Prosím o kontrolu logu Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41746
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 21 črc 2021 23:09

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost


Možná je problém nakopnutý Bios , nezkusil bys reset Biosu nebo nový firmware?

Ještě to projedem.
Vypni antivir i firewall.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
další odkaz:
http://www.bleepingcomputer.com/downloa ... scan-tool/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Reklama
Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 519
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod akiller » 22 črc 2021 11:33

Reset biosu bych asi i zvládnul, ale už od dob windows 98 se mu vyhýbám :D Pokud nebudu mít na vybranou, asi mi stejně nic jiného nezbyde :wtf: :yawn:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-07-2021 01
Ran by Armin Tamzarian (administrator) on DESKTOP-0CPP79B (Gigabyte Technology Co., Ltd. EP35-DS3) (22-07-2021 11:27:39)
Running from C:\Users\Armin Tamzarian\Desktop
Loaded Profiles: Armin Tamzarian
Platform: Windows 10 Home Version 21H1 19043.1110 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\VirtuaNES\VirtuaNES.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\aswEngSrv.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe <4>
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe <2>
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) C:\Program Files (x86)\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.6282.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\Armin Tamzarian\AppData\Local\Vivaldi\Application\update_notifier.exe
(ZONER software, a.s. -> ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [171320 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\Armin Tamzarian\AppData\Local\Vivaldi\Application\update_notifier.exe [2978192 2021-07-04] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software, a.s. -> ZONER software)
HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [13725536 2021-07-16] (GOG Sp. z o.o. -> GOG.com)
HKLM\Software\...\AppCompatFlags\Custom\Dracula.exe: [{62e5c1d9-7e7b-437d-8e12-f6a1e02fae37}.sdb] -> GOG.com Dracula Resurrection
HKLM\Software\...\AppCompatFlags\Custom\game.exe: [{9381f2c8-55ab-4208-80ad-7a747ab1f43f}.sdb] -> GOG.com The Longest Journey
HKLM\Software\...\AppCompatFlags\InstalledSDB\{62e5c1d9-7e7b-437d-8e12-f6a1e02fae37}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{62e5c1d9-7e7b-437d-8e12-f6a1e02fae37}.sdb [2021-07-16]
HKLM\Software\...\AppCompatFlags\InstalledSDB\{9381f2c8-55ab-4208-80ad-7a747ab1f43f}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{9381f2c8-55ab-4208-80ad-7a747ab1f43f}.sdb [2021-07-16]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.164\Installer\chrmstp.exe [2021-07-20] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2F188D79-3FEE-4BFF-9FFF-9BC748C63015} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682424 2021-07-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {3D5E421F-EE5F-42E7-9BDD-9E0497219839} - System32\Tasks\VivaldiUpdateCheck-7340258aca60670a => C:\Users\Armin Tamzarian\AppData\Local\Vivaldi\Application\update_notifier.exe [2978192 2021-07-04] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
Task: {453819ED-0EB4-4CF0-A9A4-C45AF9D9F574} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23182224 2021-07-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {465C9D76-8CB4-4149-B1A2-A5FBFD01663B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-02-28] (Google Inc -> Google LLC)
Task: {47E7750B-37FB-454B-9DDD-1A728AC81074} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {48F3CCE6-1E15-4FBE-882D-6E7E656546C9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform)
Task: {4C74ED61-0A2A-42EF-B704-CEF2DB26ACDD} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1821968 2021-04-30] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {4C7CB0DA-A312-45A3-B523-6D2606C077A0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {AC223C9D-57B7-40AE-A4CB-DD6E50F5693F} - System32\Tasks\AMHelper => C:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe [682008 2021-03-30] (Zemana D.O.O. Sarajevo -> Zemana Ltd.)
Task: {AD5C846C-AE0E-4E99-82E2-6F96AFF0FA6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-02-28] (Google Inc -> Google LLC)
Task: {AF1AF405-49DC-45CB-AE93-B43999ED356C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EC7E3F95-2E7F-492E-BEEE-70D19962E65E} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [4950840 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {FBFBF10E-225D-4EAC-9401-9BF77EFF1FE7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23182224 2021-07-09] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{09ef0a2e-9db0-4130-a24b-05c3aaeae95c}: [DhcpNameServer] 213.46.172.38 213.46.172.39
Tcpip\..\Interfaces\{180579ea-5b08-4e06-8101-299c67fa07a8}: [DhcpNameServer] 192.168.100.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Armin Tamzarian\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-21]

FireFox:
========
FF DefaultProfile: u6a3z8r7.default-1605620673755
FF ProfilePath: C:\Users\Armin Tamzarian\AppData\Roaming\Mozilla\Firefox\Profiles\u6a3z8r7.default-1605620673755 [2021-07-22]
FF Homepage: Mozilla\Firefox\Profiles\u6a3z8r7.default-1605620673755 -> hxxps://www.seznam.cz/
FF NewTab: Mozilla\Firefox\Profiles\u6a3z8r7.default-1605620673755 -> about:newtab
FF Notifications: Mozilla\Firefox\Profiles\u6a3z8r7.default-1605620673755 -> hxxps://www.instagram.com
FF Extension: (Český slovník pro kontrolu pravopisu) - C:\Users\Armin Tamzarian\AppData\Roaming\Mozilla\Firefox\Profiles\u6a3z8r7.default-1605620673755\Extensions\cs@dictionaries.addons.mozilla.org.xpi [2021-06-19]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Vivaldi:
=======
VIV DefaultProfile: Default

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [81088 2015-09-24] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [625976 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AVG Tools; C:\Program Files (x86)\AVG\Antivirus\avgToolsSvc.exe [374072 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\aswidsagent.exe [8297584 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files (x86)\AVG\Antivirus\wsc_proxy.exe [109480 2021-06-03] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056672 2021-07-08] (Microsoft Corporation -> Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1955680 2021-07-16] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2021-07-15] (GOG Sp. z o.o. -> GOG.com)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-18] (Malwarebytes Inc -> Malwarebytes)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13927760 2021-07-13] (Adlice -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 amsdk; C:\WINDOWS\system32\drivers\amsdk.sys [232792 2021-07-21] (Zemana D.O.O. Sarajevo -> Copyright 2018.)
R0 avgArDisk; C:\WINDOWS\System32\drivers\avgArDisk.sys [35872 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [217056 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriver.sys [366704 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsh.sys [250464 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniv.sys [99440 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [17344 2021-05-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AVG Technologies CZ, s.r.o.)
R1 avgKbd; C:\WINDOWS\System32\drivers\avgKbd.sys [41488 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [182736 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgNetHub; C:\WINDOWS\System32\drivers\avgNetHub.sys [524568 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [108000 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [83056 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [851344 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [472064 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [215536 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [327696 2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-04-02] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-04-02] (Disc Soft Ltd -> Disc Soft Ltd)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-07-20] (Malwarebytes Inc -> Malwarebytes)
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [4776168 2017-12-20] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-07-21] (Adlice -> )
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-22 11:25 - 2021-07-22 11:27 - 000033349 _____ C:\Users\Armin Tamzarian\Desktop\Addition.txt
2021-07-22 11:23 - 2021-07-22 11:28 - 000017236 _____ C:\Users\Armin Tamzarian\Desktop\FRST.txt
2021-07-22 11:23 - 2021-07-22 11:28 - 000000000 ____D C:\FRST
2021-07-22 11:19 - 2021-07-22 11:19 - 002300416 _____ (Farbar) C:\Users\Armin Tamzarian\Desktop\FRST64.exe
2021-07-21 21:21 - 2021-07-21 21:21 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Local\DBG
2021-07-21 21:21 - 2021-07-21 21:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2021-07-21 21:21 - 2021-07-21 21:21 - 000000000 ____D C:\Program Files\WhoCrashed
2021-07-21 21:16 - 2021-07-22 11:28 - 001735440 _____ C:\WINDOWS\ZAM.krnl.trace
2021-07-21 21:16 - 2021-07-21 22:31 - 000002542 _____ C:\WINDOWS\system32\Tasks\AMHelper
2021-07-21 21:16 - 2021-07-21 21:17 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Local\AMSDK
2021-07-21 21:16 - 2021-07-21 21:16 - 000232792 _____ (Copyright 2018.) C:\WINDOWS\system32\Drivers\amsdk.sys
2021-07-21 21:16 - 2021-07-21 21:16 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Local\Zemana
2021-07-21 21:16 - 2021-07-21 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2021-07-21 21:16 - 2021-07-21 21:16 - 000000000 ____D C:\Program Files (x86)\Zemana
2021-07-21 21:15 - 2021-07-21 21:15 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-07-21 20:22 - 2014-02-13 23:59 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2021-07-21 19:48 - 2021-07-21 20:17 - 000000000 ____D C:\zoek_backup
2021-07-21 19:21 - 2021-07-21 19:21 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Local\Adobe
2021-07-21 18:18 - 2021-07-21 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2021-07-21 18:18 - 2021-07-21 18:18 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2021-07-21 17:50 - 2021-07-21 17:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-07-21 17:50 - 2021-07-21 17:50 - 000000000 ____D C:\Program Files\RogueKiller
2021-07-21 17:49 - 2021-07-22 11:06 - 000000000 ____D C:\ProgramData\RogueKiller
2021-07-21 15:53 - 2021-07-21 15:53 - 000000000 ____D C:\ProgramData\Sophos
2021-07-21 15:53 - 2021-07-21 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2021-07-21 15:53 - 2021-07-21 15:53 - 000000000 ____D C:\Program Files (x86)\Sophos
2021-07-20 16:58 - 2021-07-20 16:58 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-07-20 16:57 - 2021-07-20 16:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-07-20 16:10 - 2021-07-21 21:15 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-17 21:02 - 2021-07-17 21:02 - 000000000 ____D C:\AdwCleaner
2021-07-16 18:12 - 2021-07-16 18:12 - 000001639 _____ C:\Users\Public\Desktop\Dracula - The Resurrection.lnk
2021-07-16 18:12 - 2021-07-16 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dracula - The Resurrection [GOG.com]
2021-07-15 14:38 - 2021-07-15 14:45 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Roaming\MediaInfo
2021-07-15 14:26 - 2021-07-15 14:26 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Local\fontconfig
2021-07-15 14:24 - 2021-07-15 14:50 - 000000000 ____D C:\Program Files (x86)\FormatFactory
2021-07-15 12:34 - 2021-07-15 12:34 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-07-15 12:34 - 2021-07-15 12:34 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-07-15 12:34 - 2021-07-15 12:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb
2021-07-15 12:34 - 2021-07-15 12:34 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb
2021-07-15 12:34 - 2021-07-15 12:34 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb
2021-07-15 12:34 - 2021-07-15 12:34 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb
2021-07-14 12:16 - 2021-07-14 16:56 - 000003080 _____ C:\WINDOWS\system32\Tasks\VivaldiUpdateCheck-7340258aca60670a
2021-07-09 20:06 - 2021-07-09 20:06 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-07-09 20:06 - 2021-07-09 20:06 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-07-09 20:06 - 2021-07-09 20:06 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-07-09 20:06 - 2021-07-09 20:06 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-07-09 20:06 - 2021-07-09 20:06 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-07-09 20:06 - 2021-07-09 20:06 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-07-09 20:06 - 2021-07-09 20:06 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-07-09 20:06 - 2021-07-09 20:06 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-07-09 20:06 - 2021-07-09 20:06 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-07-09 20:06 - 2021-07-09 20:06 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-07-08 20:09 - 2021-07-15 18:03 - 000000145 _____ C:\WINDOWS\game.INI
2021-07-01 21:19 - 2021-07-01 21:19 - 002003814 _____ C:\Users\Armin Tamzarian\Desktop\červenec.bmp
2021-06-29 18:54 - 2021-07-21 21:59 - 000000000 ____D C:\Users\Armin Tamzarian\Desktop\Nová složka
2021-06-29 15:38 - 2021-06-29 15:38 - 000340280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2021-06-29 15:38 - 2021-06-29 15:38 - 000215536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-22 11:23 - 2017-04-03 00:33 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\LocalLow\Mozilla
2021-07-22 11:19 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-22 11:19 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-07-22 11:19 - 2019-09-13 10:48 - 000000436 _____ C:\Users\Armin Tamzarian\Desktop\Tento počítač.lnk
2021-07-22 11:10 - 2019-09-13 21:17 - 000000000 ____D C:\Program Files\CCleaner
2021-07-22 11:07 - 2020-06-07 12:38 - 000000000 ____D C:\Program Files (x86)\Google
2021-07-21 22:32 - 2019-09-13 09:37 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-21 22:31 - 2021-02-28 21:50 - 000003400 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-07-21 22:31 - 2021-02-28 21:50 - 000003176 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-07-21 22:31 - 2020-08-25 20:37 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-07-21 22:31 - 2020-08-25 20:37 - 000002238 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-07-21 22:31 - 2020-08-25 20:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2021-07-21 22:27 - 2019-09-13 21:59 - 000000000 ____D C:\Program Files (x86)\Steam
2021-07-21 21:22 - 2020-08-25 20:33 - 001693136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-07-21 21:22 - 2019-12-07 16:41 - 000716764 _____ C:\WINDOWS\system32\perfh005.dat
2021-07-21 21:22 - 2019-12-07 16:41 - 000144942 _____ C:\WINDOWS\system32\perfc005.dat
2021-07-21 21:15 - 2020-08-25 20:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-21 21:15 - 2020-08-25 20:22 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-21 21:15 - 2019-09-13 21:01 - 000000000 ____D C:\ProgramData\Avg
2021-07-21 21:15 - 2019-09-13 20:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-21 21:14 - 2020-08-25 20:23 - 000000000 ____D C:\Users\defaultuser0
2021-07-21 21:14 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-07-21 21:13 - 2020-08-25 20:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-21 19:05 - 2019-09-13 21:12 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Roaming\vlc
2021-07-20 16:58 - 2019-09-13 21:14 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-07-20 16:57 - 2017-06-30 19:36 - 000001010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-20 15:59 - 2020-06-10 12:59 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-20 15:59 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-20 15:59 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-20 15:12 - 2019-09-13 09:55 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Local\Packages
2021-07-20 15:07 - 2021-02-28 21:51 - 000002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-20 15:07 - 2021-02-28 21:51 - 000002211 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-17 21:04 - 2020-08-25 20:23 - 000000000 ____D C:\Users\Armin Tamzarian
2021-07-17 20:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-07-17 20:50 - 2019-09-14 12:06 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-16 18:13 - 2019-09-13 21:57 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2021-07-16 08:21 - 2018-07-17 19:40 - 000023596 _____ C:\Users\Armin Tamzarian\Desktop\televize.xlsx
2021-07-15 17:18 - 2020-08-25 20:22 - 000409696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-07-15 17:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-07-15 17:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-07-15 17:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-07-15 17:17 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-15 14:52 - 2021-06-04 17:05 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\LocalLow\BitTorrent
2021-07-15 14:49 - 2021-06-03 18:33 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Local\BitTorrentHelper
2021-07-15 12:37 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-07-14 16:56 - 2020-08-25 20:37 - 000003572 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-14 16:56 - 2020-08-25 20:37 - 000003348 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-14 16:56 - 2020-08-25 20:37 - 000003322 _____ C:\WINDOWS\system32\Tasks\Antivirus Emergency Update
2021-07-14 12:16 - 2019-09-13 20:03 - 000002444 _____ C:\Users\Armin Tamzarian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2021-07-14 12:16 - 2019-09-13 20:02 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Local\Vivaldi
2021-07-14 11:00 - 2019-09-13 10:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-07-14 10:59 - 2019-09-13 10:56 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-07-09 22:40 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-07-09 22:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-07-09 22:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-07-09 22:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-07-09 22:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-07-09 22:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-07-09 22:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-07-09 22:40 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-06-30 17:51 - 2021-01-29 21:06 - 000000000 _____ C:\Users\Armin Tamzarian\Desktop\Nový textový dokument.TXT
2021-06-29 15:40 - 2021-02-28 21:51 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Local\Google
2021-06-29 15:38 - 2020-10-23 18:45 - 000182736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2021-06-29 15:38 - 2020-06-04 12:34 - 000524568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgNetHub.sys
2021-06-29 15:38 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-06-29 15:38 - 2019-09-13 21:03 - 000851344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2021-06-29 15:38 - 2019-09-13 21:03 - 000472064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2021-06-29 15:38 - 2019-09-13 21:03 - 000366704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriver.sys
2021-06-29 15:38 - 2019-09-13 21:03 - 000327696 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2021-06-29 15:38 - 2019-09-13 21:03 - 000250464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsh.sys
2021-06-29 15:38 - 2019-09-13 21:03 - 000217056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2021-06-29 15:38 - 2019-09-13 21:03 - 000108000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2021-06-29 15:38 - 2019-09-13 21:03 - 000099440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniv.sys
2021-06-29 15:38 - 2019-09-13 21:03 - 000083056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2021-06-29 15:38 - 2019-09-13 21:03 - 000041488 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgKbd.sys
2021-06-29 15:38 - 2019-09-13 21:03 - 000035872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArDisk.sys
2021-06-27 16:49 - 2021-06-04 21:29 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\LocalLow\Fictiorama Studios
2021-06-27 16:49 - 2020-06-08 21:45 - 000000000 ____D C:\Users\Armin Tamzarian\AppData\Local\Daedalic Entertainment GmbH

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Keybord not present. Press Enter to continue

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 519
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod akiller » 22 črc 2021 11:33

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by Armin Tamzarian (22-07-2021 11:29:34)
Running from C:\Users\Armin Tamzarian\Desktop
Windows 10 Home Version 21H1 19043.1110 (X64) (2020-08-25 18:37:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1252873434-2205030425-1759353732-500 - Administrator - Disabled)
Armin Tamzarian (S-1-5-21-1252873434-2205030425-1759353732-1001 - Administrator - Enabled) => C:\Users\Armin Tamzarian
DefaultAccount (S-1-5-21-1252873434-2205030425-1759353732-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1252873434-2205030425-1759353732-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1252873434-2205030425-1759353732-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1252873434-2205030425-1759353732-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X (10.1.16) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 21.5.3185 - AVG Technologies)
BitTorrent (HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\BitTorrent) (Version: 7.10.5.46011 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.83 - Piriform)
CrystalDiskInfo 8.12.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.3 - Crystal Dew World)
Dracula - The Resurrection (HKLM-x32\...\1207661553_is1) (Version: 2.1.0.5 - GOG.com)
Free ePub reader 1.0 (HKLM-x32\...\{BB49A5B5-FEAE-46DB-91BC-F9F914A72DBA}_is1) (Version: 1.0 - SoftDevResource)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
GOG.com The Longest Journey (HKLM\...\{9381f2c8-55ab-4208-80ad-7a747ab1f43f}.sdb) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.164 - Google LLC)
Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - )
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
Icecream Ebook Reader verze 5.23 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 5.23 - Icecream Apps)
MAGIX Common Components 1 (HKLM-x32\...\{57BDDF3B-3E7F-4F60-A151-3BCA9D2CC996}) (Version: 1.8.1.0 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 2 (HKLM-x32\...\{6811BD4E-CC43-4304-BE29-BCFA9D4452BF}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Goya burnR (MSI) (HKLM\...\{9CDF2ABF-13AC-4354-B07E-F54782C24B5A}) (Version: 4.3.1.6 - MAGIX Software GmbH) Hidden
MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{9CDF2ABF-13AC-4354-B07E-F54782C24B5A}) (Version: 4.3.1.6 - MAGIX Software GmbH)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.71 - Microsoft Corporation)
Microsoft Office 2016 pro domácnosti - cs-cz (HKLM\...\HomeStudentRetail - cs-cz) (Version: 16.0.14131.20320 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\OneDriveSetup.exe) (Version: 19.152.0927.0012 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 90.0.1 (x64 cs)) (Version: 90.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 7.1.32.69 - )
NVIDIA Ovladač HD audia 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20320 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Parom.TV player (HKLM-x32\...\Parom.TV) (Version: - )
RogueKiller version 15.0.8.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.8.0 - Adlice Software)
Smart Tests (HKLM-x32\...\Smart Tests) (Version: 1.0.165.0 - Vitware)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.9.0 - Sophos Limited)
Spotify (HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\Spotify) (Version: 1.1.61.583.gad060c66 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TP-Link TL-WN821N (HKLM-x32\...\{03468BE2-4451-416D-B045-60F2101122D4}) (Version: 2.1.0 - TP-Link)
VisiPics V1.30 (HKLM-x32\...\VisiPics_is1) (Version: - Ozone)
Vita 2 (HKLM\...\{E5EB37EB-EAD8-4FE1-A97D-FA3EE82B83DC}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Concert Grand (HKLM\...\{12E945F1-FD2E-492D-A71E-B595EBD5F710}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Drum Engine (HKLM\...\{B20B3483-C5AB-4F61-B239-6EEC75ED6931}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Pop Drums (HKLM\...\{5BA76428-34F5-40D4-A516-8E1F38FB21A5}) (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vivaldi (HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\Vivaldi) (Version: 4.0.2312.38 - Vivaldi Technologies AS.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WhoCrashed 6.70 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Word Manager (HKLM-x32\...\Word Manager) (Version: 1.1.280.0 - Vitware.cz)
Zemana AntiMalware verze 3.2.28 (HKLM-x32\...\{4E1F3677-C72E-4F7D-B66E-85467B1A289E}_is1) (Version: 3.2.28 - Zemana)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_CZ_is1) (Version: 17.0.1.12 - ZONER software)

Packages:
=========
Microsoft Mahjong -> C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_4.0.11030.0_x64__8wekyb3d8bbwe [2020-11-25] (Microsoft Studios) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-20] (Microsoft Studios) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-08-19] (Netflix, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1252873434-2205030425-1759353732-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> C:\Users\Armin Tamzarian\AppData\Local\Vivaldi\Application\4.0.2312.38\notification_helper.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
ShellIconOverlayIdentifiers: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers-x32: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana\AntiMalware\AM_ShellExt64.dll [2021-03-30] (Zemana D.O.O. Sarajevo -> Advanced Malware Protection. Copyright 2019.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2021-06-29] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Armin Tamzarian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\969fa00ceac8236d\Vivaldi.lnk -> C:\Users\Armin Tamzarian\AppData\Local\Vivaldi\Application\vivaldi_proxy.exe (Vivaldi Technologies AS) -> --profile-directory=Default --app-id=mpognobbkildjkofajifpdfhcoklimli

==================== Loaded Modules (Whitelisted) =============

2019-09-25 14:06 - 2007-08-11 18:02 - 000073728 _____ () [File not signed] C:\Program Files (x86)\VirtuaNES\English.vlp
2019-09-13 20:52 - 2014-09-09 13:30 - 000603648 _____ () [File not signed] C:\Program Files\Zoner\Photo Studio 17\Program32\SpiderMonkey.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-1252873434-2205030425-1759353732-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1252873434-2205030425-1759353732-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-02] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-04-04 19:24 - 2021-07-22 11:22 - 000000813 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1252873434-2205030425-1759353732-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Armin Tamzarian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 213.46.172.38 - 213.46.172.39
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{9A425F52-8AC1-4A02-AE47-532069991E30}D:\winamp\winamp.exe] => (Allow) D:\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{1B4143B4-001C-47C0-917F-A47D1F57EF12}D:\winamp\winamp.exe] => (Allow) D:\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{D007294F-D703-422E-AE4F-305410D196E4}] => (Allow) D:\Steam\steamapps\common\Worms Armageddon\WA.exe (Team17 Software Ltd) [File not signed]
FirewallRules: [{E373D793-4416-4B2D-89A2-53D76670916F}] => (Allow) D:\Steam\steamapps\common\Worms Armageddon\WA.exe (Team17 Software Ltd) [File not signed]
FirewallRules: [{267593F9-0493-4D52-AA1B-546AB167D0D8}] => (Allow) D:\Steam\steamapps\common\MAGIX\Music Maker 2017 Steam Edition\MusicMaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{8E5CA099-843A-44B9-ABB2-190C7951D9F2}] => (Allow) D:\Steam\steamapps\common\MAGIX\Music Maker 2017 Steam Edition\MusicMaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{F7AE9551-1814-4A3C-80B5-A0B0BFC34A1B}] => (Allow) D:\Steam\steamapps\common\City Car Driving\bin\win32\starter.exe (Forward Development) [File not signed]
FirewallRules: [{F2B878E0-70A7-48A1-B99F-BE54EEB523C7}] => (Allow) D:\Steam\steamapps\common\City Car Driving\bin\win32\starter.exe (Forward Development) [File not signed]
FirewallRules: [{8E850FD4-BD24-4B57-A6FE-461EF2A99FE6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{B40E7EC4-79A1-4081-9755-0905002A98AD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{9C3E7B80-B518-4D75-B20B-51116AB17F8A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{64B5F76B-2B37-4809-8C71-52681208A341}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{BF024EAA-2DA2-4E55-B745-1E19C0B58020}C:\users\armin tamzarian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\armin tamzarian\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{C282BF1F-42BA-428D-BF77-D6388DD57AD7}C:\users\armin tamzarian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\armin tamzarian\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{86B089D4-AA2B-4998-9B6E-9CC1DDA26526}D:\winamp\winamp.exe] => (Allow) D:\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [TCP Query User{FD1CF8AC-D70F-4F0C-9444-AE499A5AC210}D:\winamp\winamp.exe] => (Allow) D:\winamp\winamp.exe (Nullsoft Inc. -> Nullsoft, Inc.)
FirewallRules: [{7B221610-D1DE-42EE-B85E-980A5BAA3CC2}] => (Allow) C:\Program Files (x86)\Parom.TV\paromplayer.exe () [File not signed]
FirewallRules: [{999647A4-D39B-4665-979F-04809BC620BA}] => (Allow) C:\Program Files (x86)\Parom.TV\paromplayer.exe () [File not signed]
FirewallRules: [{556D6FE9-7117-40CF-8974-4E1F1489AF3F}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe (ZONER software, a.s. -> ZONER software)
FirewallRules: [{978F59A0-28BD-4126-8CBC-BEF1CC4E8CB9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{33579087-F56E-4BA9-ADBE-AB5D59EF9D15}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CC02ADC5-717D-4D71-A454-900D163F02DB}] => (Allow) C:\Users\Armin Tamzarian\AppData\Local\Vivaldi\Application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [TCP Query User{3E7AE162-075B-4F14-90C4-CF9C4B25CE65}C:\users\armin tamzarian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\armin tamzarian\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{9B4CFA90-72FA-4820-87E2-E21F38CB7A80}C:\users\armin tamzarian\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\armin tamzarian\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7BB3CD8B-66F7-47FC-B14F-94E6F221F6F4}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{B1CD82F6-6AAB-4BA1-9B9F-3FC35E81B9E9}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{8834634C-B797-47F8-8362-D93A2064867C}] => (Allow) C:\Users\Armin Tamzarian\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{C8F9B1A3-F25E-4413-93DA-460AB24430F1}] => (Allow) C:\Users\Armin Tamzarian\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{E354C9F4-C82D-47FC-858B-DCB5D78F2FBB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DE645BED-70D9-44FD-906B-5BE4965FAF9B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{18A2EE65-2EF1-43A9-8495-191921E98C00}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B15B6A3-4246-4E92-9649-ADAED8D07BD8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A7442C53-FB3C-4159-929C-9A7AD9C31986}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

21-07-2021 15:40:02 JRT Pre-Junkware Removal
21-07-2021 15:52:56 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/21/2021 09:06:43 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Programy (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (07/21/2021 09:06:36 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (07/21/2021 07:50:38 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet

Error: (07/16/2021 02:53:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: game.exe, verze: 1.0.0.142, časové razítko: 0x38a2d841
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.1110, časové razítko: 0x8a32a22a
Kód výjimky: 0xc0000005
Posun chyby: 0x0003a77c
ID chybujícího procesu: 0x2118
Čas spuštění chybující aplikace: 0x01d77a31f94b3853
Cesta k chybující aplikaci: C:\Program Files (x86)\GOG Galaxy\Games\The Longest Journey\game.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 9ed85ad2-3ed6-43e1-9092-f707e7d36b88
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/15/2021 02:48:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: FormatFactory.exe, verze: 4.4.1.0, časové razítko: 0x5bd16817
Název chybujícího modulu: FormatFactory.exe, verze: 4.4.1.0, časové razítko: 0x5bd16817
Kód výjimky: 0xc0000005
Posun chyby: 0x00073751
ID chybujícího procesu: 0xc2c
Čas spuštění chybující aplikace: 0x01d77974743084d8
Cesta k chybující aplikaci: C:\Program Files (x86)\FormatFactory\FormatFactory.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\FormatFactory\FormatFactory.exe
ID zprávy: 9c177b7a-adf8-4362-bc04-593af921db80
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (07/15/2021 02:08:35 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Programy (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (07/15/2021 02:08:32 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (07/14/2021 03:41:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny QueryFullProcessImageNameW došlo k neočekávané chybě. hr= 0x80070006, Neplatný popisovač.
.


Operace:
Spouštění asynchronní operace

Kontext:
Aktuální stav: DoSnapshotSet


System errors:
=============
Error: (07/21/2021 10:08:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/21/2021 10:08:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (07/21/2021 08:16:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/21/2021 08:16:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/21/2021 08:16:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/21/2021 08:16:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/21/2021 08:16:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (07/21/2021 03:40:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.


CodeIntegrity:
===============
Date: 2021-07-22 11:22:50
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-07-21 22:16:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-07-21 21:16:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Award Software International, Inc. F3b 02/04/2008
Motherboard: Gigabyte Technology Co., Ltd. EP35-DS3
Processor: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz
Percentage of memory in use: 62%
Total physical RAM: 6142.49 MB
Available physical RAM: 2312.36 MB
Total Virtual: 8958.49 MB
Available Virtual: 4275.73 MB

==================== Drives ================================

Drive c: (WIN10) (Fixed) (Total:222.25 GB) (Free:67.91 GB) NTFS
Drive d: (Programy) (Fixed) (Total:931.51 GB) (Free:910.36 GB) NTFS
Drive e: (Data) (Fixed) (Total:931.51 GB) (Free:85.49 GB) NTFS

\\?\Volume{dbe623f3-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{dbe623f3-0000-0000-0000-50af37000000}\ () (Fixed) (Total:0.83 GB) (Free:0.41 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 000E1397)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: EF9D9631)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: DBE623F3)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=848 MB) - (Type=27)

==================== End of Addition.txt =======================
Keybord not present. Press Enter to continue

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41746
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 22 črc 2021 16:56

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.164\Installer\chrmstp.exe [2021-07-20] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {465C9D76-8CB4-4149-B1A2-A5FBFD01663B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-02-28] (Google Inc -> Google LLC)
Task: {AD5C846C-AE0E-4E99-82E2-6F96AFF0FA6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-02-28] (Google Inc -> Google LLC)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Tasks\AVAST Software
SearchScopes: HKU\S-1-5-21-1252873434-2205030425-1759353732-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1252873434-2205030425-1759353732-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FirewallRules: [{8834634C-B797-47F8-8362-D93A2064867C}] => (Allow) C:\Users\Armin Tamzarian\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{C8F9B1A3-F25E-4413-93DA-460AB24430F1}] => (Allow) C:\Users\Armin Tamzarian\AppData\Roaming\BitTorrent\BitTorrent.exe => No File

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Stáhni si Memtest
http://www.stahuj.cz/utility_a_ostatni/ ... i/memtest/


Políčko , ve kterém je napsáno:
All unused RAM ponech.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.
poklepej na Memtest , pak znovu a znovu , do políček všech Memtestů napiš 2048 , pak dej u všech Memtestů "Start".

Co zdroj? Kontroloval si ho , třeba v OCCT?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 519
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod akiller » 22 črc 2021 19:24

Zdroj jsem zatím nekontroloval, ale OCCD jsem stáhl a použiji :thumbup:
Edit: nějaký návod na použití bys neměl :D :wtf: :huh:


Fix result of Farbar Recovery Scan Tool (x64) Version: 19-07-2021 01
Ran by Armin Tamzarian (22-07-2021 19:18:58) Run:1
Running from C:\Users\Armin Tamzarian\Desktop
Loaded Profiles: defaultuser0 & Armin Tamzarian
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.164\Installer\chrmstp.exe [2021-07-20] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {465C9D76-8CB4-4149-B1A2-A5FBFD01663B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-02-28] (Google Inc -> Google LLC)
Task: {AD5C846C-AE0E-4E99-82E2-6F96AFF0FA6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2021-02-28] (Google Inc -> Google LLC)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\system32\Tasks\AVAST Software
SearchScopes: HKU\S-1-5-21-1252873434-2205030425-1759353732-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1252873434-2205030425-1759353732-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
FirewallRules: [{8834634C-B797-47F8-8362-D93A2064867C}] => (Allow) C:\Users\Armin Tamzarian\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{C8F9B1A3-F25E-4413-93DA-460AB24430F1}] => (Allow) C:\Users\Armin Tamzarian\AppData\Roaming\BitTorrent\BitTorrent.exe => No File

EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{465C9D76-8CB4-4149-B1A2-A5FBFD01663B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{465C9D76-8CB4-4149-B1A2-A5FBFD01663B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD5C846C-AE0E-4E99-82E2-6F96AFF0FA6E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD5C846C-AE0E-4E99-82E2-6F96AFF0FA6E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.11 => removed successfully
C:\Program Files\VideoLAN\VLC\npvlc.dll => moved successfully
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.12 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.14 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.16 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.7.1 => removed successfully
"C:\Program Files\VideoLAN\VLC\npvlc.dll" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
C:\WINDOWS\system32\Tasks\AVAST Software => moved successfully
"HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1252873434-2205030425-1759353732-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8834634C-B797-47F8-8362-D93A2064867C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C8F9B1A3-F25E-4413-93DA-460AB24430F1}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11558912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43595608 B
Java, Flash, Steam htmlcache => 323317147 B
Windows/system/drivers => 590250 B
Edge => 0 B
Chrome => 1397472 B
Vivaldi => 206655 B
Firefox => 1108712824 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7148 B
ProgramData => 7148 B
Public => 7148 B
systemprofile => 7148 B
systemprofile32 => 7148 B
LocalService => 11018 B
NetworkService => 11018 B
defaultuser0 => 18166 B
Armin Tamzarian => 46208033 B

RecycleBin => 1809895 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:20:12 ====
Keybord not present. Press Enter to continue

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41746
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 22 črc 2021 19:36

Stáhni si zde DelFix
Další odkazy:
https://toolslib.net/downloads/viewdownload/2-delfix/
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7, 8 a10 musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Jen to co se týká Power Supply! Nechat hodinu!

OCCT
http://www.slunecnice.cz/sw/occt/
http://www.ocbase.com/

stáhni a spusť ,pokud program nabídne aktualizaci , stáhni novou verzi .
Pokud se ukáže žádost o fin. Pomoc /PayPal) odškrtni jí (2x).
Klikni na CPU:OCCT a pak na "ON"..pokud Ti to nespadne , po pár minutách zastav (OFF) , program Ti naskenuje několik obrázků , ten poslední sem vlož.
klikni na GPU a na "ON" , zase nech pár minut , pokud to nespadne dřív..zase poslední obázek.
Můžeš otestovat i zdroj.
CPU:OCCT
CPU: Linpack
GPU: 3D
Power Supply a pak na "[b]Start"
[/b]
Po kliknutí na nástroje (ozubené kolo) si zkontrolovat hodnoty pomocí:
HW Monitor
AIDA64
CoreTemp
Everest
MotherBoard Monitor5
SpeedFan 4
SysTool v.1

http://www.ocbase.com/

Ten Memtest taky..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 519
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod akiller » 22 črc 2021 20:16

Tak nevím... odkaz od tebe je na slunečnici na verzi 5, ale stáhne se verze 9.0.2, která vypadá úplně jinak, než verze 5.
Nenašel jsem CPU:OCCT, ani GPU, ani tlačítko "ON", ani Power Supply, o naskenovaných obrázcích ani nemluvě...
Spustil jsem na 30 minut Testy > CPU, ale z výsledku nejsem nijak moudrý :(
Keybord not present. Press Enter to continue

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 519
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod akiller » 22 črc 2021 20:29

Ale log z DelFix mám :D
Teď jsem spustil Memtest.

# DelFix v1.010 - Logfile created 22/07/2021 at 20:19:29
# Updated 26/04/2015 by Xplode
# Username : Armin Tamzarian - DESKTOP-0CPP79B
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Armin Tamzarian\Desktop\Fixlog.txt
Deleted : C:\Users\Armin Tamzarian\Desktop\FRST64.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########
Keybord not present. Press Enter to continue

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41746
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 22 črc 2021 21:03

Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 519
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod akiller » 22 črc 2021 22:10

Power test jsem udělal, ale teď zase nevím, kde jsou schované ty obrázky... Sorryjako :(
Keybord not present. Press Enter to continue

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 41746
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 22 črc 2021 23:22

Měl si ten power test zapnutý aspoň hodinu? Pokud ti to nespadlo je OK.

Co Memtest?

Chce to ten reset BIOSu. Máš manuál k desce? Výměnu baterie , zkusit , nebo vyčistit kontakty..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
akiller
Level 3
Level 3
Příspěvky: 519
Registrován: listopad 10
Bydliště: Nothingtown
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod akiller » 23 črc 2021 11:59

Power běžel hodinu a nespadl. Memtest taky v pohodě. Asi to odnesu do servisu, stejně jsem chtěl přiložit ucho na tep doby a po letech počítač zase trochu vylepšit :idea: :listen: 8)
Keybord not present. Press Enter to continue


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 4 hosti