PerfStringBackup.INI
2021-04-02 01:09 - 2014-11-21 06:10 - 000706404 ____C C:\Windows\system32\perfh005.dat
2021-04-02 01:09 - 2014-11-21 06:10 - 000144168 ____C C:\Windows\system32\perfc005.dat
2021-04-02 01:09 - 2013-08-22 15:36 - 000000000 ___DC C:\Windows\Inf
2021-04-02 01:03 - 2019-04-16 12:33 - 000000000 _SHDC C:\Users\uživatel\IntelGraphicsProfiles
2021-04-02 01:03 - 2019-04-16 12:23 - 000000180 ____C C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-04-02 01:03 - 2013-08-22 16:45 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2021-04-02 01:03 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2021-03-30 23:12 - 2019-12-06 06:56 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2330612324-4196637853-554147409-1001
2021-03-30 22:45 - 2019-04-16 12:21 - 000002244 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-29 11:33 - 2019-04-17 22:40 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\vlc
2021-03-27 06:28 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2021-03-26 09:50 - 2021-01-25 22:49 - 000002180 ____C C:\Windows\diagerr.xml
2021-03-26 09:50 - 2021-01-25 22:49 - 000001908 ____C C:\Windows\diagwrn.xml
2021-03-26 09:50 - 2021-01-25 22:49 - 000000000 ___DC C:\Users\uživatel\AppData\Local\MigWiz
2021-03-26 08:46 - 2019-04-23 18:51 - 000000000 ___DC C:\Users\uživatel\AppData\Local\ElevatedDiagnostics
2021-03-18 22:55 - 2019-08-21 21:09 - 000000000 ___DC C:\Users\uživatel\AppData\Local\CrashDumps
2021-03-16 13:04 - 2019-04-12 16:22 - 000000000 ___DC C:\Users\uživatel
2021-03-11 22:15 - 2013-08-22 17:36 - 000000000 __HDC C:\Windows\ELAMBKUP
2021-03-11 22:10 - 2019-12-18 04:20 - 000003386 ____C C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-11 22:10 - 2019-12-18 04:20 - 000003258 ____C C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-11 22:10 - 2019-04-16 12:19 - 000000000 ___DC C:\ProgramData\AVAST Software
2021-03-11 21:47 - 2019-04-16 12:20 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-03-11 20:51 - 2020-01-15 04:47 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\Celemony Software GmbH
2021-03-11 15:14 - 2013-08-22 17:36 - 000000000 ___DC C:\Windows\AppReadiness
2021-03-06 20:18 - 2013-08-22 17:36 - 000000000 ___DC C:\Windows\system32\NDF
2021-03-06 18:28 - 2019-11-16 10:55 - 000000000 ___DC C:\Temp

==================== Files in the root of some directories ========

2020-12-21 12:47 - 2020-12-21 12:47 - 000000040 ____C () C:\Users\uživatel\AppData\Roaming\cdr.ini
2019-05-25 04:23 - 2021-01-25 23:48 - 000007597 ____C () C:\Users\uživatel\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2021-04-01 00:22
==================== End of FRST.txt ========================

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: divné chování ntb a správce souborů... prosím o kontrolu

#2 Příspěvek od Rudy »

Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Příspěvky: 31
Registrován: 29 pro 2015 01:52

Re: divné chování ntb a správce souborů... prosím o kontrolu

#3 Příspěvek od lammtech »

# -------------------------------
# Malwarebytes AdwCleaner
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-01.1 (Cloud)
# Support: https://www.malwarebytes.com/support
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-02-2021
# Duration: 00:00:01
# OS: Windows 8.1
# Cleaned: 10
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\uživatel\AppData\Roaming\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Burn4Free
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\csastats
Deleted HKCU\Software\drpsu
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


[+] Delete Tracing Keys
[+] Reset Winsock


AdwCleaner[S00].txt - [2306 octets] - [02/04/2021 13:32:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Příspěvky: 31
Registrován: 29 pro 2015 01:52

Re: divné chování ntb a správce souborů... prosím o kontrolu

#4 Příspěvek od lammtech »

# -------------------------------
# Malwarebytes AdwCleaner
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-01.1 (Cloud)
# Support: https://www.malwarebytes.com/support
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-02-2021
# Duration: 00:00:01
# OS: Windows 8.1
# Cleaned: 10
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\uživatel\AppData\Roaming\Seznam.cz

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Burn4Free
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\csastats
Deleted HKCU\Software\drpsu
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


[+] Delete Tracing Keys
[+] Reset Winsock


AdwCleaner[S00].txt - [2306 octets] - [02/04/2021 13:32:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: divné chování ntb a správce souborů... prosím o kontrolu

#5 Příspěvek od Rudy »

Poprosím o nevé logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Příspěvky: 31
Registrován: 29 pro 2015 01:52

Re: divné chování ntb a správce souborů... prosím o kontrolu

#6 Příspěvek od lammtech »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2021
Ran by uživatel (administrator) on LENOVO (LENOVO 80MR) (06-04-2021 21:20:22)
Loaded Profiles: uživatel
Platform: Windows 8.1 (Update) (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <18>
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\plugins_nms.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.22013_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe
(PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\Universal Control.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\iSkysoft\UniConverter(IS)\WSVCUUpdateHelper.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\Run: [SpyEmergency] => D:\programy\Spy Emergency\SpyEmergency.exe
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\Run: [Universal Control] => C:\Program Files\PreSonus\Universal Control\Universal Control.exe [18298368 2020-02-20] (PreSonus) [File not signed]
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\MountPoints2: {62a1e345-826d-11ea-8291-68f728befd68} - "E:\AutoRun.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe [2021-03-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2019-08-21]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26E97C34-464A-42C9-89C6-6BB969605A2C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
Task: {3A06E549-FDCC-44F3-80FC-47E998E39731} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\User_Feed_Synchronization-{0177963A-7B59-4E6D-B99A-192D6ABF0FCE}" /ENABLE
Task: {56CF530A-2BCC-45B1-A514-0BE0A0CCD26A} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {9EA9555C-2284-46BE-9D59-8898C0EB43B0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {E95CD146-EC55-4FD1-892C-8A818D433A19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0A679C5A-4F02-4B9C-9825-D3F85B953F9F}: [NameServer],
Tcpip\..\Interfaces\{B5C6359A-28A2-41F8-95A7-84FA94DE1577}: [DhcpNameServer]
Tcpip\..\Interfaces\{F403AA2A-6AE1-4351-8DBF-46E7A487AD7D}: [DhcpNameServer]

FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF Plugin: @videolan.org/vlc,version=3.0.10 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version= -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> D:\programy\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)

CHR DefaultProfile: Default
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default [2021-04-06]
CHR DownloadDir: D:\
CHR Notifications: Default -> hxxps://www.xvideos.com
CHR HomePage: Default -> hxxps://www.google.cz/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Extension: (Ochrana Kaspersky) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-03-11]
CHR Extension: (Disk Google) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-16]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-01-30]
CHR Extension: (Adblocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eomjepbbibnhjbekbabbpgbkknienden [2019-04-18]
CHR Extension: (Click&Clean) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2021-03-26]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-01]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2021-03-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-15]
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-02-26]
CHR Profile: C:\Users\uživatel\AppData\Local\Google\Chrome\User Data\System Profile [2021-01-15]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKU\S-1-5-21-2330612324-4196637853-554147409-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo]
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-11-15] (Adobe Inc. -> Adobe)
R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 BITCOMET_HELPER_SERVICE; D:\programy\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1741384 2021-03-01] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-27] (GOG Sp. z o.o. -> GOG.com)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 PreSonus Hardware Access Service; C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe [432640 2020-02-20] (PreSonus) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 SpyEmrgHealth; D:\programy\Spy Emergency\SpyEmergencyHealth.exe [X]
S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\UniConverter(IS)\Transfer\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4267008 2015-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupdisk; C:\Windows\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\Windows\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\Windows\System32\DRIVERS\klgse.sys [657176 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [1400584 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\Windows\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [230976 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klupd_klif_kimul; C:\Windows\System32\Drivers\klupd_klif_kimul.sys [86656 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [275664 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [101112 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [190952 2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 PaeStudioUsb; C:\Windows\System32\drivers\PaeStudioUsb.sys [374000 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 PaeStudioUsbks; C:\Windows\system32\DRIVERS\PaeStudioUsbks.sys [54000 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 PaeStudioUsb_loopback; C:\Windows\System32\drivers\PaeStudioUsb_loopback.sys [42736 2019-12-20] (PreSonus Audio Electronics, Inc -> )
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R3 teVirtualMIDI64; C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [41016 2016-08-31] (Tobias Erichsen -> Tobias Erichsen)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-11-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Windows -> Microsoft Corporation)
S3 CLVirtualBus01; \SystemRoot\System32\drivers\CLVirtualBus01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-02 13:31 - 2021-04-02 13:33 - 000000000 ___DC C:\AdwCleaner
2021-04-02 05:16 - 2021-04-06 21:20 - 000000000 ___DC C:\FRST
2021-03-26 10:00 - 2021-03-26 10:00 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2021-03-26 09:50 - 2021-03-26 09:50 - 000000000 ___HC C:\Users\uživatel\Documents\Default.rdp
2021-03-12 10:08 - 2021-03-12 10:08 - 000000000 ___DC C:\ProgramData\Realtek
2021-03-11 22:17 - 2021-03-11 22:17 - 000275664 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klark.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000230976 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_arkmon.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000190952 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_mark.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000101112 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_klbg.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000086656 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klupd_klif_kimul.sys
2021-03-11 22:15 - 2021-03-11 22:15 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2021-03-11 22:15 - 2021-02-19 22:09 - 000110176 ____C (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2021-03-11 22:15 - 2021-02-19 22:08 - 001042712 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2021-03-11 22:15 - 2021-02-19 22:08 - 000514840 ____C (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2021-03-11 21:56 - 2021-03-11 21:56 - 000000000 ___DC C:\Users\uživatel\AppData\Local\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 22:32 - 000000000 ___DC C:\ProgramData\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 22:16 - 000003032 ____C C:\Windows\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2021-03-11 21:54 - 2021-03-11 22:15 - 000000000 ___DC C:\Program Files\Common Files\AV
2021-03-11 21:54 - 2021-03-11 22:15 - 000000000 ___DC C:\Program Files (x86)\Kaspersky Lab
2021-03-11 21:54 - 2021-03-11 21:54 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-03-07 00:16 - 2021-03-07 00:16 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\Portforward.com

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-06 21:13 - 2019-04-16 12:18 - 000003974 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{0177963A-7B59-4E6D-B99A-192D6ABF0FCE}
2021-04-06 21:12 - 2014-11-21 06:53 - 001661194 ____C C:\Windows\system32\PerfStringBackup.INI
2021-04-06 21:12 - 2014-11-21 06:10 - 000706404 ____C C:\Windows\system32\perfh005.dat
2021-04-06 21:12 - 2014-11-21 06:10 - 000144168 ____C C:\Windows\system32\perfc005.dat
2021-04-06 21:12 - 2013-08-22 15:36 - 000000000 ___DC C:\Windows\Inf
2021-04-06 21:06 - 2019-04-18 07:32 - 000000000 __HDC C:\Users\uživatel\OneDrive
2021-04-06 21:05 - 2019-04-16 12:33 - 000000000 _SHDC C:\Users\uživatel\IntelGraphicsProfiles
2021-04-06 21:05 - 2019-04-16 12:23 - 000000180 ____C C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-04-06 21:05 - 2013-08-22 16:45 - 000000006 ___HC C:\Windows\Tasks\SA.DAT
2021-04-05 17:44 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2021-04-02 17:43 - 2019-04-17 22:40 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\vlc
2021-04-02 17:00 - 2019-04-18 05:31 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\AIMP
2021-04-02 13:34 - 2013-08-22 15:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2021-03-30 23:12 - 2019-12-06 06:56 - 000003598 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2330612324-4196637853-554147409-1001
2021-03-30 22:45 - 2019-04-16 12:21 - 000002244 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-03-26 09:50 - 2021-01-25 22:49 - 000002180 ____C C:\Windows\diagerr.xml
2021-03-26 09:50 - 2021-01-25 22:49 - 000001908 ____C C:\Windows\diagwrn.xml
2021-03-26 09:50 - 2021-01-25 22:49 - 000000000 ___DC C:\Users\uživatel\AppData\Local\MigWiz
2021-03-26 08:46 - 2019-04-23 18:51 - 000000000 ___DC C:\Users\uživatel\AppData\Local\ElevatedDiagnostics
2021-03-18 22:55 - 2019-08-21 21:09 - 000000000 ___DC C:\Users\uživatel\AppData\Local\CrashDumps
2021-03-16 13:04 - 2019-04-12 16:22 - 000000000 ___DC C:\Users\uživatel
2021-03-11 22:15 - 2013-08-22 17:36 - 000000000 __HDC C:\Windows\ELAMBKUP
2021-03-11 22:10 - 2019-12-18 04:20 - 000003386 ____C C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2021-03-11 22:10 - 2019-12-18 04:20 - 000003258 ____C C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2021-03-11 22:10 - 2019-04-16 12:19 - 000000000 ___DC C:\ProgramData\AVAST Software
2021-03-11 21:47 - 2019-04-16 12:20 - 000000000 ____D C:\Windows\system32\Tasks\Avast Software
2021-03-11 20:51 - 2020-01-15 04:47 - 000000000 ___DC C:\Users\uživatel\AppData\Roaming\Celemony Software GmbH
2021-03-11 15:14 - 2013-08-22 17:36 - 000000000 ___DC C:\Windows\AppReadiness

==================== Files in the root of some directories ========

2020-12-21 12:47 - 2020-12-21 12:47 - 000000040 ____C () C:\Users\uživatel\AppData\Roaming\cdr.ini
2019-05-25 04:23 - 2021-01-25 23:48 - 000007597 ____C () C:\Users\uživatel\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2021-04-01 00:22
==================== End of FRST.txt ========================

Příspěvky: 31
Registrován: 29 pro 2015 01:52

Re: divné chování ntb a správce souborů... prosím o kontrolu

#7 Příspěvek od lammtech »

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by uživatel (06-04-2021 21:22:28)
Windows 8.1 (Update) (X64) (2019-04-12 14:22:11)
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-2330612324-4196637853-554147409-500 - Administrator - Disabled)
Guest (S-1-5-21-2330612324-4196637853-554147409-501 - Limited - Disabled)
uživatel (S-1-5-21-2330612324-4196637853-554147409-1001 - Administrator - Enabled) => C:\Users\uživatel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Total Security (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Total Security (Enabled - Up to date) {F41710F6-65D1-4F66-2B68-CCCF63D4A09E}
FW: Kaspersky Total Security (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: - Adobe)
AIMP (HKLM-x32\...\AIMP) (Version: v4.70.2242, 01.02.2021 - AIMP DevTeam)
Aktualizace NVIDIA (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: - NVIDIA Corporation)
Ashampoo Burning Studio FREE (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.21.3 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
BitComet 1.63 (HKLM-x32\...\BitComet_x64) (Version: 1.63 - CometNetwork)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.114 - Google LLC)
Kaspersky Total Security (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: - Kaspersky) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: - Kaspersky)
Kaspersky VPN (HKLM-x32\...\{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{FF2A12B8-AEB7-48C0-95C8-E2E3D67DFCB2}) (Version: - Kaspersky)
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Melodyne 4 (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 4.00.0203 - Celemony Software GmbH)
Melodyne Runtime 4.1 (x64) (HKLM\...\{721E4E34-AF7C-4345-93F9-282CCC8CCCB5}) (Version: 1.0.2 - Celemony Software GmbH)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
NVIDIA Ovladače grafiky 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
PreSonus Studio One 2 (HKLM-x32\...\PreSonus Studio One 2) (Version: - PreSonus Audio Electronics)
PreSonus Studio One 4 (HKLM\...\PreSonus Studio One 4) (Version: - PreSonus Audio Electronics)
S.T.A.L.K.E.R. Call of Pripyat (HKLM-x32\...\1207660583_is1) (Version: - GOG.com)
S.T.A.L.K.E.R. Clear Sky (HKLM-x32\...\1207660603_is1) (Version: - GOG.com)
S.T.A.L.K.E.R. Shadow of Chernobyl (HKLM-x32\...\1207660573_is1) (Version: - GOG.com)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Skype verze 8.68 (HKLM-x32\...\Skype_is1) (Version: 8.68 - Skype Technologies S.A.)
teVirtualMIDI64 (HKLM\...\{300D1BB9-FA9E-40EA-ADD8-934D5066F6D5}) (Version: - Tobias Erichsen)
Universal Control (HKLM\...\Universal Control) (Version: - PreSonus Audio Electronics, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WhatsApp (HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\WhatsApp) (Version: 2.2106.10 - WhatsApp)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)

Hry -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad]
Hudba -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2019-05-15] (Microsoft Corporation) [MS Ad]
MSN Cestování -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2019-05-15] (Microsoft Corporation) [MS Ad]
MSN Finance -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2019-05-15] (Microsoft Corporation) [MS Ad]
MSN Gurmánský svět -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2019-05-15] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.336_x64__8wekyb3d8bbwe [2019-05-15] (Microsoft Corporation) [MS Ad]
MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2019-05-15] (Microsoft Corporation) [MS Ad]
MSN Zdraví a fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2019-05-15] (Microsoft Corporation) [MS Ad]
MSN Zprávy -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2019-05-15] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2019-05-15] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2019-05-15] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\ChromeHTML: -> <==== ATTENTION
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\programy\winrar\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\programy\winrar\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-12-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\shellex.dll [2021-03-11] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => D:\programy\winrar\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\programy\winrar\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\uživatel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=1&aff_sub2=ws1uC7KipGQnFuBJ9wb0YDaip6HFnh7UkDs7lNCrXsGhexvR8Cr77ipJgAAAIOOKzsie&click_id=38ab475b874645b98108741343990d4a7e8eef9f

==================== Loaded Modules (Whitelisted) =============

2020-02-20 20:19 - 2020-02-20 20:19 - 004903936 ____C () [File not signed] C:\Program Files\PreSonus\Universal Control\ipp.dll
2019-12-20 01:06 - 2019-12-20 01:06 - 018891264 ____C () [File not signed] C:\Program Files\PreSonus\Universal Control\SmaartFactory_x64.dll
2019-12-19 20:34 - 2019-12-19 20:34 - 001834496 ____C () [File not signed] C:\Program Files\PreSonus\Universal Control\vectorlib.dll
2020-02-20 20:33 - 2020-02-20 20:33 - 000057344 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\avdecc.dll
2020-02-20 20:22 - 2020-02-20 20:22 - 004993024 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\cclgui.dll
2020-02-20 20:25 - 2020-02-20 20:25 - 000600576 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\cclnet.dll
2020-02-20 20:23 - 2020-02-20 20:23 - 001010688 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\cclsecurity.dll
2020-02-20 20:21 - 2020-02-20 20:21 - 001125888 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\cclsystem.dll
2020-02-20 20:21 - 2020-02-20 20:21 - 000463360 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\ccltext.dll
2020-02-20 20:32 - 2020-02-20 20:32 - 000799232 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\atomdevice.dll
2020-02-20 20:31 - 2020-02-20 20:31 - 000466944 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\audioboxdevice.dll
2020-02-20 20:32 - 2020-02-20 20:32 - 000105472 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\faderportdevice.dll
2020-02-20 20:32 - 2020-02-20 20:32 - 000705536 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\firewiredevice.dll
2020-02-20 20:33 - 2020-02-20 20:33 - 000181760 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\iostationdevice.dll
2020-02-20 20:30 - 2020-02-20 20:30 - 002839552 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\quantumdevice.dll
2020-02-20 20:32 - 2020-02-20 20:32 - 000657920 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\slclassicusbdevice.dll
2020-02-20 20:32 - 2020-02-20 20:32 - 002150400 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\studio192device.dll
2020-02-20 20:31 - 2020-02-20 20:31 - 000248320 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\studiolive3device.dll
2020-02-20 20:31 - 2020-02-20 20:31 - 000583168 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\studioliveardevice.dll
2020-02-20 20:31 - 2020-02-20 20:31 - 001125376 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\hwaccess\studiousbdevice.dll
2020-02-20 20:22 - 2020-02-20 20:22 - 000601600 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\Plugins\asioservice.dll
2020-02-20 20:34 - 2020-02-20 20:34 - 022575104 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\Plugins\studiolivepanel.dll
2020-02-20 20:33 - 2020-02-20 20:33 - 000562176 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\Plugins\ucnetmonitor.dll
2020-02-20 20:25 - 2020-02-20 20:25 - 000527872 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\Plugins\windowsmidi.dll
2020-02-20 20:26 - 2020-02-20 20:26 - 000198656 ____C (PreSonus) [File not signed] C:\Program Files\PreSonus\Universal Control\ucnet.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2330612324-4196637853-554147409-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/cs-cz/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2330612324-4196637853-554147409-1001 -> {D99F08C6-1655-45D2-ADE0-68EC592A38B6} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_29530

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 ____C C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2330612324-4196637853-554147409-1001\Control Panel\Desktop\\Wallpaper -> D:\obrázky\visuals-000023848215-GuQU1N-original.jpg
DNS Servers: -
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Avast SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run: => "WSVCUUpdateHelper.exe"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G12"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G13"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\StartupApproved\Run: => "Power2GoExpress12"
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\StartupApproved\Run: => "SpyEmergency"
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\StartupApproved\Run: => "Skype for Desktop"
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\StartupApproved\Run: => "Power2GoExpress13"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4DC95779-1B67-47CC-BE74-24B576F800EB}] => (Allow) D:\programy\BitComet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [{170930FD-29E4-4B34-B565-38C700B17985}] => (Allow) D:\programy\BitComet.exe (Xing Wang -> www.BitComet.com)
FirewallRules: [{F4AA022D-7012-4154-BDC4-012CB624C214}] => (Allow) C:\Program Files\PreSonus\Universal Control\Universal Control.exe (PreSonus) [File not signed]
FirewallRules: [{54594813-B6FC-4B1F-844F-1956B9CA6E36}] => (Allow) C:\Program Files\PreSonus\Universal Control\PreSonusHardwareAccessService.exe (PreSonus) [File not signed]
FirewallRules: [{BC1BCDD2-E700-4708-B059-D94FD030E2E3}] => (Allow) C:\Program Files\PreSonus\Studio One 4\Studio One.exe (PreSonus) [File not signed]
FirewallRules: [{DC33CE76-F1CC-4B37-A57D-6681F32AC249}] => (Allow) C:\Program Files\PreSonus\Studio One 4\PlugInScanner.exe (PreSonus) [File not signed]
FirewallRules: [{BF924C50-02FB-4B27-AC90-7A187EEEDAD6}] => (Allow) C:\Users\uživatel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{391D5971-B7AA-49B0-A286-10FAF17CBDF6}] => (Allow) C:\Users\uživatel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{FD77BA45-1508-4C7E-8C94-96DDE672F688}] => (Allow) C:\Users\uživatel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F8250270-E7EE-48A3-823C-F938822D2B6D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{70CD616E-D867-465F-9D6C-C6C7BEEC4A5D}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{40AB702F-4BCF-4EA9-A154-DACA3E8EB356}C:\users\uživatel\appdata\roaming\portforward.com\portforwardnetworkutilities\pfportchecker.exe] => (Block) C:\users\uživatel\appdata\roaming\portforward.com\portforwardnetworkutilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [UDP Query User{2586DC16-EB4D-49A1-AF89-5C523D65D636}C:\users\uživatel\appdata\roaming\portforward.com\portforwardnetworkutilities\pfportchecker.exe] => (Block) C:\users\uživatel\appdata\roaming\portforward.com\portforwardnetworkutilities\pfportchecker.exe (Portforward, LLC -> portforward.com)
FirewallRules: [{A93CC9F6-62E3-47F0-8F18-2D6FCA4CFFEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

11-03-2021 22:31:46 Removed Kaspersky Password Manager
26-03-2021 10:09:01 Naplánovaný kontrolní bod
05-04-2021 21:11:32 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============

Name: Lenovo EasyCamera
Description: Zobrazovací zařízení USB
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: ========================

Application errors:
Error: (04/06/2021 08:19:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80070005).

Error: (04/06/2021 01:34:43 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80070005).

Error: (04/05/2021 09:08:36 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Svazek Obnovení nebyl optimalizován, protože byla zjištěna chyba: Parametr není správný. (0x80070057).

Error: (04/05/2021 06:09:12 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80070005).

Error: (04/02/2021 09:35:55 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80070005).

Error: (04/02/2021 02:20:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80070005).

Error: (03/29/2021 03:59:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Problém zabránil odeslání dat programu Zlepšování softwaru a služeb na základě zkušeností uživatelů společnosti Microsoft, (chyba 80070005).

Error: (03/29/2021 03:49:43 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Svazek Obnovení nebyl optimalizován, protože byla zjištěna chyba: Parametr není správný. (0x80070057).

System errors:
Error: (04/06/2021 09:05:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Spy Emergency Health Check neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (04/06/2021 09:05:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Nero BackItUp Scheduler 4.0 neuspěla při spuštění v důsledku následující chyby:
%%2 = Systém nemůže nalézt uvedený soubor.

Error: (04/06/2021 09:05:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS

Error: (04/06/2021 09:05:03 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: Byl spuštěn systémový časovač sledovacího zařízení.

Error: (04/06/2021 09:05:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (21:01:44, ‎6. ‎4. ‎2021) bylo neočekávané.

Error: (04/02/2021 01:34:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Spy Emergency Health Check neuspěla při spuštění v důsledku následující chyby:
%%2 = Systém nemůže nalézt uvedený soubor.

Error: (04/02/2021 01:34:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Nero BackItUp Scheduler 4.0 neuspěla při spuštění v důsledku následující chyby:
%%2 = Systém nemůže nalézt uvedený soubor.

Error: (04/02/2021 01:34:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS

Windows Defender:
Date: 2021-03-11 21:15:46.871
Windows Defender Funkce ochrany v reálném čase zjistila chybu a nezdařila se.
Funkce: Systém kontroly sítě
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2021-03-11 21:10:52.792
Windows Defender Funkce ochrany v reálném čase zjistila chybu a nezdařila se.
Funkce: Systém kontroly sítě
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: V systému chybí aktualizace potřebné ke spuštění systému pro kontrolu sítě. Nainstalujte požadované aktualizace a restartujte počítač.

Date: 2021-03-11 21:01:02.739
Windows Defender Funkce ochrany v reálném čase zjistila chybu a nezdařila se.
Funkce: Systém kontroly sítě
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: V systému chybí aktualizace potřebné ke spuštění systému pro kontrolu sítě. Nainstalujte požadované aktualizace a restartujte počítač.

Date: 2021-03-11 20:54:45.466
Windows Defender Funkce ochrany v reálném čase zjistila chybu a nezdařila se.
Funkce: Systém kontroly sítě
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: Antimalwarová ochrana přestala z neznámých důvodů fungovat. V některých případech lze tento problém vyřešit restartováním služby.

Date: 2021-03-11 20:47:54.942
Windows Defender Funkce ochrany v reálném čase zjistila chybu a nezdařila se.
Funkce: Systém kontroly sítě
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor.
Důvod: V systému chybí aktualizace potřebné ke spuštění systému pro kontrolu sítě. Nainstalujte požadované aktualizace a restartujte počítač.

==================== Memory info ===========================

BIOS: LENOVO D1CN06WW 05/18/2015
Motherboard: LENOVO Lenovo B70-80
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 8107.08 MB
Available physical RAM: 5350.86 MB
Total Virtual: 9387.08 MB
Available Virtual: 6687.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:194.8 GB) (Free:135.14 GB) NTFS
Drive d: () (Fixed) (Total:698.94 GB) (Free:98.17 GB) NTFS

\\?\Volume{27689127-2015-449b-ae3e-ebb93ada5e43}\ (Obnovení) (Fixed) (Total:0.29 GB) (Free:0.28 GB) NTFS

==================== MBR & Partition Table ====================

Disk: 0 (Size: 894.3 GB) (Disk ID: 18940DCF)

Partition: GPT.

==================== End of Addition.txt =======================

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: divné chování ntb a správce souborů... prosím o kontrolu

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:

HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\ChromeHTML: -> <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{391D5971-B7AA-49B0-A286-10FAF17CBDF6}] => (Allow) C:\Users\uživatel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{FD77BA45-1508-4C7E-8C94-96DDE672F688}] => (Allow) C:\Users\uživatel\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\MountPoints2: {62a1e345-826d-11ea-8291-68f728befd68} - "E:\AutoRun.exe"
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {3A06E549-FDCC-44F3-80FC-47E998E39731} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)
Task: {E95CD146-EC55-4FD1-892C-8A818D433A19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)

Uložte do D:\NEJPLOŠŠŠŠÍ Z POLOCH jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Příspěvky: 31
Registrován: 29 pro 2015 01:52

Re: divné chování ntb a správce souborů... prosím o kontrolu

#9 Příspěvek od lammtech »

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-04-2021
Ran by uživatel (07-04-2021 22:13:09) Run:2
Loaded Profiles: uživatel
Boot Mode: Normal

fixlist content:

HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\ChromeHTML: -> <==== ATTENTION
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{391D5971-B7AA-49B0-A286-10FAF17CBDF6}] => (Allow) C:\Users\uživatel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{FD77BA45-1508-4C7E-8C94-96DDE672F688}] => (Allow) C:\Users\uživatel\AppData\Roaming\Zoom\bin\airhost.exe => No File
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\...\MountPoints2: {62a1e345-826d-11ea-8291-68f728befd68} - "E:\AutoRun.exe"
ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {3A06E549-FDCC-44F3-80FC-47E998E39731} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)
Task: {E95CD146-EC55-4FD1-892C-8A818D433A19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-04-16] (Google Inc -> Google Inc.)


Processes closed successfully.
HKU\S-1-5-21-2330612324-4196637853-554147409-1001_Classes\ChromeHTML => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{391D5971-B7AA-49B0-A286-10FAF17CBDF6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD77BA45-1508-4C7E-8C94-96DDE672F688}" => not found
HKU\S-1-5-21-2330612324-4196637853-554147409-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a1e345-826d-11ea-8291-68f728befd68} => not found
"ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (No File)" => not found
HKLM\SOFTWARE\Policies\Mozilla => not found
HKLM\SOFTWARE\Policies\Google => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A06E549-FDCC-44F3-80FC-47E998E39731}" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E95CD146-EC55-4FD1-892C-8A818D433A19}" => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9623333 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 11009062 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 912 B
NetworkService => 912 B
uživatel => 16978 B

RecycleBin => 0 B
EmptyTemp: => 27.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:13:13 ====

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: divné chování ntb a správce souborů... prosím o kontrolu

#10 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Příspěvky: 31
Registrován: 29 pro 2015 01:52

Re: divné chování ntb a správce souborů... prosím o kontrolu

#11 Příspěvek od lammtech »

zdravim, vypadá to, že je asi vše ok, šlape jako hodinky. děkuji

Uživatelský avatar
Site Admin
Site Admin
Příspěvky: 118370
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: divné chování ntb a správce souborů... prosím o kontrolu

#12 Příspěvek od Rudy »

OK, rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!

Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
