Kontrola logu ntb Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
Martinor
Level 3
Level 3
Příspěvky: 437
Registrován: listopad 06
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Kontrola logu ntb

Příspěvekod Martinor » 27 úno 2021 20:17

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{5A91B122-5790-4C83-B138-764503F8B2AF}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{264B8A43-4220-42DC-A5AA-9B311EA78CB1}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{7240FF55-20B1-493F-AC4A-B43327D0DA7C}] => (Allow) C:\Users\mrmar\Desktop\MTKV262\Microsoft Toolkit.exe => No File
FirewallRules: [{184F296D-6F14-4DBB-822D-276D0B515F5F}] => (Allow) C:\Users\mrmar\Desktop\MTKV262\Microsoft Toolkit.exe => No File
FirewallRules: [{0F490549-F3C7-4D12-B87C-10561DBCD6CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{07C3DA4B-EC5F-4404-8ED3-496A30CB11F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{2D00F518-0491-41A3-B160-3167C7CBF786}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe () [File not signed]
FirewallRules: [{4643B206-FD8C-4A5E-AAC2-B4A13A94405F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe () [File not signed]
FirewallRules: [{9F0E2C31-9DCE-457A-921E-6295714675DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{44622846-C649-4D8A-9A98-D085228019E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{D8D4C9B0-6AC6-4E09-AFA7-71E5B259760C}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{D420017D-8D5F-4B04-A264-05F5B6E759CD}] => (Allow) C:\Program Files (x86)\Common Files\soft602\langserv.exe (Software602 a.s. -> ) [File not signed]
FirewallRules: [{00FAC42B-7489-4379-8455-72B089506A90}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2D2CB561-2F1D-46F3-95D5-C362FA1B4AF6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{EC67E4D0-F748-48BF-B506-4B96A1306571}C:\users\mrmar\desktop\winbox64.exe] => (Allow) C:\users\mrmar\desktop\winbox64.exe (Mikrotikls SIA -> )
FirewallRules: [TCP Query User{309DA9E7-E444-45EE-A097-D553CC8C66B6}C:\users\mrmar\desktop\winbox64.exe] => (Allow) C:\users\mrmar\desktop\winbox64.exe (Mikrotikls SIA -> )
FirewallRules: [UDP Query User{ADE32B01-8417-4616-90BF-3722B9149D63}C:\program files (x86)\broforce.v864.201901211236\broforce_beta.exe] => (Allow) C:\program files (x86)\broforce.v864.201901211236\broforce_beta.exe () [File not signed]
FirewallRules: [TCP Query User{65C35298-29DE-454B-807B-6A590FF7A484}C:\program files (x86)\broforce.v864.201901211236\broforce_beta.exe] => (Allow) C:\program files (x86)\broforce.v864.201901211236\broforce_beta.exe () [File not signed]
FirewallRules: [UDP Query User{9EA643F9-6A76-45F2-9BCC-168CA436F85D}C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe] => (Allow) C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe => No File
FirewallRules: [TCP Query User{85E1D8AD-DDFD-4F28-9072-54F588EBE5A3}C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe] => (Allow) C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe => No File
FirewallRules: [{8E134A76-656C-4254-B165-2C55A52D856C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{F20FFA44-57BE-43F1-9C80-BB8177473699}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{51992BA8-C609-454E-A3AC-C04B64BA0B9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{61AE3BBD-5D7F-4916-9AD2-CB74E96CECE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{EEF10F2E-55EC-45AF-BF19-5A4F728A933F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D4D16003-EBAA-4DBC-8BE0-9282CC6F30D0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{59D5998A-7CD4-4665-89A6-CCB3BCF37379}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsXHD\Launcher.exe (Team17 Software Ltd) [File not signed]
FirewallRules: [{B6A71EFB-CF07-490C-AF59-23999D3298B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WormsXHD\Launcher.exe (Team17 Software Ltd) [File not signed]
FirewallRules: [{A2E35A82-EC2F-4828-A1B2-F60688A9168C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mortal Kombat 11\Binaries\Retail\MK11_DX12.exe (WB Games, Inc.) [File not signed]
FirewallRules: [{A3A8C855-9B7A-409B-A851-EA049697B7BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mortal Kombat 11\Binaries\Retail\MK11_DX12.exe (WB Games, Inc.) [File not signed]
FirewallRules: [{A96B6E1D-C895-4730-A942-CC2395F9E173}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mortal Kombat 11\Binaries\Retail\MK11.exe (WB Games, Inc.) [File not signed]
FirewallRules: [{EA4B94A4-9FA8-452E-899F-627E9988DC4E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mortal Kombat 11\Binaries\Retail\MK11.exe (WB Games, Inc.) [File not signed]
FirewallRules: [{E547BEFF-2557-492E-ABD6-3593F0C61001}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{2BB0CB1C-D609-460C-9FBC-20EC8548A014}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{6B7F1F82-07D9-4E78-8F33-AFEF6E3F0AB6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3357E8EF-FF2C-45DA-8C27-381652894505}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{49FC4C39-39BA-45FE-B262-336847A829A8}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{B599868D-638D-4148-8E9F-806E27F5D782}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{E6B83B93-0EF4-4A61-A755-C4DEFF09BB43}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe (Ph. Jounin) [File not signed]
FirewallRules: [TCP Query User{5373809F-32E0-4DF4-A83A-097EC240080A}C:\program files\tftpd64\tftpd64.exe] => (Allow) C:\program files\tftpd64\tftpd64.exe (Ph. Jounin) [File not signed]
FirewallRules: [UDP Query User{D115FC89-D59A-4F0D-B9FB-CCBA75807FD9}C:\games\tom clancy's rainbow six - siege\rainbowsix.exe] => (Allow) C:\games\tom clancy's rainbow six - siege\rainbowsix.exe => No File
FirewallRules: [TCP Query User{EB2B6FEA-DD6E-45A6-AD34-D7C723FB4A8F}C:\games\tom clancy's rainbow six - siege\rainbowsix.exe] => (Allow) C:\games\tom clancy's rainbow six - siege\rainbowsix.exe => No File
FirewallRules: [UDP Query User{F3028303-69C9-43C0-944A-B030FF8802DC}C:\games\payday 2\payday2_win32_release.exe] => (Block) C:\games\payday 2\payday2_win32_release.exe => No File
FirewallRules: [TCP Query User{EE18E7E6-7D49-471E-AC7E-BD2365227DFD}C:\games\payday 2\payday2_win32_release.exe] => (Block) C:\games\payday 2\payday2_win32_release.exe => No File
FirewallRules: [{6901EBA4-84E1-4634-B3B3-8357294CF19C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{0F8210FD-20DC-4F22-93F3-FCB14B3BD468}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [UDP Query User{232318FB-58AD-48D0-A6A9-43DD13197D65}C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe => No File
FirewallRules: [TCP Query User{DB5E7AF8-A2FD-498C-900D-37F5C8511418}C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe => No File
FirewallRules: [UDP Query User{C6AEC113-939B-46F4-A62F-F574A3559A1D}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe (Rockstar Games) [File not signed]
FirewallRules: [TCP Query User{0D3D52C1-E372-4172-B3B8-392A49BE0FD9}C:\program files (x86)\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\grand theft auto v\gta5.exe (Rockstar Games) [File not signed]
FirewallRules: [{1F0F9AA3-177D-4189-B9CB-38CE4078F598}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{3AE70D6A-2529-4F69-B706-24EFA4DE05C4}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{8FC1F8E4-35CF-45C6-9EAB-670EC08A7601}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9715708A-516E-4919-859C-02FE86C09B81}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{41A7F3A5-3069-4F9A-8B25-1EBE75735F02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce The Expendables Missions\Expendabros.exe () [File not signed]
FirewallRules: [{DF334F51-75C2-40DB-9A16-099772ABA1A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broforce The Expendables Missions\Expendabros.exe () [File not signed]
FirewallRules: [TCP Query User{61608E8D-27A9-4A06-857C-B935139A1CD8}C:\program files (x86)\enter the gungeon\enter the gungeon v1.1.4\etg.exe] => (Allow) C:\program files (x86)\enter the gungeon\enter the gungeon v1.1.4\etg.exe () [File not signed]
FirewallRules: [UDP Query User{7756161F-F434-401E-9908-6E41A751FE1A}C:\program files (x86)\enter the gungeon\enter the gungeon v1.1.4\etg.exe] => (Allow) C:\program files (x86)\enter the gungeon\enter the gungeon v1.1.4\etg.exe () [File not signed]
FirewallRules: [{2DBDD1C9-3ED3-4D5E-8186-9878BFF16AF7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0C1F9880-CCDA-4025-AC79-4B9C1ABEE550}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{703844F6-39BF-4849-9C16-495CE06063BF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BD690E2D-A745-4F6C-A85C-F362327F75C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9AD58358-54EF-4F10-9111-094514DBC765}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{2B2BDB7F-EAE1-4E01-8447-7A94A98353BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{76BC2C6C-E235-409D-BD81-10E9399DFF9E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7D438A29-0944-44B7-8EB2-A93F28C76718}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D7392BA1-48CB-4F40-9B80-5650A688B94A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{34777EBE-5627-4388-B0AC-B683AEEE0BCC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{D19905AE-999C-4905-A20F-FE661CEACA58}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EasyPrinterManagerV2.exe (HP Inc. -> )
FirewallRules: [{3AFA1964-E6FC-4A67-9841-44BF900C7193}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{D27670D9-3529-463D-B8C7-AD39BD25F445}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2AlertList.exe (HP Inc. -> HP Printing Korea Co., Ltd.)
FirewallRules: [{198CE78E-626F-4839-8903-0BAE9F43061E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\EPM2Migrator.exe (HP Inc. -> )
FirewallRules: [{2539CE98-C21C-465E-8A73-945D89B1880F}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{476D2658-AF16-4237-A36A-2C53A475485A}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{8137001A-C4F8-4353-A4C3-3DFAE4340774}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beach Buggy Racing 2\Game_x64.exe (Vector Unit Inc) [File not signed]
FirewallRules: [{FE52CC5D-2491-460A-8DDC-620BB65B3993}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Beach Buggy Racing 2\Game_x64.exe (Vector Unit Inc) [File not signed]
FirewallRules: [TCP Query User{8D6B4B5D-ED88-4B93-8FA1-9F2E3D8441C6}C:\users\mrmar\appdata\local\nvidia corporation\geforcenow\cef\geforcenow.exe] => (Allow) C:\users\mrmar\appdata\local\nvidia corporation\geforcenow\cef\geforcenow.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{BBA218CB-D25A-4082-85FE-270B2F2493C2}C:\users\mrmar\appdata\local\nvidia corporation\geforcenow\cef\geforcenow.exe] => (Allow) C:\users\mrmar\appdata\local\nvidia corporation\geforcenow\cef\geforcenow.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C2E172D0-F9C9-494A-8CF0-392FA03D9522}] => (Allow) C:\Users\mrmar\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{A2E2EA09-68C2-4322-86A9-5026C403B7FE}] => (Allow) C:\Users\mrmar\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{2FC5F09B-9C8A-4EDA-9776-C367452196F0}] => (Allow) C:\Users\mrmar\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{525A1EE4-E59E-4731-8FED-997453777301}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{2750372B-8FB3-4E2A-B440-E62166D5F016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win64\RocketLeague.exe (Psyonix, LLC) [File not signed]
FirewallRules: [{53F2AF3B-E411-4FDB-87B1-6734470B240E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Controller Companion\ControllerCompanion.exe (KOGA TECH LIMITED -> KogaTech ApS)
FirewallRules: [{C042CB38-72C2-4825-9828-568C8B40002F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Controller Companion\ControllerCompanion.exe (KOGA TECH LIMITED -> KogaTech ApS)
FirewallRules: [{588FDF6B-0C2C-4227-9422-F3703AF80C5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A9FB1BD-5790-4F09-B218-0DA54CEDFAE7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{386FD447-10D7-47F9-87EF-4C1BED61C573}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5B8DF340-0DCE-4839-84FC-4DFC69A7C2CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{17C51545-6C62-452C-9E42-02CF3914D9CE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E1570688-7CA0-4D8E-B0BA-AC27083720CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{14667ADE-86DF-41CA-B419-AA38835AFE5A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F5D8777E-9E10-4014-AA03-6EC602ADB565}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7A1CC4D1-4158-4EE2-80D6-FB1330EF22A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{547DBD2F-8786-4011-92B7-B0EF5840C422}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{76BB02CD-97C5-47BA-B4BD-2E58363DA899}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{07C6764F-7681-4E2F-958D-F846C3E777A6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D5041594-6213-4A43-822C-AD6BA3D1659F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2343B669-C307-4CB5-A192-B7EC1F8C5459}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [UDP Query User{A009AD83-A060-44F7-85AF-7DB4F214723F}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [TCP Query User{17EE8BDF-B04C-4C5D-9E29-B0DE057D456E}C:\program files\serviio\jre\bin\javaw.exe] => (Allow) C:\program files\serviio\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{71C0E0EA-0C47-42B4-8BBA-06E69A28841B}C:\program files\serviio\jre\bin\javaw.exe] => (Allow) C:\program files\serviio\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{F2402AD3-5ED2-418E-AB62-2A2DE8602468}C:\ais_win\bin_old98\vitejte.exe] => (Block) C:\ais_win\bin_old98\vitejte.exe () [File not signed]
FirewallRules: [UDP Query User{73ABCBBF-6AA0-4AE3-860D-4A30BFC872B5}C:\ais_win\bin_old98\vitejte.exe] => (Block) C:\ais_win\bin_old98\vitejte.exe () [File not signed]
FirewallRules: [{3C576D79-461F-430E-8A87-470AE64F22FA}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{0BF02738-98F4-4729-851D-833AD9A5360B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{1C106A3B-ECC2-42DC-A737-ADEA11B9A5C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

15-02-2021 20:46:45 Installed Sophos Virus Removal Tool.
15-02-2021 20:47:25 JRT Pre-Junkware Removal
23-02-2021 19:54:11 Instalační služba modulů systému Windows
27-02-2021 20:07:11 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/23/2021 09:27:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: NVDisplay.Container.exe, verze: 1.25.2802.9499, časové razítko: 0x5e4ff156
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0x0e9c5eae
Kód výjimky: 0xe06d7363
Posun chyby: 0x000000000002d759
ID chybujícího procesu: 0xc18
Čas spuštění chybující aplikace: 0x01d70a2242abf8d9
Cesta k chybující aplikaci: C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6e7eeeb0f1b98a43\Display.NvContainer\NVDisplay.Container.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 54fc26e8-49a4-47ac-8eac-55c9318cc132
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/23/2021 08:47:16 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (02/23/2021 07:02:33 PM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/23/2021 07:13:40 AM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/23/2021 07:13:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Explorer.EXE, verze: 10.0.19041.746, časové razítko: 0xca234864
Název chybujícího modulu: combase.dll, verze: 10.0.19041.746, časové razítko: 0x1cae0c4a
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000b2b26
ID chybujícího procesu: 0x2558
Čas spuštění chybující aplikace: 0x01d709aaf6edd3dc
Cesta k chybující aplikaci: C:\WINDOWS\Explorer.EXE
Cesta k chybujícímu modulu: C:\WINDOWS\System32\combase.dll
ID zprávy: b1d65539-b0ae-43a0-b845-31d8c9eb06b4
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/22/2021 10:01:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: aesm_service.exe, verze: 2.7.100.2, časové razítko: 0x5e5f6f1d
Název chybujícího modulu: JHI.DLL, verze: 1908.12.0.1228, časové razítko: 0x5c6bc498
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000040fb0
ID chybujícího procesu: 0x4788
Čas spuštění chybující aplikace: 0x01d703d97a8dc82c
Cesta k chybující aplikaci: C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_bff7913eb62bbf90\aesm_service.exe
Cesta k chybujícímu modulu: C:\WINDOWS\system32\JHI.DLL
ID zprávy: 7090f055-0cb0-43f1-8a9b-d1afcb0ac663
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/19/2021 05:13:44 PM) (Source: DPTF) (EventID: 17) (User: NT AUTHORITY)
Description: Event-ID 17

Error: (02/19/2021 04:13:10 PM) (Source: openvpnserv) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (02/27/2021 08:02:08 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error: (02/27/2021 08:02:08 PM) (Source: bcbtums) (EventID: 1024) (User: )
Description: Failed initializing BT device, failed submitting event read.

Error: (02/27/2021 06:08:38 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-6ITC27E6)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/27/2021 06:08:37 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-6ITC27E6)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/27/2021 06:08:37 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-6ITC27E6)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/27/2021 06:08:37 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-6ITC27E6)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/27/2021 06:08:37 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-6ITC27E6)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (02/27/2021 06:08:37 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-6ITC27E6)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2021-02-27 10:47:32
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {BF1C7527-72DD-4158-B461-7FB68A884D13}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-22 09:36:42
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {ECC2CA59-C0AB-49F7-8C9C-DE8F867A6E2D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-21 23:29:09
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {68EFC49B-A050-4955-9EC2-8AAF0F4D9A8B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-21 18:38:29
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: HackTool:Win32/AutoKMS
Závažnost: Vysoké
Kategorie: Nástroj
Cesta: file:_D:\Ratiborus KMS Tools 01.12.2019\KMSTools.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: LAPTOP-6ITC27E6\mrmar
Název procesu: C:\Windows\explorer.exe
Verze bezpečnostních informací: AV: 1.331.1516.0, AS: 1.331.1516.0, NIS: 1.331.1516.0
Verze modulu: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-21 17:43:19
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {0EE5A5C3-973A-4089-ADAC-AEBA6E4A4C1D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-25 11:41:30
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.1739.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240017
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2021-02-23 19:08:31
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.331.1568.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80240438
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře.

Date: 2021-02-02 09:29:37
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.331.33.0
Předchozí verze bezpečnostních informací: 1.329.3319.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.17800.5
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

Date: 2021-02-02 09:29:37
Description:
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 1.331.33.0
Předchozí verze bezpečnostních informací: 1.329.3319.0
Zdroj aktualizace: Uživatel
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Delta
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 1.1.17800.5
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x80070666
Popis chyby: Již je nainstalována jiná verze tohoto produktu. Instalaci této verze nelze dokončit. Chcete-li znovu nakonfigurovat nebo odebrat existující verzi produktu, použijte ovládací panel Přidat nebo odebrat programy.

==================== Memory info ===========================

BIOS: LENOVO BWCN15WW 06/22/2020
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz
Percentage of memory in use: 53%
Total physical RAM: 12133.74 MB
Available physical RAM: 5584.37 MB
Total Virtual: 14949.74 MB
Available Virtual: 6688.97 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:905.77 GB) (Free:350.66 GB) NTFS

\\?\Volume{22a9e85f-cfe8-4df3-a9f4-6472163d406e}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.24 GB) NTFS
\\?\Volume{7c5b707d-8bee-46bf-8059-2d3ef39dee03}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 9F8A9018)

Partition: GPT.

==================== End of Addition.txt =======================
Lenovo IdeaPad S540-15IWL- verze 81SW000VCK

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu ntb

Příspěvekod jaro3 » 27 úno 2021 21:44

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo17win10.msn.com/?pc=LCTE
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" –launchedbylogin


Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\...\MountPoints2: {afab3c04-550d-11eb-91b6-087190fdcaea} - "D:\HiSuiteDownLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {30F7BD5C-E7B5-4CD8-A0F6-FAF14698952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-29] (Google Inc -> Google LLC)
Task: {636FE655-6307-436B-A152-9AA79C5E86CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-29] (Google Inc -> Google LLC)
Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.38.6.0_neutral__e7b5mm5d3r6v2 [not found]
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
CHR HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\mrmar\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2021-02-24]
CHR HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [  MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [  MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [  MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [  MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [  MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [  MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
2021-02-27 20:03 - 2021-02-27 20:03 - 000114176 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_ctypes.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000172544 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_elementtree.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 002255872 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_hashlib.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000032256 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_multiprocessing.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000046080 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_psutil_windows.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000047616 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_socket.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 002824704 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_ssl.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000026112 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_yappi.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000080896 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\bz2.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000015872 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\common.time34.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000007680 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\hashobjs_ext.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000301568 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\PIL._imaging.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000168448 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pyexpat.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 001084416 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pysqlite2._sqlite.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000548864 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pythoncom27.dll
2021-02-27 20:03 - 2021-02-27 20:03 - 000137728 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pywintypes27.dll
2021-02-27 20:03 - 2021-02-27 20:03 - 000010752 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\select.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000020992 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\thumbnails_ext.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000689664 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\unicodedata.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000119808 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\usb_ext.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000128512 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32api.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000438784 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32com.shell.shell.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000011776 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32crypt.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000023040 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32event.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000149504 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32file.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000223232 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32gui.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000048128 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32inet.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000029696 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32pdh.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000027648 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32pipe.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000044032 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32process.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000020480 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32profile.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000136192 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32security.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000026624 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32ts.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000034304 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.conditional.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000037888 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.connectivity.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000071680 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.device_monitor.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000103936 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.volumes.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000019968 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.winwrap.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 001325056 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._controls_.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 001489408 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._core_.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 001007104 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._gdi_.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000103424 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._html2.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000916992 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._misc_.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 001039872 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._windows_.pyd
SearchScopes: HKU\S-1-5-21-2114862974-1071683145-3095331456-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2114862974-1071683145-3095331456-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2114862974-1071683145-3095331456-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
FirewallRules: [{7240FF55-20B1-493F-AC4A-B43327D0DA7C}] => (Allow) C:\Users\mrmar\Desktop\MTKV262\Microsoft Toolkit.exe => No File
FirewallRules: [{184F296D-6F14-4DBB-822D-276D0B515F5F}] => (Allow) C:\Users\mrmar\Desktop\MTKV262\Microsoft Toolkit.exe => No File
FirewallRules: [{0F490549-F3C7-4D12-B87C-10561DBCD6CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{07C3DA4B-EC5F-4404-8ED3-496A30CB11F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{9F0E2C31-9DCE-457A-921E-6295714675DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{44622846-C649-4D8A-9A98-D085228019E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [UDP Query User{9EA643F9-6A76-45F2-9BCC-168CA436F85D}C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe] => (Allow) C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe => No File
FirewallRules: [TCP Query User{85E1D8AD-DDFD-4F28-9072-54F588EBE5A3}C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe] => (Allow) C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe => No File
FirewallRules: [{51992BA8-C609-454E-A3AC-C04B64BA0B9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{61AE3BBD-5D7F-4916-9AD2-CB74E96CECE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{E547BEFF-2557-492E-ABD6-3593F0C61001}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{2BB0CB1C-D609-460C-9FBC-20EC8548A014}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{D115FC89-D59A-4F0D-B9FB-CCBA75807FD9}C:\games\tom clancy's rainbow six - siege\rainbowsix.exe] => (Allow) C:\games\tom clancy's rainbow six - siege\rainbowsix.exe => No File
FirewallRules: [TCP Query User{EB2B6FEA-DD6E-45A6-AD34-D7C723FB4A8F}C:\games\tom clancy's rainbow six - siege\rainbowsix.exe] => (Allow) C:\games\tom clancy's rainbow six - siege\rainbowsix.exe => No File
FirewallRules: [UDP Query User{F3028303-69C9-43C0-944A-B030FF8802DC}C:\games\payday 2\payday2_win32_release.exe] => (Block) C:\games\payday 2\payday2_win32_release.exe => No File
FirewallRules: [TCP Query User{EE18E7E6-7D49-471E-AC7E-BD2365227DFD}C:\games\payday 2\payday2_win32_release.exe] => (Block) C:\games\payday 2\payday2_win32_release.exe => No File
FirewallRules: [UDP Query User{232318FB-58AD-48D0-A6A9-43DD13197D65}C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe => No File
FirewallRules: [TCP Query User{DB5E7AF8-A2FD-498C-900D-37F5C8511418}C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe => No File
FirewallRules: [{1F0F9AA3-177D-4189-B9CB-38CE4078F598}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{3AE70D6A-2529-4F69-B706-24EFA4DE05C4}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{A2E2EA09-68C2-4322-86A9-5026C403B7FE}] => (Allow) C:\Users\mrmar\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{2FC5F09B-9C8A-4EDA-9776-C367452196F0}] => (Allow) C:\Users\mrmar\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{17EE8BDF-B04C-4C5D-9E29-B0DE057D456E}C:\program files\serviio\jre\bin\javaw.exe] => (Allow) C:\program files\serviio\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{71C0E0EA-0C47-42B4-8BBA-06E69A28841B}C:\program files\serviio\jre\bin\javaw.exe] => (Allow) C:\program files\serviio\jre\bin\javaw.exe => No File

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Martinor
Level 3
Level 3
Příspěvky: 437
Registrován: listopad 06
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Kontrola logu ntb

Příspěvekod Martinor » 27 úno 2021 22:15

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-02-2021
Ran by mrmar (27-02-2021 21:54:53) Run:1
Running from C:\Users\mrmar\Desktop
Loaded Profiles: mrmar
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\...\MountPoints2: {afab3c04-550d-11eb-91b6-087190fdcaea} - "D:\HiSuiteDownLoader.exe"
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {30F7BD5C-E7B5-4CD8-A0F6-FAF14698952E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-29] (Google Inc -> Google LLC)
Task: {636FE655-6307-436B-A152-9AA79C5E86CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-29] (Google Inc -> Google LLC)
Edge Extension: (No Name) -> EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => C:\Program Files\WindowsApps\TonecInc.IDMIntegrationModule_6.38.6.0_neutral__e7b5mm5d3r6v2 [not found]
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
CHR HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\mrmar\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2021-02-24]
CHR HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll -> No File
2021-02-27 20:03 - 2021-02-27 20:03 - 000114176 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_ctypes.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000172544 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_elementtree.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 002255872 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_hashlib.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000032256 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_multiprocessing.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000046080 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_psutil_windows.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000047616 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_socket.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 002824704 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_ssl.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000026112 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_yappi.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000080896 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\bz2.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000015872 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\common.time34.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000007680 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\hashobjs_ext.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000301568 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\PIL._imaging.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000168448 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pyexpat.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 001084416 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pysqlite2._sqlite.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000548864 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pythoncom27.dll
2021-02-27 20:03 - 2021-02-27 20:03 - 000137728 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pywintypes27.dll
2021-02-27 20:03 - 2021-02-27 20:03 - 000010752 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\select.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000020992 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\thumbnails_ext.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000689664 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\unicodedata.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000119808 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\usb_ext.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000128512 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32api.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000438784 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32com.shell.shell.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000011776 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32crypt.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000023040 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32event.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000149504 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32file.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000223232 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32gui.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000048128 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32inet.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000029696 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32pdh.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000027648 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32pipe.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000044032 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32process.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000020480 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32profile.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000136192 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32security.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000026624 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32ts.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000034304 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.conditional.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000037888 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.connectivity.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000071680 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.device_monitor.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000103936 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.volumes.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000019968 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.winwrap.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 001325056 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._controls_.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 001489408 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._core_.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 001007104 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._gdi_.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000103424 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._html2.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 000916992 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._misc_.pyd
2021-02-27 20:03 - 2021-02-27 20:03 - 001039872 _____ () [File not signed] C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._windows_.pyd
SearchScopes: HKU\S-1-5-21-2114862974-1071683145-3095331456-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2114862974-1071683145-3095331456-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2114862974-1071683145-3095331456-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
FirewallRules: [{7240FF55-20B1-493F-AC4A-B43327D0DA7C}] => (Allow) C:\Users\mrmar\Desktop\MTKV262\Microsoft Toolkit.exe => No File
FirewallRules: [{184F296D-6F14-4DBB-822D-276D0B515F5F}] => (Allow) C:\Users\mrmar\Desktop\MTKV262\Microsoft Toolkit.exe => No File
FirewallRules: [{0F490549-F3C7-4D12-B87C-10561DBCD6CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{07C3DA4B-EC5F-4404-8ED3-496A30CB11F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{9F0E2C31-9DCE-457A-921E-6295714675DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [{44622846-C649-4D8A-9A98-D085228019E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\RocketLeague.exe => No File
FirewallRules: [UDP Query User{9EA643F9-6A76-45F2-9BCC-168CA436F85D}C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe] => (Allow) C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe => No File
FirewallRules: [TCP Query User{85E1D8AD-DDFD-4F28-9072-54F588EBE5A3}C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe] => (Allow) C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe => No File
FirewallRules: [{51992BA8-C609-454E-A3AC-C04B64BA0B9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{61AE3BBD-5D7F-4916-9AD2-CB74E96CECE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe => No File
FirewallRules: [{E547BEFF-2557-492E-ABD6-3593F0C61001}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{2BB0CB1C-D609-460C-9FBC-20EC8548A014}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [UDP Query User{D115FC89-D59A-4F0D-B9FB-CCBA75807FD9}C:\games\tom clancy's rainbow six - siege\rainbowsix.exe] => (Allow) C:\games\tom clancy's rainbow six - siege\rainbowsix.exe => No File
FirewallRules: [TCP Query User{EB2B6FEA-DD6E-45A6-AD34-D7C723FB4A8F}C:\games\tom clancy's rainbow six - siege\rainbowsix.exe] => (Allow) C:\games\tom clancy's rainbow six - siege\rainbowsix.exe => No File
FirewallRules: [UDP Query User{F3028303-69C9-43C0-944A-B030FF8802DC}C:\games\payday 2\payday2_win32_release.exe] => (Block) C:\games\payday 2\payday2_win32_release.exe => No File
FirewallRules: [TCP Query User{EE18E7E6-7D49-471E-AC7E-BD2365227DFD}C:\games\payday 2\payday2_win32_release.exe] => (Block) C:\games\payday 2\payday2_win32_release.exe => No File
FirewallRules: [UDP Query User{232318FB-58AD-48D0-A6A9-43DD13197D65}C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe => No File
FirewallRules: [TCP Query User{DB5E7AF8-A2FD-498C-900D-37F5C8511418}C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe => No File
FirewallRules: [{1F0F9AA3-177D-4189-B9CB-38CE4078F598}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{3AE70D6A-2529-4F69-B706-24EFA4DE05C4}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{A2E2EA09-68C2-4322-86A9-5026C403B7FE}] => (Allow) C:\Users\mrmar\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{2FC5F09B-9C8A-4EDA-9776-C367452196F0}] => (Allow) C:\Users\mrmar\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{17EE8BDF-B04C-4C5D-9E29-B0DE057D456E}C:\program files\serviio\jre\bin\javaw.exe] => (Allow) C:\program files\serviio\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{71C0E0EA-0C47-42B4-8BBA-06E69A28841B}C:\program files\serviio\jre\bin\javaw.exe] => (Allow) C:\program files\serviio\jre\bin\javaw.exe => No File

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afab3c04-550d-11eb-91b6-087190fdcaea} => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30F7BD5C-E7B5-4CD8-A0F6-FAF14698952E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30F7BD5C-E7B5-4CD8-A0F6-FAF14698952E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{636FE655-6307-436B-A152-9AA79C5E86CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{636FE655-6307-436B-A152-9AA79C5E86CB}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_TonecIncIDMIntegrationModule_e7b5mm5d3r6v2 => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN" => not found
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => moved successfully
HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf => removed successfully
C:\Users\mrmar\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx => moved successfully
HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => subkey with invalid name -> removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => subkey with invalid name -> removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => subkey with invalid name -> removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu) => removed successfully
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_ctypes.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_elementtree.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_hashlib.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_multiprocessing.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_psutil_windows.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_socket.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_ssl.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\_yappi.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\bz2.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\common.time34.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\hashobjs_ext.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\PIL._imaging.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pyexpat.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pysqlite2._sqlite.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pythoncom27.dll" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\pywintypes27.dll" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\select.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\thumbnails_ext.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\unicodedata.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\usb_ext.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32api.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32com.shell.shell.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32crypt.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32event.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32file.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32gui.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32inet.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32pdh.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32pipe.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32process.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32profile.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32security.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\win32ts.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.conditional.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.connectivity.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.device_monitor.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.volumes.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\windows.winwrap.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._controls_.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._core_.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._gdi_.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._html2.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._misc_.pyd" => not found
"C:\Users\mrmar\AppData\Local\Temp\_MEI199122\wx._windows_.pyd" => not found
"HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
HKU\S-1-5-21-2114862974-1071683145-3095331456-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7240FF55-20B1-493F-AC4A-B43327D0DA7C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{184F296D-6F14-4DBB-822D-276D0B515F5F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F490549-F3C7-4D12-B87C-10561DBCD6CF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07C3DA4B-EC5F-4404-8ED3-496A30CB11F9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F0E2C31-9DCE-457A-921E-6295714675DA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{44622846-C649-4D8A-9A98-D085228019E7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9EA643F9-6A76-45F2-9BCC-168CA436F85D}C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{85E1D8AD-DDFD-4F28-9072-54F588EBE5A3}C:\users\mrmar\downloads\broforce.v864.201901211236\broforce_beta.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{51992BA8-C609-454E-A3AC-C04B64BA0B9F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61AE3BBD-5D7F-4916-9AD2-CB74E96CECE3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E547BEFF-2557-492E-ABD6-3593F0C61001}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BB0CB1C-D609-460C-9FBC-20EC8548A014}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D115FC89-D59A-4F0D-B9FB-CCBA75807FD9}C:\games\tom clancy's rainbow six - siege\rainbowsix.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EB2B6FEA-DD6E-45A6-AD34-D7C723FB4A8F}C:\games\tom clancy's rainbow six - siege\rainbowsix.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F3028303-69C9-43C0-944A-B030FF8802DC}C:\games\payday 2\payday2_win32_release.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EE18E7E6-7D49-471E-AC7E-BD2365227DFD}C:\games\payday 2\payday2_win32_release.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{232318FB-58AD-48D0-A6A9-43DD13197D65}C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DB5E7AF8-A2FD-498C-900D-37F5C8511418}C:\users\mrmar\appdata\roaming\utorrent\utorrent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F0F9AA3-177D-4189-B9CB-38CE4078F598}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3AE70D6A-2529-4F69-B706-24EFA4DE05C4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2E2EA09-68C2-4322-86A9-5026C403B7FE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2FC5F09B-9C8A-4EDA-9776-C367452196F0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{17EE8BDF-B04C-4C5D-9E29-B0DE057D456E}C:\program files\serviio\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{71C0E0EA-0C47-42B4-8BBA-06E69A28841B}C:\program files\serviio\jre\bin\javaw.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1032873110 B
Java, Flash, Steam htmlcache => 406947906 B
Windows/system/drivers => 6370127 B
Edge => 0 B
Chrome => 1842382931 B
Firefox => 31005023 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 11186 B
mrmar => 279200374 B

RecycleBin => 1492247992 B
EmptyTemp: => 4.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:07:27 ====
Lenovo IdeaPad S540-15IWL- verze 81SW000VCK

Uživatelský avatar
Martinor
Level 3
Level 3
Příspěvky: 437
Registrován: listopad 06
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Kontrola logu ntb

Příspěvekod Martinor » 27 úno 2021 22:59

Tak jsem po tom všem čištění to zkoušel. Nicméně bez výsledku a stále se mi to seká při spuštění firefox, totalcmd apod. Tak jsem trochu experimentoval a neplechu dělá tento program https://www.actualtools.com/multiplemonitors/ - mám koupenou licenci.

Zkoušel jsem odebrat, přestalo to. Nainstaloval jsem starší verzi - protože na ní nemám licenci a začalo to opět dělat znovu. Tak se omlouvám, netušil jsem že to může být takovýmto programem. Možná by pomohla koupit nová verze (tahle je přes rok stará na kterou mám licenci). Jinak tedy děkuji moc za vyčištění, budeme ještě provádět nějakou práci?

MP.
Lenovo IdeaPad S540-15IWL- verze 81SW000VCK

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Kontrola logu ntb

Příspěvekod jaro3 » 27 úno 2021 23:04

jen tohle:
Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
Martinor
Level 3
Level 3
Příspěvky: 437
Registrován: listopad 06
Bydliště: Brno
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Kontrola logu ntb  Vyřešeno

Příspěvekod Martinor » 27 úno 2021 23:09

# DelFix v1.013 - Logfile created 27/02/2021 at 23:08:18
# Updated 17/04/2016 by Xplode
# Username : mrmar - LAPTOP-6ITC27E6
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\mrmar\Desktop\FRST64.exe
Deleted : C:\Users\mrmar\Desktop\zoek (1).exe
Deleted : C:\Users\Public\Desktop\RogueKiller.lnk
Deleted : C:\Users\mrmar\Downloads\Addition.txt
Deleted : C:\Users\mrmar\Downloads\AdwCleaner (1).exe
Deleted : C:\Users\mrmar\Downloads\AdwCleaner.exe
Deleted : C:\Users\mrmar\Downloads\adwcleaner_8.0.9.1.exe
Deleted : C:\Users\mrmar\Downloads\adwcleaner_8.1.exe
Deleted : C:\Users\mrmar\Downloads\FRST.txt
Deleted : C:\Users\mrmar\Downloads\JRT.exe
Deleted : C:\Users\mrmar\Downloads\HijackThis (1).exe
Deleted : C:\Users\mrmar\Downloads\HijackThis.exe
Deleted : C:\Users\mrmar\Downloads\hijackthis.log
Deleted : C:\Users\mrmar\Downloads\RogueKiller_setup.exe
Deleted : C:\Users\mrmar\Downloads\TFC.exe
Deleted : C:\Users\mrmar\Downloads\zoek1.rar
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #24 [Installed Sophos Virus Removal Tool. | 02/15/2021 19:46:45]
Deleted : RP #25 [JRT Pre-Junkware Removal | 02/15/2021 19:47:25]
Deleted : RP #26 [Instalační služba modulů systému Windows | 02/23/2021 18:54:11]
Deleted : RP #27 [Instalační služba modulů systému Windows | 02/27/2021 19:07:11]

New restore point created !

########## - EOF - ##########
Lenovo IdeaPad S540-15IWL- verze 81SW000VCK


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 3 hosti