Zavirované PC - pomoc s odvirováním

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

bobr.cz
Level 2
Level 2
Příspěvky: 230
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirované PC - pomoc s odvirováním

Příspěvekod bobr.cz » 02 zář 2020 23:59

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2020
Ran by Ziharna (administrator) on ZIHARNA-PC (LENOVO 7484W6F) (02-09-2020 23:54:35)
Running from C:\Users\Ziharna\Desktop
Loaded Profiles: Ziharna
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [27775672 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\...\Run: [Steam] => "C:\programy\Steam\steam.exe" -silent
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.135\Installer\chrmstp.exe [2020-08-20] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11B5A0BB-56C4-4030-AF9D-692473EB94BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [23571128 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1B3DF706-BAFA-4E5F-A7E5-ACDDD38E022C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {23204E7E-E022-4F8F-8DB7-D341D792F9F8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [469952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {29DBE9AF-C9BE-467B-B8EC-1C237EF49526} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [976832 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {327FFDAE-955B-4392-BED0-D2BBB9F406EF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {768D07EA-2E13-4499-8F30-9D367F1130EE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [757184 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7DBC8897-13D0-4EFF-AE97-F3B5471948DD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7DC9206D-0AC3-4DD7-B2D3-12B4DE516E68} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2019-04-16] () [File not signed]
Task: {80C76656-9C98-4B3F-B114-1A60CBBFC273} - System32\Tasks\{9A32986E-6E87-4122-9F6F-3161DE55706E} => C:\Windows\system32\pcalua.exe -a "C:\programy\Stronghold Legends\GameuxInstall.exe" -d "C:\programy\Stronghold Legends"
Task: {816B2E9E-1D98-4222-9675-245A5EF1F5D7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8A5F7543-D364-4A63-845F-0E2E88C43EEE} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {90969E64-7099-4AA3-859A-BB090174E427} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {AB857D2D-D83B-4910-96EC-51928CFECA7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {C4EB1CE0-ED6E-40D8-BD6C-0D03843AB8F7} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [510912 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE6FC058-8977-4087-B813-59EADBF19C60} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D94215ED-9B10-4DDB-A53E-8B0DC1A34E44} - System32\Tasks\AdobeAAMUpdater-1.0-Ziharna-PC-Ziharna => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E03709DB-7828-45E5-BAE7-18E417094F14} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [24173480 2020-08-26] (GridinSoft, LLC -> Gridinsoft LLC)
Task: {FBDCE1A9-6049-4AAD-9FC5-010AEB620114} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{49EA9F4A-9E18-41BA-91C1-71AEBF4A301D}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{EA36C962-446D-4F78-BF8F-9EF002477001}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-711302050-3009418862-4191154230-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2020-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-05-13] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Ziharna\AppData\Local\Google\Chrome\User Data\Default [2020-09-02]
CHR Extension: (McAfee® Web Boost) - C:\Users\Ziharna\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekeajafkkpokaofllcadenjdckhinm [2020-08-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ziharna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-08-31]
CHR Extension: (Chrome Media Router) - C:\Users\Ziharna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-31]
CHR HKLM\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]
CHR HKLM-x32\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 GameforgeClientService; C:\Program Files (x86)\GameforgeClient\gfservice.exe [529568 2020-03-04] (Gameforge 4D GmbH -> )
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\MBAMService.exe [7138296 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13599288 2020-08-24] (Adlice -> )
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13088784 2020-05-25] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2020-08-31] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 DLPortIO; C:\Windows\SysWOW64\DRIVERS\DLPortIO.SYS [3584 2000-06-29] () [File not signed]
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 GridinSoftInetSecurityDriver; C:\Windows\System32\DRIVERS\gsInetSecurity.sys [107784 2020-08-18] (GridinSoft, LLC -> GridinSoft LLC)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2019-10-13] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Pinnacle Systems GmbH)
S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R1 MpKslDrv; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7405357-EABF-44B3-B367-7F3EE2AE2F63}\MpKslDrv.sys [78056 2020-09-02] (Microsoft Windows -> Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2005-01-21] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [393880 2019-04-07] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [38216 2020-08-18] (GridinSoft, LLC -> GridinSoft LLC)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R1 WinRing0_1_2_0; C:\Program Files (x86)\EVGA\WinRing0\WinRing0x64.sys [14536 2019-06-24] (EVGA -> OpenLibSys.org)
U3 a2thwwq1; C:\Windows\System32\Drivers\a2thwwq1.sys [0 0000-00-00] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U3 ahb42i4f; no ImagePath
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-02 23:54 - 2020-09-02 23:55 - 000015500 _____ C:\Users\Ziharna\Desktop\FRST.txt
2020-09-02 23:54 - 2020-09-02 23:55 - 000000000 ____D C:\FRST
2020-09-02 23:51 - 2020-09-02 23:51 - 002298880 _____ (Farbar) C:\Users\Ziharna\Desktop\FRST64.exe
2020-09-01 22:43 - 2020-09-01 22:43 - 000000000 ____D C:\Users\Ziharna\Downloads\emsisoft_decrypter
2020-09-01 22:36 - 2020-09-01 22:42 - 058286335 _____ C:\Users\Ziharna\Downloads\emsisoft_decrypter.zip
2020-09-01 22:34 - 2020-09-01 22:34 - 000000000 ____D C:\Users\Ziharna\Downloads\backups
2020-08-31 10:47 - 2020-08-31 10:48 - 011029532 _____ C:\Users\Ziharna\Downloads\asetup_gridinsoft-anti-malware-4.1_9005953902550.zip
2020-08-31 10:21 - 2020-09-02 07:21 - 000003236 _____ C:\Windows\system32\Tasks\GridinSoft Anti-Malware
2020-08-31 10:21 - 2020-08-31 10:42 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2020-08-31 10:21 - 2020-08-31 10:21 - 000000893 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
2020-08-31 10:21 - 2020-08-31 10:21 - 000000893 _____ C:\ProgramData\Desktop\GridinSoft Anti-Malware.lnk
2020-08-31 10:21 - 2020-08-31 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2020-08-31 10:21 - 2020-08-31 10:21 - 000000000 ____D C:\ProgramData\GridinSoft
2020-08-31 10:19 - 2020-08-31 10:19 - 000989584 _____ (GridinSoft LLC) C:\Users\Ziharna\Downloads\install-antimalware-fix.exe
2020-08-31 08:05 - 2020-09-02 23:55 - 000172158 _____ C:\Windows\ZAM.krnl.trace
2020-08-31 08:05 - 2020-08-31 08:05 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2020-08-31 08:05 - 2020-08-31 08:05 - 000003478 _____ C:\Windows\system32\Tasks\AMHelper
2020-08-31 08:05 - 2020-08-31 08:05 - 000001256 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2020-08-31 08:05 - 2020-08-31 08:05 - 000001256 _____ C:\ProgramData\Desktop\Zemana AntiMalware.lnk
2020-08-31 08:05 - 2020-08-31 08:05 - 000000000 ____D C:\Users\Ziharna\AppData\Local\Zemana
2020-08-31 08:05 - 2020-08-31 08:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2020-08-31 08:05 - 2020-08-31 08:05 - 000000000 ____D C:\Program Files (x86)\Zemana
2020-08-31 08:04 - 2020-08-31 08:05 - 000000000 ____D C:\Users\Ziharna\AppData\Local\AMSDK
2020-08-31 07:51 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2020-08-31 07:26 - 2020-08-31 07:47 - 000000000 ____D C:\zoek_backup
2020-08-31 07:24 - 2020-08-31 07:24 - 012795472 _____ (Zemana Ltd. ) C:\Users\Ziharna\Desktop\AntiMalware_Setup.exe
2020-08-31 07:23 - 2020-08-31 07:23 - 002038755 _____ C:\Users\Ziharna\Desktop\zoek.exe
2020-08-29 22:31 - 2020-08-29 22:31 - 003748870 _____ C:\Users\Ziharna\Downloads\strings.zip
2020-08-28 00:10 - 2020-08-28 00:10 - 004196729 _____ C:\Users\Ziharna\Downloads\R. S. Sharma - 2 knihy - Mnich, který prodal své ferrari, Juliánova cesta aneb putování s Mnichem, který prodal své ferrari(2001-2010)(Cz).zip
2020-08-28 00:10 - 2017-01-09 15:23 - 000212251 _____ C:\Users\Ziharna\Downloads\1. R. S. Sharma - Mnich, který prodal své ferrari.pdb
2020-08-28 00:10 - 2017-01-09 15:22 - 000346108 _____ C:\Users\Ziharna\Downloads\1. R. S. Sharma - Mnich, který prodal své ferrari.mobi
2020-08-28 00:10 - 2017-01-09 15:22 - 000239203 _____ C:\Users\Ziharna\Downloads\1. R. S. Sharma - Mnich, který prodal své ferrari.epub
2020-08-28 00:10 - 2017-01-09 15:21 - 001342830 _____ C:\Users\Ziharna\Downloads\1. R. S. Sharma - Mnich, který prodal své ferrari.pdf
2020-08-28 00:10 - 2017-01-09 15:12 - 000250878 _____ C:\Users\Ziharna\Downloads\2. R. S. Sharma - Juliánova cesta aneb putování s Mnichem, který prodal své ferrari.pdb
2020-08-28 00:10 - 2017-01-09 15:11 - 000414321 _____ C:\Users\Ziharna\Downloads\2. R. S. Sharma - Juliánova cesta aneb putování s Mnichem, který prodal své ferrari.mobi
2020-08-28 00:10 - 2017-01-09 15:11 - 000258562 _____ C:\Users\Ziharna\Downloads\2. R. S. Sharma - Juliánova cesta aneb putování s Mnichem, který prodal své ferrari.epub
2020-08-28 00:10 - 2017-01-09 14:55 - 000997418 _____ C:\Users\Ziharna\Downloads\2. R. S. Sharma - Juliánova cesta aneb putování s Mnichem, který prodal své ferrari.pdf
2020-08-28 00:08 - 2020-08-28 00:08 - 000997418 _____ C:\Users\Ziharna\Downloads\Robin-S.-Sharma---Juliánova-cesta-aneb-putování-s-Mnichem,-který-prodal-své-ferrari..pdf
2020-08-28 00:08 - 2020-08-28 00:08 - 000000000 ____D C:\Users\Ziharna\Downloads\Robin S. Sharma - Mnich, který prodal své ferrari
2020-08-27 21:36 - 2020-08-27 21:36 - 000000000 ____D C:\ProgramData\Sophos
2020-08-27 21:34 - 2020-08-27 21:34 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2020-08-27 21:34 - 2020-08-27 21:34 - 000002759 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2020-08-27 21:34 - 2020-08-27 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2020-08-27 21:34 - 2020-08-27 21:34 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-08-27 19:21 - 2020-08-27 19:25 - 206758184 _____ (Sophos Limited) C:\Users\Ziharna\Downloads\Sophos Virus Removal Tool.exe
2020-08-27 14:16 - 2020-08-27 14:16 - 000001931 _____ C:\Users\Ziharna\Downloads\JRT.txt
2020-08-27 14:06 - 2020-08-27 14:06 - 000001931 _____ C:\Users\Ziharna\Desktop\JRT.txt
2020-08-27 14:01 - 2020-08-27 14:01 - 001790024 _____ (Malwarebytes) C:\Users\Ziharna\Desktop\JRT.exe
2020-08-27 14:01 - 2020-08-27 14:01 - 000001667 _____ C:\Users\Ziharna\Downloads\aaa.txt
2020-08-26 21:55 - 2020-08-26 21:58 - 000000000 ____D C:\AdwCleaner
2020-08-26 21:53 - 2020-08-26 21:53 - 000000000 ____D C:\Users\Ziharna\AppData\Local\Adobe
2020-08-26 21:44 - 2020-08-26 21:44 - 008414384 _____ (Malwarebytes) C:\Users\Ziharna\Desktop\adwcleaner_8.0.7.exe
2020-08-26 21:43 - 2020-08-26 21:43 - 000448512 _____ (OldTimer Tools) C:\Users\Ziharna\Downloads\TFC.exe
2020-08-26 21:43 - 2020-08-26 21:43 - 000050688 _____ (Atribune.org) C:\Users\Ziharna\Downloads\ATF-Cleaner.exe
2020-08-26 14:55 - 2020-08-26 14:55 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-08-26 14:55 - 2020-08-26 14:55 - 000000858 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2020-08-26 14:55 - 2020-08-26 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-08-26 14:55 - 2020-08-26 14:55 - 000000000 ____D C:\Program Files\RogueKiller
2020-08-26 14:53 - 2020-08-26 14:54 - 040337176 _____ (Adlice Software ) C:\Users\Ziharna\Downloads\RogueKiller_setup.exe
2020-08-25 13:36 - 2020-08-25 13:37 - 000388608 _____ (Trend Micro Inc.) C:\Users\Ziharna\Downloads\hijackthis.exe
2020-08-25 08:18 - 2020-08-25 08:26 - 000000000 ____D C:\elsawin2013
2020-08-25 07:21 - 2020-09-02 07:42 - 000000000 ____D C:\Users\Ziharna\AppData\LocalLow\IGDump
2020-08-25 07:20 - 2020-08-25 07:20 - 000000000 ____D C:\Users\Ziharna\AppData\Local\mbam
2020-08-25 07:19 - 2020-08-25 07:19 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-25 07:19 - 2020-08-25 07:19 - 000001775 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-25 07:19 - 2020-08-25 07:19 - 000001763 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-25 07:19 - 2020-08-25 07:19 - 000001763 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-08-25 07:19 - 2020-08-25 07:18 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-25 07:18 - 2020-08-25 07:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-25 07:17 - 2020-09-02 21:30 - 000000000 ____D C:\Program Files\Malwarebytes
2020-08-23 21:58 - 2020-08-23 21:58 - 000001116 _____ C:\Users\Ziharna\_readme.txt
2020-08-23 21:57 - 2020-08-23 21:58 - 000000000 ____D C:\Users\Ziharna\AppData\LocalLow\3098htrhpen8ifg0
2020-08-23 21:56 - 2020-08-23 22:11 - 000000000 ____D C:\Windows\SysWOW64\denmepax
2020-08-23 21:56 - 2020-08-23 21:56 - 000000000 ____D C:\SystemID
2020-08-23 00:10 - 2020-08-23 00:10 - 000000000 ____D C:\Users\Ziharna\Downloads\seattoledo-manual
2020-08-18 14:50 - 2020-08-18 14:50 - 000107784 _____ (GridinSoft LLC) C:\Windows\system32\Drivers\gsInetSecurity.sys
2020-08-18 14:50 - 2020-08-18 14:50 - 000038216 _____ (GridinSoft LLC) C:\Windows\system32\Drivers\gtkdrv.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-02 12:25 - 2020-05-31 18:16 - 000000000 ____D C:\ProgramData\NVIDIA
2020-09-02 07:30 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-09-02 07:30 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-09-02 07:21 - 2020-06-09 21:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-09-02 07:20 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-09-01 23:23 - 2019-04-07 06:11 - 000000000 ____D C:\Users\Public\Documents\Pinnacle
2020-09-01 23:23 - 2019-04-07 06:11 - 000000000 ____D C:\ProgramData\Documents\Pinnacle
2020-09-01 23:23 - 2019-04-03 16:33 - 000000000 ____D C:\programy
2020-08-31 10:43 - 2019-04-04 22:13 - 000000000 ____D C:\Users\Ziharna\AppData\Roaming\uTorrent
2020-08-31 07:53 - 2019-06-06 15:50 - 000000008 __RSH C:\ProgramData\ntuser.pol
2020-08-31 07:47 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-08-31 07:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2020-08-29 22:03 - 2019-11-06 10:44 - 000000000 ____D C:\Users\Ziharna\AppData\Roaming\Notepad++
2020-08-28 00:30 - 2020-07-16 14:27 - 000000000 ____D C:\Users\Ziharna\Downloads\Martin Svatba Faruga
2020-08-26 14:09 - 2019-10-24 05:30 - 000000000 ____D C:\Windows\pss
2020-08-26 13:54 - 2019-04-03 16:00 - 000000000 ____D C:\Users\Ziharna\AppData\Local\VirtualStore
2020-08-25 07:19 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-08-25 06:49 - 2020-06-09 21:13 - 000000000 ____D C:\Users\Ziharna\AppData\Roaming\TeamViewer
2020-08-24 04:48 - 2019-04-03 16:27 - 000000000 ____D C:\Users\Ziharna\AppData\Roaming\vlc
2020-08-23 22:36 - 2010-11-21 11:27 - 000668640 _____ C:\Windows\system32\perfh005.dat
2020-08-23 22:36 - 2010-11-21 11:27 - 000141300 _____ C:\Windows\system32\perfc005.dat
2020-08-23 22:36 - 2009-07-14 07:13 - 001583642 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-23 22:26 - 2019-04-03 16:02 - 000000000 ____D C:\Users\Ziharna\AppData\Local\Google
2020-08-23 22:00 - 2019-10-28 18:57 - 000000482 _____ C:\Users\Ziharna\GrblController.log.boop
2020-08-23 22:00 - 2019-04-03 15:59 - 000000000 ____D C:\Users\Ziharna
2020-08-20 18:48 - 2019-04-03 16:02 - 000000000 ____D C:\Program Files (x86)\Google
2020-08-20 00:45 - 2020-05-31 21:05 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-08-20 00:45 - 2020-05-31 21:05 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-08-20 00:45 - 2019-04-03 16:03 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories ========

2019-08-19 08:16 - 2019-09-04 09:03 - 000033661 _____ () C:\Users\Ziharna\AppData\Roaming\downloads.json
2019-12-18 02:58 - 2019-12-18 02:58 - 000000882 _____ () C:\Users\Ziharna\AppData\Local\recently-used.xbel
2019-11-13 00:11 - 2020-07-18 05:48 - 000007605 _____ () C:\Users\Ziharna\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-25 00:46
==================== End of FRST.txt ========================

Reklama
bobr.cz
Level 2
Level 2
Příspěvky: 230
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirované PC - pomoc s odvirováním

Příspěvekod bobr.cz » 03 zář 2020 00:00

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2020
Ran by Ziharna (administrator) on ZIHARNA-PC (LENOVO 7484W6F) (02-09-2020 23:54:35)
Running from C:\Users\Ziharna\Desktop
Loaded Profiles: Ziharna
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [27775672 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\...\Run: [Steam] => "C:\programy\Steam\steam.exe" -silent
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\...\Policies\Explorer: []
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.135\Installer\chrmstp.exe [2020-08-20] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11B5A0BB-56C4-4030-AF9D-692473EB94BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [23571128 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1B3DF706-BAFA-4E5F-A7E5-ACDDD38E022C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {23204E7E-E022-4F8F-8DB7-D341D792F9F8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [469952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {29DBE9AF-C9BE-467B-B8EC-1C237EF49526} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [976832 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {327FFDAE-955B-4392-BED0-D2BBB9F406EF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2069952 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {768D07EA-2E13-4499-8F30-9D367F1130EE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [757184 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7DBC8897-13D0-4EFF-AE97-F3B5471948DD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [662464 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7DC9206D-0AC3-4DD7-B2D3-12B4DE516E68} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1179648 2019-04-16] () [File not signed]
Task: {80C76656-9C98-4B3F-B114-1A60CBBFC273} - System32\Tasks\{9A32986E-6E87-4122-9F6F-3161DE55706E} => C:\Windows\system32\pcalua.exe -a "C:\programy\Stronghold Legends\GameuxInstall.exe" -d "C:\programy\Stronghold Legends"
Task: {816B2E9E-1D98-4222-9675-245A5EF1F5D7} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8A5F7543-D364-4A63-845F-0E2E88C43EEE} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [658808 2020-07-29] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {90969E64-7099-4AA3-859A-BB090174E427} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {AB857D2D-D83B-4910-96EC-51928CFECA7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {C4EB1CE0-ED6E-40D8-BD6C-0D03843AB8F7} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [510912 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE6FC058-8977-4087-B813-59EADBF19C60} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D94215ED-9B10-4DDB-A53E-8B0DC1A34E44} - System32\Tasks\AdobeAAMUpdater-1.0-Ziharna-PC-Ziharna => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {E03709DB-7828-45E5-BAE7-18E417094F14} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe [24173480 2020-08-26] (GridinSoft, LLC -> Gridinsoft LLC)
Task: {FBDCE1A9-6049-4AAD-9FC5-010AEB620114} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-24] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{49EA9F4A-9E18-41BA-91C1-71AEBF4A301D}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{EA36C962-446D-4F78-BF8F-9EF002477001}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-711302050-3009418862-4191154230-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_251\bin\ssv.dll [2020-05-13] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_251\bin\jp2ssv.dll [2020-05-13] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\dtplugin\npDeployJava1.dll [2020-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.251.2 -> C:\Program Files\Java\jre1.8.0_251\bin\plugin2\npjp2.dll [2020-05-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Ziharna\AppData\Local\Google\Chrome\User Data\Default [2020-09-02]
CHR Extension: (McAfee® Web Boost) - C:\Users\Ziharna\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekeajafkkpokaofllcadenjdckhinm [2020-08-31]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ziharna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-08-31]
CHR Extension: (Chrome Media Router) - C:\Users\Ziharna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-08-31]
CHR HKLM\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]
CHR HKLM-x32\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 GameforgeClientService; C:\Program Files (x86)\GameforgeClient\gfservice.exe [529568 2020-03-04] (Gameforge 4D GmbH -> )
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\MBAMService.exe [7138296 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13599288 2020-08-24] (Adlice -> )
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13088784 2020-05-25] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\Windows\system32\drivers\amsdk.sys [232792 2020-08-31] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
S3 DLPortIO; C:\Windows\SysWOW64\DRIVERS\DLPortIO.SYS [3584 2000-06-29] () [File not signed]
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2019-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2019-04-04] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 GridinSoftInetSecurityDriver; C:\Windows\System32\DRIVERS\gsInetSecurity.sys [107784 2020-08-18] (GridinSoft, LLC -> GridinSoft LLC)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2019-10-13] (Red Fox UK Limited -> Highresolution Enterprises [www.highrez.co.uk])
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Pinnacle Systems GmbH)
S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-25] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R1 MpKslDrv; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7405357-EABF-44B3-B367-7F3EE2AE2F63}\MpKslDrv.sys [78056 2020-09-02] (Microsoft Windows -> Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2005-01-21] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [393880 2019-04-07] (Disc Soft Ltd -> Duplex Secure Ltd.)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [38216 2020-08-18] (GridinSoft, LLC -> GridinSoft LLC)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [31920 2018-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R1 WinRing0_1_2_0; C:\Program Files (x86)\EVGA\WinRing0\WinRing0x64.sys [14536 2019-06-24] (EVGA -> OpenLibSys.org)
U3 a2thwwq1; C:\Windows\System32\Drivers\a2thwwq1.sys [0 0000-00-00] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U3 ahb42i4f; no ImagePath
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-02 23:54 - 2020-09-02 23:55 - 000015500 _____ C:\Users\Ziharna\Desktop\FRST.txt
2020-09-02 23:54 - 2020-09-02 23:55 - 000000000 ____D C:\FRST
2020-09-02 23:51 - 2020-09-02 23:51 - 002298880 _____ (Farbar) C:\Users\Ziharna\Desktop\FRST64.exe
2020-09-01 22:43 - 2020-09-01 22:43 - 000000000 ____D C:\Users\Ziharna\Downloads\emsisoft_decrypter
2020-09-01 22:36 - 2020-09-01 22:42 - 058286335 _____ C:\Users\Ziharna\Downloads\emsisoft_decrypter.zip
2020-09-01 22:34 - 2020-09-01 22:34 - 000000000 ____D C:\Users\Ziharna\Downloads\backups
2020-08-31 10:47 - 2020-08-31 10:48 - 011029532 _____ C:\Users\Ziharna\Downloads\asetup_gridinsoft-anti-malware-4.1_9005953902550.zip
2020-08-31 10:21 - 2020-09-02 07:21 - 000003236 _____ C:\Windows\system32\Tasks\GridinSoft Anti-Malware
2020-08-31 10:21 - 2020-08-31 10:42 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
2020-08-31 10:21 - 2020-08-31 10:21 - 000000893 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
2020-08-31 10:21 - 2020-08-31 10:21 - 000000893 _____ C:\ProgramData\Desktop\GridinSoft Anti-Malware.lnk
2020-08-31 10:21 - 2020-08-31 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2020-08-31 10:21 - 2020-08-31 10:21 - 000000000 ____D C:\ProgramData\GridinSoft
2020-08-31 10:19 - 2020-08-31 10:19 - 000989584 _____ (GridinSoft LLC) C:\Users\Ziharna\Downloads\install-antimalware-fix.exe
2020-08-31 08:05 - 2020-09-02 23:55 - 000172158 _____ C:\Windows\ZAM.krnl.trace
2020-08-31 08:05 - 2020-08-31 08:05 - 000232792 _____ (Copyright 2018.) C:\Windows\system32\Drivers\amsdk.sys
2020-08-31 08:05 - 2020-08-31 08:05 - 000003478 _____ C:\Windows\system32\Tasks\AMHelper
2020-08-31 08:05 - 2020-08-31 08:05 - 000001256 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2020-08-31 08:05 - 2020-08-31 08:05 - 000001256 _____ C:\ProgramData\Desktop\Zemana AntiMalware.lnk
2020-08-31 08:05 - 2020-08-31 08:05 - 000000000 ____D C:\Users\Ziharna\AppData\Local\Zemana
2020-08-31 08:05 - 2020-08-31 08:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2020-08-31 08:05 - 2020-08-31 08:05 - 000000000 ____D C:\Program Files (x86)\Zemana
2020-08-31 08:04 - 2020-08-31 08:05 - 000000000 ____D C:\Users\Ziharna\AppData\Local\AMSDK
2020-08-31 07:51 - 2014-02-13 23:59 - 000024064 _____ C:\Windows\zoek-delete.exe
2020-08-31 07:26 - 2020-08-31 07:47 - 000000000 ____D C:\zoek_backup
2020-08-31 07:24 - 2020-08-31 07:24 - 012795472 _____ (Zemana Ltd. ) C:\Users\Ziharna\Desktop\AntiMalware_Setup.exe
2020-08-31 07:23 - 2020-08-31 07:23 - 002038755 _____ C:\Users\Ziharna\Desktop\zoek.exe
2020-08-29 22:31 - 2020-08-29 22:31 - 003748870 _____ C:\Users\Ziharna\Downloads\strings.zip
2020-08-28 00:10 - 2020-08-28 00:10 - 004196729 _____ C:\Users\Ziharna\Downloads\R. S. Sharma - 2 knihy - Mnich, který prodal své ferrari, Juliánova cesta aneb putování s Mnichem, který prodal své ferrari(2001-2010)(Cz).zip
2020-08-28 00:10 - 2017-01-09 15:23 - 000212251 _____ C:\Users\Ziharna\Downloads\1. R. S. Sharma - Mnich, který prodal své ferrari.pdb
2020-08-28 00:10 - 2017-01-09 15:22 - 000346108 _____ C:\Users\Ziharna\Downloads\1. R. S. Sharma - Mnich, který prodal své ferrari.mobi
2020-08-28 00:10 - 2017-01-09 15:22 - 000239203 _____ C:\Users\Ziharna\Downloads\1. R. S. Sharma - Mnich, který prodal své ferrari.epub
2020-08-28 00:10 - 2017-01-09 15:21 - 001342830 _____ C:\Users\Ziharna\Downloads\1. R. S. Sharma - Mnich, který prodal své ferrari.pdf
2020-08-28 00:10 - 2017-01-09 15:12 - 000250878 _____ C:\Users\Ziharna\Downloads\2. R. S. Sharma - Juliánova cesta aneb putování s Mnichem, který prodal své ferrari.pdb
2020-08-28 00:10 - 2017-01-09 15:11 - 000414321 _____ C:\Users\Ziharna\Downloads\2. R. S. Sharma - Juliánova cesta aneb putování s Mnichem, který prodal své ferrari.mobi
2020-08-28 00:10 - 2017-01-09 15:11 - 000258562 _____ C:\Users\Ziharna\Downloads\2. R. S. Sharma - Juliánova cesta aneb putování s Mnichem, který prodal své ferrari.epub
2020-08-28 00:10 - 2017-01-09 14:55 - 000997418 _____ C:\Users\Ziharna\Downloads\2. R. S. Sharma - Juliánova cesta aneb putování s Mnichem, který prodal své ferrari.pdf
2020-08-28 00:08 - 2020-08-28 00:08 - 000997418 _____ C:\Users\Ziharna\Downloads\Robin-S.-Sharma---Juliánova-cesta-aneb-putování-s-Mnichem,-který-prodal-své-ferrari..pdf
2020-08-28 00:08 - 2020-08-28 00:08 - 000000000 ____D C:\Users\Ziharna\Downloads\Robin S. Sharma - Mnich, který prodal své ferrari
2020-08-27 21:36 - 2020-08-27 21:36 - 000000000 ____D C:\ProgramData\Sophos
2020-08-27 21:34 - 2020-08-27 21:34 - 000002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2020-08-27 21:34 - 2020-08-27 21:34 - 000002759 _____ C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2020-08-27 21:34 - 2020-08-27 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2020-08-27 21:34 - 2020-08-27 21:34 - 000000000 ____D C:\Program Files (x86)\Sophos
2020-08-27 19:21 - 2020-08-27 19:25 - 206758184 _____ (Sophos Limited) C:\Users\Ziharna\Downloads\Sophos Virus Removal Tool.exe
2020-08-27 14:16 - 2020-08-27 14:16 - 000001931 _____ C:\Users\Ziharna\Downloads\JRT.txt
2020-08-27 14:06 - 2020-08-27 14:06 - 000001931 _____ C:\Users\Ziharna\Desktop\JRT.txt
2020-08-27 14:01 - 2020-08-27 14:01 - 001790024 _____ (Malwarebytes) C:\Users\Ziharna\Desktop\JRT.exe
2020-08-27 14:01 - 2020-08-27 14:01 - 000001667 _____ C:\Users\Ziharna\Downloads\aaa.txt
2020-08-26 21:55 - 2020-08-26 21:58 - 000000000 ____D C:\AdwCleaner
2020-08-26 21:53 - 2020-08-26 21:53 - 000000000 ____D C:\Users\Ziharna\AppData\Local\Adobe
2020-08-26 21:44 - 2020-08-26 21:44 - 008414384 _____ (Malwarebytes) C:\Users\Ziharna\Desktop\adwcleaner_8.0.7.exe
2020-08-26 21:43 - 2020-08-26 21:43 - 000448512 _____ (OldTimer Tools) C:\Users\Ziharna\Downloads\TFC.exe
2020-08-26 21:43 - 2020-08-26 21:43 - 000050688 _____ (Atribune.org) C:\Users\Ziharna\Downloads\ATF-Cleaner.exe
2020-08-26 14:55 - 2020-08-26 14:55 - 000000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2020-08-26 14:55 - 2020-08-26 14:55 - 000000858 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2020-08-26 14:55 - 2020-08-26 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2020-08-26 14:55 - 2020-08-26 14:55 - 000000000 ____D C:\Program Files\RogueKiller
2020-08-26 14:53 - 2020-08-26 14:54 - 040337176 _____ (Adlice Software ) C:\Users\Ziharna\Downloads\RogueKiller_setup.exe
2020-08-25 13:36 - 2020-08-25 13:37 - 000388608 _____ (Trend Micro Inc.) C:\Users\Ziharna\Downloads\hijackthis.exe
2020-08-25 08:18 - 2020-08-25 08:26 - 000000000 ____D C:\elsawin2013
2020-08-25 07:21 - 2020-09-02 07:42 - 000000000 ____D C:\Users\Ziharna\AppData\LocalLow\IGDump
2020-08-25 07:20 - 2020-08-25 07:20 - 000000000 ____D C:\Users\Ziharna\AppData\Local\mbam
2020-08-25 07:19 - 2020-08-25 07:19 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-25 07:19 - 2020-08-25 07:19 - 000001775 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-25 07:19 - 2020-08-25 07:19 - 000001763 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-25 07:19 - 2020-08-25 07:19 - 000001763 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-08-25 07:19 - 2020-08-25 07:18 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-25 07:18 - 2020-08-25 07:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-25 07:17 - 2020-09-02 21:30 - 000000000 ____D C:\Program Files\Malwarebytes
2020-08-23 21:58 - 2020-08-23 21:58 - 000001116 _____ C:\Users\Ziharna\_readme.txt
2020-08-23 21:57 - 2020-08-23 21:58 - 000000000 ____D C:\Users\Ziharna\AppData\LocalLow\3098htrhpen8ifg0
2020-08-23 21:56 - 2020-08-23 22:11 - 000000000 ____D C:\Windows\SysWOW64\denmepax
2020-08-23 21:56 - 2020-08-23 21:56 - 000000000 ____D C:\SystemID
2020-08-23 00:10 - 2020-08-23 00:10 - 000000000 ____D C:\Users\Ziharna\Downloads\seattoledo-manual
2020-08-18 14:50 - 2020-08-18 14:50 - 000107784 _____ (GridinSoft LLC) C:\Windows\system32\Drivers\gsInetSecurity.sys
2020-08-18 14:50 - 2020-08-18 14:50 - 000038216 _____ (GridinSoft LLC) C:\Windows\system32\Drivers\gtkdrv.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-09-02 12:25 - 2020-05-31 18:16 - 000000000 ____D C:\ProgramData\NVIDIA
2020-09-02 07:30 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-09-02 07:30 - 2009-07-14 06:45 - 000026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-09-02 07:21 - 2020-06-09 21:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-09-02 07:20 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-09-01 23:23 - 2019-04-07 06:11 - 000000000 ____D C:\Users\Public\Documents\Pinnacle
2020-09-01 23:23 - 2019-04-07 06:11 - 000000000 ____D C:\ProgramData\Documents\Pinnacle
2020-09-01 23:23 - 2019-04-03 16:33 - 000000000 ____D C:\programy
2020-08-31 10:43 - 2019-04-04 22:13 - 000000000 ____D C:\Users\Ziharna\AppData\Roaming\uTorrent
2020-08-31 07:53 - 2019-06-06 15:50 - 000000008 __RSH C:\ProgramData\ntuser.pol
2020-08-31 07:47 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-08-31 07:47 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2020-08-29 22:03 - 2019-11-06 10:44 - 000000000 ____D C:\Users\Ziharna\AppData\Roaming\Notepad++
2020-08-28 00:30 - 2020-07-16 14:27 - 000000000 ____D C:\Users\Ziharna\Downloads\Martin Svatba Faruga
2020-08-26 14:09 - 2019-10-24 05:30 - 000000000 ____D C:\Windows\pss
2020-08-26 13:54 - 2019-04-03 16:00 - 000000000 ____D C:\Users\Ziharna\AppData\Local\VirtualStore
2020-08-25 07:19 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-08-25 06:49 - 2020-06-09 21:13 - 000000000 ____D C:\Users\Ziharna\AppData\Roaming\TeamViewer
2020-08-24 04:48 - 2019-04-03 16:27 - 000000000 ____D C:\Users\Ziharna\AppData\Roaming\vlc
2020-08-23 22:36 - 2010-11-21 11:27 - 000668640 _____ C:\Windows\system32\perfh005.dat
2020-08-23 22:36 - 2010-11-21 11:27 - 000141300 _____ C:\Windows\system32\perfc005.dat
2020-08-23 22:36 - 2009-07-14 07:13 - 001583642 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-23 22:26 - 2019-04-03 16:02 - 000000000 ____D C:\Users\Ziharna\AppData\Local\Google
2020-08-23 22:00 - 2019-10-28 18:57 - 000000482 _____ C:\Users\Ziharna\GrblController.log.boop
2020-08-23 22:00 - 2019-04-03 15:59 - 000000000 ____D C:\Users\Ziharna
2020-08-20 18:48 - 2019-04-03 16:02 - 000000000 ____D C:\Program Files (x86)\Google
2020-08-20 00:45 - 2020-05-31 21:05 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-08-20 00:45 - 2020-05-31 21:05 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-08-20 00:45 - 2019-04-03 16:03 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories ========

2019-08-19 08:16 - 2019-09-04 09:03 - 000033661 _____ () C:\Users\Ziharna\AppData\Roaming\downloads.json
2019-12-18 02:58 - 2019-12-18 02:58 - 000000882 _____ () C:\Users\Ziharna\AppData\Local\recently-used.xbel
2019-11-13 00:11 - 2020-07-18 05:48 - 000007605 _____ () C:\Users\Ziharna\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-08-25 00:46
==================== End of FRST.txt ========================

bobr.cz
Level 2
Level 2
Příspěvky: 230
Registrován: srpen 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Zavirované PC - pomoc s odvirováním

Příspěvekod bobr.cz » 03 zář 2020 00:01

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-08-2020
Ran by Ziharna (02-09-2020 23:56:05)
Running from C:\Users\Ziharna\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2019-04-03 13:59:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-711302050-3009418862-4191154230-500 - Administrator - Disabled)
Guest (S-1-5-21-711302050-3009418862-4191154230-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-711302050-3009418862-4191154230-1002 - Limited - Enabled)
Ziharna (S-1-5-21-711302050-3009418862-4191154230-1000 - Administrator - Enabled) => C:\Users\Ziharna

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Autodesk Genuine Service (HKLM-x32\...\{317D67F2-9027-4E85-9ED1-ADF4D765AE02}) (Version: 3.0.11 - Autodesk)
balenaEtcher 1.5.81 (HKU\S-1-5-21-711302050-3009418862-4191154230-1000\...\{d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b}) (Version: 1.5.81 - Balena Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.73.1084 - AB Team, d.o.o.)
Car Mechanic Simulator 2018 Mercedes Benz (HKLM-x32\...\Car Mechanic Simulator 2018 Mercedes Benz_is1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.66 - Piriform)
CrystalDiskInfo 8.5.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.5.2 - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.1001 - Disc Soft Ltd)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
EAGLE 9.5.1 (HKLM\...\{AUTODESK-EAGLE-9-5-1}_is1) (Version: 9.5.1 - Autodesk, Inc.)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS)
FARO LS 1.1.700.0 (64bit) (HKLM-x32\...\{FF6E9382-0B85-48DE-888F-76EFD9A87038}) (Version: 7.0.0.23 - FARO Scanner Production)
FreeCAD 0.18.4 (HKLM\...\FreeCAD0184) (Version: 0.18.4 - FreeCAD Team)
Gameforge Client (HKLM-x32\...\{d3b2a0c1-f0d0-4888-ae0b-1c5e1febdafb}_is1) (Version: 2.0.53.127 - Gameforge)
GIMP 2.10.14 (HKLM\...\GIMP-2_is1) (Version: 2.10.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.135 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 4.1.58 - Gridinsoft LLC)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 251 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180251F0}) (Version: 8.0.2510.8 - Oracle Corporation)
K-Lite Codec Pack 14.9.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.9.0 - KLCP)
Knoll Light Factory EZ Studio 15 (HKLM-x32\...\Knoll Light Factory EZ Studio 15) (Version: - )
Magic Bullet Looks Studio 15 (HKLM-x32\...\Magic Bullet Looks Studio 15) (Version: - )
Malwarebytes version 4.2.0.82 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.2.0.82 - Malwarebytes)
MAXtoA for 3ds Max 2020 (HKLM\...\{78DCBB3E-D0F1-4471-985A-6695707E93A7}) (Version: 2.4.43.0 - Solid Angle)
Metin2 cs-CZ (HKLM-x32\...\{fab180a3-cd65-4b7e-bd0e-2ef77fd0c258.cs-CZ}) (Version: - Gameforge)
Microsoft .NET Core SDK 2.1.701 (x64) (HKLM-x32\...\{016b678e-a57a-496c-97cb-5d6b7916ed2f}) (Version: 2.1.701 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{52EBC484-44A1-4DC5-824A-0A503735ABD8}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.21.27702 (HKLM-x32\...\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (HKLM-x32\...\{49697869-be8e-427d-81a0-c334d1d14950}) (Version: 14.21.27702.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mikroC PRO for AVR (remove only) (HKLM-x32\...\mikroC PRO for AVR) (Version: 7.0.1.0 - mikroElektronika)
MTG Arena (HKLM-x32\...\{7E354BD2-3887-4E89-902C-A8A5A4C28D0B}) (Version: 0.1.1699 - Wizards of the Coast)
Need for Speed Most Wanted Modded verze 1.3 (HKLM-x32\...\{1DD6C8AA-3DF8-480D-BD74-B1108197A60A}_is1) (Version: 1.3 - Mlcik)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.8.1 - Notepad++ Team)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Ovladač řídící jednotky 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Ovládací panel NVIDIA 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.44 - NVIDIA Corporation) Hidden
Ovladače videa společnosti Pinnacle (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Oxygen Not Included Automation Pack (HKLM-x32\...\Oxygen Not Included Automation Pack_is1) (Version: - )
PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Studio 15 Ultimate Collection Plugins (HKLM-x32\...\{BC7BED89-618B-4E89-8ADF-75D47F276223}) (Version: 15.0.0.7593 - Pinnacle Systems)
PokerStars.cz (HKLM-x32\...\PokerStars.cz) (Version: - PokerStars.cz)
PonyProg2000 v2.08d (HKLM-x32\...\PonyProg2000_is1) (Version: 2.08d - LancOS)
Proteus 8 Professional (HKLM-x32\...\{434405BD-3633-4768-8224-40AFAFE3A9C1}) (Version: 8.9.27865.0 - Labcenter Electronics)
Red Giant ToonIt Studio 15 (HKLM-x32\...\Red Giant ToonIt Studio 15) (Version: - )
RogueKiller version 14.7.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.7.0.0 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.7.0 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.6.7 - TeamViewer)
Total Uninstall 6.27.1 (HKLM\...\Total Uninstall 6_is1) (Version: 6.27.1 - Gavrila Martau)
Trapcode 3DStroke Studio 15 (HKLM-x32\...\Trapcode 3DStroke Studio 15) (Version: - )
Trapcode Particular Studio (HKLM-x32\...\Trapcode Particular Studio) (Version: - )
Trapcode Shine Studio 15 (HKLM-x32\...\Trapcode Shine Studio 15) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vortex (HKLM\...\57979c68-f490-55b8-8fed-8b017a5af2fe) (Version: 1.1.5 - Black Tree Gaming Ltd.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinToUSB verze 5.1 (HKLM\...\WinToUSB_is1) (Version: 5.1 - Hasleo Software.)
Wreckfest v.1.233553(v20181221) (HKLM-x32\...\Wreckfest_is1) (Version: - )
Zemana AntiMalware verze 3.2.27 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.27 - Zemana)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2019-10-28] (Notepad++ -> )
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-08-26] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\programy\Alcohol 120\AxShlex.dll -> No File
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\programy\Alcohol 120\AxShlEx64.dll -> No File
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-08-26] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-12-17] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\mbshlext.dll [2020-08-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-08-26] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-02-04] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2020-07-29] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2020-08-26] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\mbshlext.dll [2020-08-25] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Ziharna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=2&aff_sub2=87WVNoe1kDWHtuJBip7KRNeipxkxKh55xGpbfBQisS3k1zwt5NA77XipJgAAAMOFpHAie&click_id=79627482fa8ceac0bb1a2e929406193d105348ef --app-window-size=1680,1050
ShortcutWithArgument: C:\Users\Ziharna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\gcode-sender.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ngncibnakmabjlfpadjagnbdjbhoelom

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: EAGLESCR => "C:\programy\vojta\EAGLE 9.5.1\eagle.exe" -C "" "%1" <==== ATTENTION
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2020-09-01 22:34 - 000000813 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Pinnacle\Shared Files\;C:\Program Files\dotnet\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ziharna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{6A0A5896-DB2B-44A2-9EA3-CEF915D9193F}C:\users\ziharna\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ziharna\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{0A3CBB6C-C457-4F6B-9D29-304F59D4E055}C:\users\ziharna\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ziharna\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{6ADA187D-4775-4700-8143-3A5EFDD63D91}] => (Allow) C:\programy\Pinnacle\Programs\RM.exe => No File
FirewallRules: [{64D433AE-ABC6-4273-BA9C-2B68E95C88C9}] => (Allow) C:\programy\Pinnacle\Programs\RM.exe => No File
FirewallRules: [{2DE1D714-21B1-48D3-A966-90C5AA329653}] => (Allow) C:\programy\Pinnacle\Programs\Studio.exe => No File
FirewallRules: [{8999F397-45E3-4121-A77C-2F85D7872AC8}] => (Allow) C:\programy\Pinnacle\Programs\Studio.exe => No File
FirewallRules: [{D9D8D6DD-4D15-4CD9-BDB6-61ABD6700EC1}] => (Allow) C:\programy\Pinnacle\Programs\umi.exe => No File
FirewallRules: [{7A422D52-7E37-4336-93B5-FAC28013D199}] => (Allow) C:\programy\Pinnacle\Programs\umi.exe => No File
FirewallRules: [TCP Query User{329F1F69-24ED-4A28-A608-D1F750763448}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{3CE26863-E837-4D5C-9F46-BBB012384F1A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{4F2F4567-A354-4021-B61C-15B74E750B4C}] => (Allow) C:\programy\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [{700946FB-639A-4377-825C-4BFE56DDB131}] => (Allow) C:\programy\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe (Take-Two Interactive Software, Inc. -> )
FirewallRules: [TCP Query User{3301EE39-6280-45DF-BC1B-599CEC4C9756}F:\michal\michal - hry\warcraft iii\war3.exe] => (Allow) F:\michal\michal - hry\warcraft iii\war3.exe => No File
FirewallRules: [UDP Query User{0C165861-36B9-4A5B-943E-B83B8BF0F982}F:\michal\michal - hry\warcraft iii\war3.exe] => (Allow) F:\michal\michal - hry\warcraft iii\war3.exe => No File
FirewallRules: [TCP Query User{39754A7E-D2F6-491F-9A13-32947D257877}F:\michal\mtga\mtga.exe] => (Allow) F:\michal\mtga\mtga.exe => No File
FirewallRules: [UDP Query User{0FC47E18-2070-4F86-9291-42A1C4F67860}F:\michal\mtga\mtga.exe] => (Allow) F:\michal\mtga\mtga.exe => No File
FirewallRules: [TCP Query User{E1027713-E89F-4224-9B14-CAAF8DE06ECC}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Block) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{E59C39E1-CF28-472A-A17C-3BCBBA6A25F3}C:\program files (x86)\wizards of the coast\mtga\mtga.exe] => (Block) C:\program files (x86)\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [TCP Query User{9FC70700-1180-4763-91A5-C004FB24999D}C:\programy\vojta\farming simulator 19\x64\farmingsimulator2019game.exe] => (Allow) C:\programy\vojta\farming simulator 19\x64\farmingsimulator2019game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [UDP Query User{9D6F7E54-5FFD-462E-BA2D-C13E767099C5}C:\programy\vojta\farming simulator 19\x64\farmingsimulator2019game.exe] => (Allow) C:\programy\vojta\farming simulator 19\x64\farmingsimulator2019game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{44200C20-941D-4E06-BC1E-207A1573103F}] => (Allow) C:\Program Files (x86)\Labcenter Electronics\Proteus 8 Professional\BIN\PDS.EXE () [File not signed]
FirewallRules: [{AA2D654D-929F-4E34-A38D-826749DE7CFD}] => (Allow) C:\Program Files (x86)\Labcenter Electronics\Proteus 8 Professional\BIN\PDS.EXE () [File not signed]
FirewallRules: [{0D8D8B96-6E86-4984-8DF7-A0818F0BFD7A}] => (Allow) C:\Program Files (x86)\Labcenter Electronics\Proteus 8 Professional\BIN\PDS.EXE () [File not signed]
FirewallRules: [{045E7411-9E50-416C-8CBF-EE6B278F88A1}] => (Allow) C:\Program Files (x86)\Labcenter Electronics\Proteus 8 Professional\BIN\PDS.EXE () [File not signed]
FirewallRules: [{43710374-D2BC-4ED0-BE3A-1D0AA4773EE9}] => (Allow) C:\Program Files (x86)\Labcenter Electronics\Proteus 8 Professional\BIN\PYPROC.EXE () [File not signed]
FirewallRules: [{BB257FF9-1118-4EDC-B382-49E7CFBA4BBB}] => (Allow) C:\Program Files (x86)\Labcenter Electronics\Proteus 8 Professional\BIN\PYPROC.EXE () [File not signed]
FirewallRules: [{F57DCF55-D923-451F-9981-8122CA94D8CC}] => (Allow) C:\Program Files (x86)\Labcenter Electronics\Proteus 8 Professional\BIN\PDS.EXE () [File not signed]
FirewallRules: [{C1122646-31A4-4A83-989D-A782FA86AA43}] => (Allow) C:\Program Files (x86)\Labcenter Electronics\Proteus 8 Professional\BIN\PDS.EXE () [File not signed]
FirewallRules: [TCP Query User{6D04C200-5999-4B25-BAA6-86A5A6B48614}C:\programy\vojta\mikroc pro for avr\tools\udp terminal\udpterminal.exe] => (Block) C:\programy\vojta\mikroc pro for avr\tools\udp terminal\udpterminal.exe () [File not signed]
FirewallRules: [UDP Query User{C65CC41E-B159-41DF-AE49-1A9B0E854205}C:\programy\vojta\mikroc pro for avr\tools\udp terminal\udpterminal.exe] => (Block) C:\programy\vojta\mikroc pro for avr\tools\udp terminal\udpterminal.exe () [File not signed]
FirewallRules: [TCP Query User{71CCFA32-AEE6-45EA-8384-25F9AB9237B5}F:\michal\michal - hry\di\dead island\deadislandgame.exe] => (Block) F:\michal\michal - hry\di\dead island\deadislandgame.exe => No File
FirewallRules: [UDP Query User{F7955049-B489-4979-AB13-C8FDD149850D}F:\michal\michal - hry\di\dead island\deadislandgame.exe] => (Block) F:\michal\michal - hry\di\dead island\deadislandgame.exe => No File
FirewallRules: [TCP Query User{D2903E35-48AE-41B1-B008-65874107992C}C:\program files (x86)\need for speed most wanted modded\speed.exe] => (Block) C:\program files (x86)\need for speed most wanted modded\speed.exe () [File not signed]
FirewallRules: [UDP Query User{9E78AEBA-587E-417F-AC81-921D9C3A3996}C:\program files (x86)\need for speed most wanted modded\speed.exe] => (Block) C:\program files (x86)\need for speed most wanted modded\speed.exe () [File not signed]
FirewallRules: [{FDFA52E1-8033-4649-BBF5-15DB6200469F}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{5EDE16D4-9B4D-4936-BC62-2F67C0C28A72}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{3F060BA7-1C4B-4E18-81DC-C6AEEA98F33A}\\ziharna-pc2\programy\stronghold legends\strongholdlegends.exe] => (Block) \\ziharna-pc2\programy\stronghold legends\strongholdlegends.exe => No File
FirewallRules: [UDP Query User{48ACDC46-383C-430E-9437-0C7BD3E92DA2}\\ziharna-pc2\programy\stronghold legends\strongholdlegends.exe] => (Block) \\ziharna-pc2\programy\stronghold legends\strongholdlegends.exe => No File
FirewallRules: [TCP Query User{316CDA90-AABF-47AC-B33C-6EE4D96C0D2B}E:\gm\splintercell\splinter cell - blacklist\src\system\blacklist_dx11_game.exe] => (Allow) E:\gm\splintercell\splinter cell - blacklist\src\system\blacklist_dx11_game.exe => No File
FirewallRules: [UDP Query User{B8832559-7C58-4D2A-A46C-2D76CD8C880E}E:\gm\splintercell\splinter cell - blacklist\src\system\blacklist_dx11_game.exe] => (Allow) E:\gm\splintercell\splinter cell - blacklist\src\system\blacklist_dx11_game.exe => No File
FirewallRules: [{C3E3F63F-30A3-4DAF-833C-60728FC0E18F}] => (Allow) C:0\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{F9956838-9A1A-465C-BE92-D13794BAB123}] => (Allow) C:0\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{FBC2E2B2-D888-4CB6-B9C7-95476B12AF40}] => (Allow) C:1\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{E1858010-1257-440A-A1D2-83B97721C265}] => (Allow) C:1\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [TCP Query User{1DEE18EF-88EB-4491-A62B-6EE2C5B63658}E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe] => (Allow) E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{AA21EB74-D432-4194-B7BD-0D35B1231063}E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe] => (Allow) E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [{239D5D66-7145-4135-AE9D-C93607C2535E}] => (Block) E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [{8D24FA70-6291-45A5-A476-BB10918808DF}] => (Block) E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{5EA3DD7D-65FB-47A3-9599-E3C5966AC17C}E:\gm\the sims 4\game\bin\ts4_x64.exe] => (Allow) E:\gm\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{00E387F1-6810-470E-A7FE-6948F1740786}E:\gm\the sims 4\game\bin\ts4_x64.exe] => (Allow) E:\gm\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [{B74C10E6-B1AD-45DF-A994-EB1AB337FAE8}] => (Block) E:\gm\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [{2A0C8245-B651-460C-9BCE-5297D0B49B57}] => (Block) E:\gm\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [{73423DA4-DC67-473B-881E-3CD61E3B7B0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FB01F31B-6D6E-49EE-981F-8252AFF33F0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6B94D6F3-2EF3-43C4-AC9C-2D69F8ABDC28}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{081CC884-2ECB-4EFB-99C4-D0E7BF1817B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B9B652D4-D9B6-48B6-93DB-2253AEEAFA56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{53F84B29-B7F9-4F61-94A1-BA23BB0480F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7A7756EC-A2F9-4ACB-B50E-4723CA3389FA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5B5269CC-383B-44EB-88C4-A9E3CF744155}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8FD2BBA6-265F-4727-B6E2-6A5068552C49}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A6A433BF-A359-4372-869E-B4B14EB5125B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9C5692BE-E431-4F1F-B955-2F8FC7FF03E5}] => (Allow) C:\programy\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{533B0355-486F-470B-BEC4-06C7A8528CAB}] => (Allow) C:\programy\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{6A16BDF0-AD14-46E9-8875-BC767056155B}C:\programy\steam\steam.exe] => (Allow) C:\programy\steam\steam.exe => No File
FirewallRules: [UDP Query User{F2A8DDC1-55B8-4D32-BF1A-DD311EEC3F95}C:\programy\steam\steam.exe] => (Allow) C:\programy\steam\steam.exe => No File
FirewallRules: [{1419BE5F-1D3F-4C4B-80D1-545C0B30DFD5}] => (Allow) C:\programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{86C65B15-1458-4842-BC24-0E974AB17768}] => (Allow) C:\programy\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{15BF95ED-46DB-4D57-BC60-A0B8BA25C656}C:\programy\vojta\farming simulator 19\dedicatedserver.exe] => (Allow) C:\programy\vojta\farming simulator 19\dedicatedserver.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [UDP Query User{F0299061-4456-44B3-A627-3E03777D1A6E}C:\programy\vojta\farming simulator 19\dedicatedserver.exe] => (Allow) C:\programy\vojta\farming simulator 19\dedicatedserver.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{3BA6FC6C-DB2D-4367-81A0-DBFEA65A8B9B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

27-08-2020 22:20:12 Windows Update
31-08-2020 00:52:04 Windows Update
31-08-2020 07:32:05 zoek.exe restore point

==================== Faulty Device Manager Devices ============

Name: ACI4DYA2 IDE Controller
Description: ACI4DYA2 IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: ahb42i4f
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: ========================

Application errors:
==================
Error: (09/02/2020 07:22:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/01/2020 11:23:19 PM) (Source: MsiInstaller) (EventID: 11706) (User: Ziharna-PC)
Description: Produkt: Pinnacle Studio 15 - Chyba 1706. Instalační balíček pro produkt Pinnacle Studio 15 nebyl nalezen. Spusťte instalaci znovu pomocí platného instalačního balíčku Pinnacle Studio 15.msi.

Error: (08/31/2020 07:54:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2020 01:42:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OxygenNotIncluded.exe verze 2018.4.14.4507 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 650

Čas spuštění: 01d67e56233146ee

Čas ukončení: 26201

Cesta k aplikaci: C:\programy\vojta\Hry\Oxygen Not Included Automation Pack\OxygenNotIncluded.exe

ID hlášení: 2264304f-ea51-11ea-9b30-001fd04ed3f1

Error: (08/30/2020 12:40:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/27/2020 06:46:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OxygenNotIncluded.exe verze 2018.4.14.4507 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 874

Čas spuštění: 01d67c6fef49a412

Čas ukončení: 60000

Cesta k aplikaci: C:\programy\vojta\Hry\Oxygen Not Included Automation Pack\OxygenNotIncluded.exe

ID hlášení: a7045182-e884-11ea-9cd6-001fd04ed3f1

Error: (08/26/2020 10:09:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/26/2020 10:01:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (09/02/2020 11:50:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby rkrtservice bylo dosaženo časového limitu (30000 ms).

Error: (09/02/2020 11:25:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 80.

Error: (09/02/2020 11:25:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (09/02/2020 10:25:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 80.

Error: (09/02/2020 10:25:59 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (09/02/2020 09:25:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 80.

Error: (09/02/2020 09:25:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (09/02/2020 08:25:58 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 80.


Windows Defender:
===================================
Date: 2019-04-04 03:35:31.442
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu:1.1.15800.1
Předchozí verze modulu:1.1.6402.0
Zdroj aktualizace:Uživatel
Uživatel:NT AUTHORITY\SYSTEM
Kód chyby:0x8050800c
Popis chyby:Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.

Date: 2019-04-03 18:09:34.085
Description:
Program Windows Defender zjistil chybu při pokusu o aktualizaci modulu
Nová verze modulu:1.1.15800.1
Předchozí verze modulu:1.1.6402.0
Zdroj aktualizace:Uživatel
Uživatel:Ziharna-PC\Ziharna
Kód chyby:0x8050800c
Popis chyby:Došlo k neočekávaným potížím. Nainstalujte všechny dostupné aktualizace a potom opakujte spuštění programu. Informace o instalaci aktualizací naleznete v nápovědě a podpoře.

CodeIntegrity:
===================================

Date: 2019-04-03 18:55:28.043
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64_prewin8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-04-03 18:55:28.043
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\wdcsam64_prewin8.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: LENOVO 5CKT46AUS 03/20/2009
Motherboard: LENOVO LENOVO
Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz
Percentage of memory in use: 61%
Total physical RAM: 3934.11 MB
Available physical RAM: 1524.3 MB
Total Virtual: 7866.36 MB
Available Virtual: 5141.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:228.64 GB) (Free:56.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: A099AC87)
Partition 1: (Active) - (Size=228.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.2 GB) - (Type=12)

==================== End of Addition.txt =======================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Zavirované PC - pomoc s odvirováním

Příspěvekod jaro3 » 03 zář 2020 00:39

Odinstaluj:
GridinSoft Anti-Malware
Microsoft Security Essentials


A nainstaluj si antivir:
Avast nebo
Comodo nebo
Avira
nebo další.

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-711302050-3009418862-4191154230-1000\...\Policies\Explorer: []
Task: {90969E64-7099-4AA3-859A-BB090174E427} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {AB857D2D-D83B-4910-96EC-51928CFECA7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
SearchScopes: HKU\S-1-5-21-711302050-3009418862-4191154230-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
CHR HKLM\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]
CHR HKLM-x32\...\Chrome\Extension: [klekeajafkkpokaofllcadenjdckhinm]
U3 a2thwwq1; C:\Windows\System32\Drivers\a2thwwq1.sys [0 0000-00-00] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
U3 ahb42i4f; no ImagePath
ContextMenuHandlers2-x32: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\programy\Alcohol 120\AxShlex.dll -> No File
ContextMenuHandlers2: [AlcoholShellEx64] -> {AF67B665-D752-424E-9A03-C7C218F2844F} => C:\programy\Alcohol 120\AxShlEx64.dll -> No File
HKLM\...\.scr: EAGLESCR => "C:\programy\vojta\EAGLE 9.5.1\eagle.exe" -C "" "%1" <==== ATTENTION
FirewallRules: [{6ADA187D-4775-4700-8143-3A5EFDD63D91}] => (Allow) C:\programy\Pinnacle\Programs\RM.exe => No File
FirewallRules: [{64D433AE-ABC6-4273-BA9C-2B68E95C88C9}] => (Allow) C:\programy\Pinnacle\Programs\RM.exe => No File
FirewallRules: [{2DE1D714-21B1-48D3-A966-90C5AA329653}] => (Allow) C:\programy\Pinnacle\Programs\Studio.exe => No File
FirewallRules: [{8999F397-45E3-4121-A77C-2F85D7872AC8}] => (Allow) C:\programy\Pinnacle\Programs\Studio.exe => No File
FirewallRules: [{D9D8D6DD-4D15-4CD9-BDB6-61ABD6700EC1}] => (Allow) C:\programy\Pinnacle\Programs\umi.exe => No File
FirewallRules: [{7A422D52-7E37-4336-93B5-FAC28013D199}] => (Allow) C:\programy\Pinnacle\Programs\umi.exe => No File
FirewallRules: [TCP Query User{3301EE39-6280-45DF-BC1B-599CEC4C9756}F:\michal\michal - hry\warcraft iii\war3.exe] => (Allow) F:\michal\michal - hry\warcraft iii\war3.exe => No File
FirewallRules: [UDP Query User{0C165861-36B9-4A5B-943E-B83B8BF0F982}F:\michal\michal - hry\warcraft iii\war3.exe] => (Allow) F:\michal\michal - hry\warcraft iii\war3.exe => No File
FirewallRules: [TCP Query User{39754A7E-D2F6-491F-9A13-32947D257877}F:\michal\mtga\mtga.exe] => (Allow) F:\michal\mtga\mtga.exe => No File
FirewallRules: [UDP Query User{0FC47E18-2070-4F86-9291-42A1C4F67860}F:\michal\mtga\mtga.exe] => (Allow) F:\michal\mtga\mtga.exe => No File
FirewallRules: [TCP Query User{71CCFA32-AEE6-45EA-8384-25F9AB9237B5}F:\michal\michal - hry\di\dead island\deadislandgame.exe] => (Block) F:\michal\michal - hry\di\dead island\deadislandgame.exe => No File
FirewallRules: [UDP Query User{F7955049-B489-4979-AB13-C8FDD149850D}F:\michal\michal - hry\di\dead island\deadislandgame.exe] => (Block) F:\michal\michal - hry\di\dead island\deadislandgame.exe => No File

FirewallRules: [TCP Query User{3F060BA7-1C4B-4E18-81DC-C6AEEA98F33A}\\ziharna-pc2\programy\stronghold legends\strongholdlegends.exe] => (Block) \\ziharna-pc2\programy\stronghold legends\strongholdlegends.exe => No File
FirewallRules: [UDP Query User{48ACDC46-383C-430E-9437-0C7BD3E92DA2}\\ziharna-pc2\programy\stronghold legends\strongholdlegends.exe] => (Block) \\ziharna-pc2\programy\stronghold legends\strongholdlegends.exe => No File
FirewallRules: [TCP Query User{316CDA90-AABF-47AC-B33C-6EE4D96C0D2B}E:\gm\splintercell\splinter cell - blacklist\src\system\blacklist_dx11_game.exe] => (Allow) E:\gm\splintercell\splinter cell - blacklist\src\system\blacklist_dx11_game.exe => No File
FirewallRules: [UDP Query User{B8832559-7C58-4D2A-A46C-2D76CD8C880E}E:\gm\splintercell\splinter cell - blacklist\src\system\blacklist_dx11_game.exe] => (Allow) E:\gm\splintercell\splinter cell - blacklist\src\system\blacklist_dx11_game.exe => No File
FirewallRules: [{C3E3F63F-30A3-4DAF-833C-60728FC0E18F}] => (Allow) C:0\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{F9956838-9A1A-465C-BE92-D13794BAB123}] => (Allow) C:0\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{FBC2E2B2-D888-4CB6-B9C7-95476B12AF40}] => (Allow) C:1\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [{E1858010-1257-440A-A1D2-83B97721C265}] => (Allow) C:1\SteamLibrary\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe => No File
FirewallRules: [TCP Query User{1DEE18EF-88EB-4491-A62B-6EE2C5B63658}E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe] => (Allow) E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{AA21EB74-D432-4194-B7BD-0D35B1231063}E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe] => (Allow) E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [{239D5D66-7145-4135-AE9D-C93607C2535E}] => (Block) E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [{8D24FA70-6291-45A5-A476-BB10918808DF}] => (Block) E:\gm\sims4\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{5EA3DD7D-65FB-47A3-9599-E3C5966AC17C}E:\gm\the sims 4\game\bin\ts4_x64.exe] => (Allow) E:\gm\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{00E387F1-6810-470E-A7FE-6948F1740786}E:\gm\the sims 4\game\bin\ts4_x64.exe] => (Allow) E:\gm\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [{B74C10E6-B1AD-45DF-A994-EB1AB337FAE8}] => (Block) E:\gm\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [{2A0C8245-B651-460C-9BCE-5297D0B49B57}] => (Block) E:\gm\the sims 4\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{6A16BDF0-AD14-46E9-8875-BC767056155B}C:\programy\steam\steam.exe] => (Allow) C:\programy\steam\steam.exe => No File
FirewallRules: [UDP Query User{F2A8DDC1-55B8-4D32-BF1A-DD311EEC3F95}C:\programy\steam\steam.exe] => (Allow) C:\programy\steam\steam.exe => No File
Hosts:
EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.


+
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 11 hostů