Moc prosím o kontrolu, pomalý zasekaný ntb

Zpráva

abdul99 · #1 Příspěvek od **abdul99** » 10 dub 2020 20:27

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-04-2020
Ran by Pavla (administrator) on PAVLA (LENOVO 20206) (10-04-2020 21:15:47)
Running from C:\Users\qwert\Desktop
Loaded Profiles: Pavla (Available Profiles: Pavla)
Platform: Windows 10 Home Version 1903 18362.418 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(LENOVO -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12004.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20022.11011.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Seznam.cz, a.s. -> ) C:\Users\qwert\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Seznam.cz, a.s. -> ) C:\Users\qwert\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro)
HKLM-x32\...\Run: [seznam-listicka-distribuce] => C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\Run: [cz.seznam.software.autoupdate] => C:\Users\qwert\AppData\Roaming\Seznam.cz\szninstall.exe [1069296 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\Run: [cz.seznam.software.szndesktop] => C:\Users\qwert\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [109808 2018-03-27] (Seznam.cz, a.s. -> )
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8022104 2020-04-09] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {090C3D72-3EF1-4350-AC25-B212B5434F18} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24257912 2018-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {20732F44-8D8C-4E2B-9B78-E31DCC98C415} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {21DA5575-B172-4D9B-87BD-816F3FF69A2A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [123168 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {32E9E4A3-F0EC-4430-B72A-4A098FE84FCC} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe [59776 2019-11-12] (Lenovo -> )
Task: {43E41327-5189-43B4-A484-D05BE26C64E4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24257912 2018-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {592B7FFC-E543-4DE6-AC46-B13D323525BE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3894664 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
Task: {63B9BBD2-2EDE-43C7-B5F3-3254104DD1EC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [123168 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {643E75A0-3A6F-4099-824D-13BC8A3E5FAE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3398344 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {6506636B-3396-4685-B382-EE754F66BB4A} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [113024 2019-11-12] (Lenovo -> Lenovo)
Task: {6675DB40-F70B-40FD-91D9-402289A3D6B5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2139424 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {692B98C6-92AB-4FD4-A4D8-E7E69BB5EB77} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {74DE811A-8609-4BB9-9989-29617017D00E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-28] (Avast Software s.r.o. -> Avast Software)
Task: {77C204AA-19D7-4F23-96E3-AE18DE1C7057} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3398344 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {C17FB5BD-DB30-4F93-B52E-1C09950BDAEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-04] (Google Inc -> Google Inc.)
Task: {CB456B82-033F-47CA-A77B-F1A59DC46C6D} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1724928 2019-10-03] () [File not signed]
Task: {D34231C4-C5A1-4522-BB07-733BE752AF82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-04] (Google Inc -> Google Inc.)
Task: {DB918ECC-DA12-44B6-9DD7-5C97B91F5389} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2139424 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1C0D928-F5C1-471F-A78E-FFF9EE1590DA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{22fe71fb-3ccf-48d9-b0f6-ff63585ecff5}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
SearchScopes: HKU\S-1-5-21-2691251485-3647217419-1871296894-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\qwert\Downloads

FireFox:
========
FF DefaultProfile: 1unk4gnk.default
FF ProfilePath: C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default [2020-04-09]
FF Homepage: Mozilla\Firefox\Profiles\1unk4gnk.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF NewTab: Mozilla\Firefox\Profiles\1unk4gnk.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF Extension: (Seznam doplněk - Esko) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-12-05]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\sp@avast.com.xpi [2019-10-04]
FF Extension: (Seznam doplněk - Email) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-12-05]
FF ProfilePath: C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\n7w6w6xx.default-release [2020-04-10]
FF Homepage: Mozilla\Firefox\Profiles\n7w6w6xx.default-release -> seznam.cz
FF NewTab: Mozilla\Firefox\Profiles\n7w6w6xx.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF Extension: (SafeGuard) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\n7w6w6xx.default-release\Extensions\extension@safeguard.ws.xpi [2019-10-08]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\n7w6w6xx.default-release\Extensions\sp@avast.com.xpi [2020-04-07]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2691251485-3647217419-1871296894-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\qwert\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-08] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default [2020-04-10]
CHR Notifications: Default -> hxxps://pushbesttools.com; hxxps://www.facebook.com; hxxps://www.nev-dama.cz; hxxps://www.tisknulevne.cz; hxxps://yepdownload.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/newTabSwitcher.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Seznam doplněk - Email) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-04-06]
CHR Extension: (Add links to change languages on Google™) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemleifbnibgnoifdjohpchdemidjibj [2020-04-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57536 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619824 2018-12-26] (Microsoft Corporation -> Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation - pGFX -> Intel Corporation)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [29272 2020-04-09] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-11-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-11-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37864 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205576 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [271120 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206608 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [64272 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279360 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42976 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175400 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110560 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84056 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848672 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [458584 2020-03-11] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235184 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316256 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-11-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [351968 2019-11-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-11-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-10 21:15 - 2020-04-10 21:17 - 000022188 _____ C:\Users\qwert\Desktop\FRST.txt
2020-04-10 21:15 - 2020-04-10 21:16 - 000000000 ____D C:\FRST
2020-04-10 21:14 - 2020-04-10 21:14 - 002281472 _____ (Farbar) C:\Users\qwert\Desktop\FRST64.exe
2020-04-10 20:52 - 2020-04-10 20:52 - 000000000 ____D C:\Users\qwert\AppData\LocalLow\Adobe
2020-04-10 20:52 - 2020-04-10 20:52 - 000000000 ____D C:\Users\qwert\AppData\Local\Adobe
2020-04-10 20:51 - 2020-04-10 20:59 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2020-04-10 20:51 - 2020-04-10 20:51 - 000002096 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2020-04-10 20:51 - 2020-04-10 20:51 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-04-10 20:49 - 2020-04-10 20:57 - 000000000 ____D C:\ProgramData\Adobe
2020-04-10 20:42 - 2020-04-10 20:42 - 000050383 _____ C:\Users\qwert\Desktop\Vykaz_pece.pdf
2020-04-09 22:29 - 2020-04-09 22:29 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-04-09 22:29 - 2020-04-09 22:29 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-04-09 22:29 - 2020-04-09 22:29 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-04-09 22:29 - 2020-04-09 22:29 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-04-09 22:29 - 2020-04-09 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2020-04-09 22:28 - 2020-04-09 22:28 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2020-04-09 22:22 - 2020-04-09 22:29 - 000000000 ____D C:\Program Files\Microsoft Office
2020-04-09 22:22 - 2020-04-09 22:22 - 000000000 ____D C:\Program Files\Microsoft Office 15
2020-04-09 21:33 - 2020-04-09 21:33 - 000003636 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2020-04-09 20:59 - 2020-04-10 20:48 - 000000000 ____D C:\Users\qwert\AppData\Roaming\uTorrent
2020-04-09 20:59 - 2020-04-09 20:59 - 000000995 _____ C:\Users\qwert\Desktop\µTorrent.lnk
2020-04-09 20:59 - 2020-04-09 20:59 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2020-04-09 20:49 - 2020-04-09 20:49 - 000000017 _____ C:\Users\qwert\AppData\Local\resmon.resmoncfg
2020-04-09 20:41 - 2020-04-09 22:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-09 20:41 - 2020-04-09 20:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-04-09 16:17 - 2020-04-10 20:47 - 000000000 ____D C:\Users\qwert\Desktop\Torrent
2020-04-09 16:14 - 2020-04-09 20:43 - 000000000 ____D C:\Users\qwert\AppData\Local\BitTorrentHelper
2020-04-09 16:12 - 2020-04-09 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-04-09 16:11 - 2020-04-09 16:11 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Lavasoft
2020-04-09 16:11 - 2020-04-09 16:11 - 000000000 ____D C:\Users\qwert\AppData\Local\Lavasoft
2020-04-09 16:10 - 2020-04-09 16:10 - 000000000 ____D C:\ProgramData\Lavasoft
2020-04-09 16:10 - 2020-04-09 16:10 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-04-08 09:58 - 2020-04-08 09:58 - 000000000 ____D C:\Users\qwert\Documents\Zoom
2020-04-08 09:57 - 2020-04-08 09:58 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Zoom
2020-04-08 09:57 - 2020-04-08 09:57 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-03-11 20:21 - 2020-02-11 06:37 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-03-11 20:20 - 2020-02-11 06:48 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-10 21:18 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-10 21:15 - 2019-10-04 23:12 - 000000000 ____D C:\Users\qwert\AppData\LocalLow\Mozilla
2020-04-10 21:07 - 2019-10-08 18:28 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Seznam.cz
2020-04-10 21:02 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-10 21:01 - 2019-10-04 22:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-10 21:00 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-10 20:52 - 2019-10-04 23:04 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Adobe
2020-04-10 20:48 - 2019-10-08 17:29 - 000000000 ____D C:\Users\qwert\AppData\Local\CrashDumps
2020-04-10 20:31 - 2019-10-04 23:18 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-04-09 23:21 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-09 23:21 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-09 22:29 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-04-09 22:19 - 2019-10-04 23:38 - 000000000 ____D C:\Users\qwert\AppData\Local\D3DSCache
2020-04-09 22:18 - 2019-10-04 22:18 - 000299208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-09 22:16 - 2019-10-04 23:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-09 22:04 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-09 20:41 - 2019-10-04 23:12 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-04-09 19:47 - 2019-10-04 22:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-09 14:58 - 2019-10-04 22:45 - 001606102 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-09 14:58 - 2019-03-19 13:55 - 000683600 _____ C:\WINDOWS\system32\perfh005.dat
2020-04-09 14:58 - 2019-03-19 13:55 - 000137282 _____ C:\WINDOWS\system32\perfc005.dat
2020-04-08 09:51 - 2019-10-04 23:04 - 000000000 ____D C:\Users\qwert\AppData\Local\Packages
2020-04-08 00:21 - 2019-10-04 23:26 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-08 00:21 - 2019-10-04 23:26 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-07 19:41 - 2020-02-10 20:15 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2691251485-3647217419-1871296894-1001
2020-04-07 19:41 - 2019-10-08 21:00 - 000002242 _____ C:\WINDOWS\system32\Tasks\Synaptics TouchPad Enhancements
2020-04-07 19:41 - 2019-10-08 18:33 - 000003182 _____ C:\WINDOWS\system32\Tasks\klcp_update
2020-04-07 19:41 - 2019-10-04 23:24 - 000003402 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-07 19:41 - 2019-10-04 23:24 - 000003178 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-07 19:41 - 2019-10-04 23:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-03-22 20:46 - 2019-10-04 23:11 - 000000000 ___RD C:\Users\qwert\OneDrive
2020-03-22 20:46 - 2019-10-04 23:02 - 000002365 _____ C:\Users\qwert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-03-11 20:49 - 2019-10-11 18:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-03-11 20:46 - 2019-10-11 18:42 - 121542864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-03-11 20:09 - 2019-10-04 23:17 - 000458584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

==================== Files in the root of some directories ========

2020-04-09 20:49 - 2020-04-09 20:49 - 000000017 _____ () C:\Users\qwert\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-04-2020
Ran by Pavla (10-04-2020 21:18:58)
Running from C:\Users\qwert\Desktop
Windows 10 Home Version 1903 18362.418 (X64) (2019-10-04 20:45:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2691251485-3647217419-1871296894-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2691251485-3647217419-1871296894-503 - Limited - Disabled)
Guest (S-1-5-21-2691251485-3647217419-1871296894-501 - Limited - Disabled)
Pavla (S-1-5-21-2691251485-3647217419-1871296894-1001 - Administrator - Enabled) => C:\Users\qwert
WDAGUtilityAccount (S-1-5-21-2691251485-3647217419-1871296894-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.20) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.1.2397 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
K-Lite Codec Pack verze 1.5 (HKLM-x32\...\K-Lite Codec Pack_is1) (Version: 1.5 - )
K-Lite Mega Codec Pack 15.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.2.0 - KLCP)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Microsoft Office Standard 2019 - cs-cz (HKLM\...\Standard2019Retail - cs-cz) (Version: 16.0.11126.20188 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Mozilla Firefox 75.0 (x64 cs) (HKLM\...\Mozilla Firefox 75.0 (x64 cs)) (Version: 75.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
PlayDance verze 1.0.980 (HKLM-x32\...\{EC8642E4-7CE3-4379-9114-6E34DEF98D58}_is1) (Version: 1.0.980 - VISO SPORT s.r.o.)
Seznam Software (HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\SeznamInstall) (Version: 2.1.35 - Seznam.cz)
SilentSetup (HKLM-x32\...\{BA073B32-292B-424A-97E1-70C25CD1075F}) (Version: 1.0.0 - Default Company Name) Hidden
StepMania 5.1 (HKLM-x32\...\StepMania 5) (Version: 5.1.0 - StepMania)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.13 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Web Companion (HKLM-x32\...\{48700374-0ccf-4f7d-9821-6025c686db2e}) (Version: 4.10.2225.4082 - Lavasoft)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2691251485-3647217419-1871296894-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-08] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-25] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\qwert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StepMania 5\StepMania 5 Web Site.lnk -> hxxp://www.stepmania.com
ShortcutWithArgument: C:\Users\qwert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2017-03-28 19:24 - 2017-03-28 19:24 - 013122659 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\AcroForm.api
2017-03-28 19:24 - 2017-03-28 19:24 - 008277091 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Annots.api
2017-03-28 19:24 - 2017-03-28 19:24 - 001482339 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\DigSig.api
2017-03-28 19:24 - 2017-03-28 19:24 - 000110179 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\IA32.api
2017-03-28 19:24 - 2017-03-28 19:24 - 000446051 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\PDDom.api
2017-03-28 19:24 - 2017-03-28 19:24 - 007365219 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\PPKLite.api
2017-03-28 19:24 - 2017-03-28 19:24 - 000289379 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Spelling.api
2017-03-28 19:24 - 2017-03-28 19:24 - 000173155 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Updater.api
2012-09-23 20:43 - 2012-09-23 20:43 - 000227328 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\ccme_asym.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000379904 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\ccme_base.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000208384 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\ccme_base_non_fips.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000564736 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\ccme_ecc.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000471552 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\ccme_ecdrbg.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 000291328 _____ (RSA - The Security Division of EMC) [File not signed] C:\Program Files (x86)\Adobe\Reader 11.0\Reader\cryptocme.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\StartupApproved\Run: => "Web Companion"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9221F4E0-7F92-4F0A-87DB-5E4515E6E5AE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0A8BF083-1809-455F-AE23-FB8D29C41FC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{4B94D43F-8EE5-4E69-B95E-CF0F57BB1589}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [UDP Query User{CF4E148D-ABC4-4DE2-8CC0-CC0974021A6D}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [TCP Query User{D23499E9-2585-4AF8-9400-A029D4AD820C}C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe] => (Allow) C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe No File
FirewallRules: [UDP Query User{4D8A786A-FCE8-4019-AD9B-49A64C48CCE6}C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe] => (Allow) C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe No File
FirewallRules: [TCP Query User{8386B33F-CB03-41BE-8CCE-0C50A0B9A383}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe No File
FirewallRules: [UDP Query User{A030DC2F-CC2E-4299-80AE-232A46BAB750}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe No File
FirewallRules: [TCP Query User{E9AFAEAE-6978-48E7-9816-335A62BB01EB}C:\games\stepmania 5.1\program\stepmania.exe] => (Allow) C:\games\stepmania 5.1\program\stepmania.exe (StepMania Team hxxp://www.stepmania.com/) [File not signed]
FirewallRules: [UDP Query User{A7A5C449-6058-49A7-8AFA-0AFD234911D0}C:\games\stepmania 5.1\program\stepmania.exe] => (Allow) C:\games\stepmania 5.1\program\stepmania.exe (StepMania Team hxxp://www.stepmania.com/) [File not signed]
FirewallRules: [{BFF645DF-091C-45B3-B36F-FF5828BDE3D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{48A0C214-4316-4E9F-918B-0DB654C2CAE2}] => (Allow) C:\Users\qwert\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FE99AAD4-044A-4CDB-BAD5-7C442C550521}] => (Allow) C:\Users\qwert\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{B1881146-21B4-41C8-BB77-A37604FEB946}] => (Allow) C:\Users\qwert\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{497FE519-0C5E-4C97-AD94-1910D3767AAF}] => (Allow) C:\Users\qwert\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C271C0EB-0175-48A2-90CB-BE5C03FB947E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

26-03-2020 09:23:47 Windows Update
30-03-2020 23:45:07 Windows Update
03-04-2020 15:07:21 Windows Update
07-04-2020 19:39:19 Instalační služba modulů systému Windows
09-04-2020 14:41:19 Před změnami
10-04-2020 20:49:55 Installed Adobe Reader XI - Czech.

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/10/2020 09:00:12 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/10/2020 08:48:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.18362.1, časové razítko: 0x527faf7f
Kód výjimky: 0xc000041d
Posun chyby: 0x00004647
ID chybujícího procesu: 0x24cc
Čas spuštění chybující aplikace: 0x01d60f686ffb2378
Cesta k chybující aplikaci: C:\Users\qwert\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: d9db79d3-0791-4309-80a0-4441b13a955b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/09/2020 10:15:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Produkt: Office 16 Click-to-Run Extensibility Component - Chyba 25090 Office Setup encountered a problem with the Office Source Engine, system error: -2147024894.

Error: (04/09/2020 10:14:55 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Produkt: Office 16 Click-to-Run Extensibility Component - Chyba 25090 Office Setup encountered a problem with the Office Source Engine, system error: -2147024894.

Error: (04/09/2020 09:53:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OInstall.exe verze 6.5.2.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 8d8

Čas spuštění: 01d60ea528acf35d

Čas ukončení: 4294967295

Cesta k aplikaci: F:\OInstall.exe

ID hlášení: 6a70a0de-33ae-4c3f-8a0c-2534ac27341f

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (04/09/2020 09:27:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.18362.1, časové razítko: 0x527faf7f
Kód výjimky: 0xc000041d
Posun chyby: 0x00004647
ID chybujícího procesu: 0x137c
Čas spuštění chybující aplikace: 0x01d60ea11fb77a17
Cesta k chybující aplikaci: C:\Users\qwert\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: ed4d7a31-da5b-4d21-a353-246aca7f1311
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/09/2020 09:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.18362.1, časové razítko: 0x527faf7f
Kód výjimky: 0xc000041d
Posun chyby: 0x00004647
ID chybujícího procesu: 0x1604
Čas spuštění chybující aplikace: 0x01d60ea10ac29385
Cesta k chybující aplikaci: C:\Users\qwert\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: f9c1d888-2555-49c3-8a06-3bca1f939f98
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/09/2020 03:39:37 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, identifikátor PID: 3208, identifikátor PID ProfSvc: 1764.

System errors:
=============
Error: (04/09/2020 11:43:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f0988): 2020-03 Kumulativní aktualizace pro Windows 10 Version 1903 pro systémy typu x64 (KB4551762).

Error: (04/09/2020 11:11:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f0988): 2020-03 Kumulativní aktualizace pro Windows 10 Version 1903 pro systémy typu x64 (KB4551762).

Error: (04/09/2020 10:17:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba BcmBtRSupport neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (04/09/2020 10:17:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby BcmBtRSupport bylo dosaženo časového limitu (45000 ms).

Error: (04/09/2020 05:34:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (04/09/2020 05:03:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba WC Assistant přestala během spouštění reagovat.

Error: (04/09/2020 04:45:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f0988): Aktualizace funkcí na Windows 10, verze 1909.

Error: (04/09/2020 04:24:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f0988): 2020-03 Kumulativní aktualizace pro Windows 10 Version 1903 pro systémy typu x64 (KB4551762).

Windows Defender:
===================================
Date: 2020-04-09 22:19:47.670
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2207.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-04-09 22:19:47.670
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2207.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-04-09 22:19:47.670
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2207.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-04-09 22:19:47.660
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2207.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-04-09 22:19:47.659
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2207.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2020-04-10 21:11:19.056
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-10 21:11:19.056
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-10 21:11:19.014
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-10 21:11:19.012
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-10 21:11:13.355
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-10 21:11:13.332
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-10 21:11:09.749
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

Date: 2020-04-10 21:11:09.712
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO H9ET74WW(1.11) 06/26/2013
Motherboard: LENOVO 20206
Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 87%
Total physical RAM: 3677.61 MB
Available physical RAM: 455.61 MB
Total Virtual: 4829.61 MB
Available Virtual: 1535.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.14 GB) (Free:409.38 GB) NTFS

\\?\Volume{b28a33a8-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{b28a33a8-0000-0000-0000-704f74000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B28A33A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=531 MB) - (Type=27)

==================== End of Addition.txt =======================

#2 Příspěvek od **Conder** » 10 dub 2020 20:37

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

Uloz na plochu a ukonci vsetky programy
Spusti AdwCleaner ako spravca
Odsuhlas licencne podmienky
Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
V pripade nalezov nechaj vsetky nalezy oznacene a klikni na Karantena
Ak nebudu ziadne nalezy, klikni na
Pockaj na dokoncenie a potvrd restartovanie PC
Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
Otvori sa log, jeho obsah sem skopiruj

abdul99 · #3 Příspěvek od **abdul99** » 10 dub 2020 20:48

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-10-2020
# Duration: 00:00:15
# OS: Windows 10 Home
# Cleaned: 32
# Failed: 2

***** [ Services ] *****

Deleted WCAssistantService

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\qwert\AppData\Local\Lavasoft\WEBCOMPANION.EXE_URL_MRPQ523XMEO0CM2M0N5VJ25Z3NZKGEP4
Deleted C:\Users\qwert\AppData\Roaming\Lavasoft\Web Companion
Deleted C:\Users\qwert\AppData\Roaming\Seznam.cz
Not Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Not Deleted C:\ProgramData\Lavasoft\Web Companion

***** [ Files ] *****

Deleted C:\Users\qwert\AppData\Local\Temp\WebCompanion.zip
Deleted C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\n7w6w6xx.default-release\invalidprefs.js

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.autoupdate
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|cz.seznam.software.szndesktop
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SeznamInstall
Deleted HKCU\Software\Mozilla\NativeMessagingHosts\sznpp_nm
Deleted HKCU\Software\Seznam.cz
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|seznam-listicka-distribuce
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48700374-0ccf-4f7d-9821-6025c686db2e}|DisplayIcon
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48700374-0ccf-4f7d-9821-6025c686db2e}|DisplayName
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{48700374-0ccf-4f7d-9821-6025c686db2e}|UninstallString
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|seznam-listicka-distribuce
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

Deleted Seznam doplněk - Email - bgjpfhpjcgdppjbgnpnjllokbmcdllig
Deleted Seznam doplněk - Esko - olfeabkoenfaoljndfecamgilllcpiak

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5444 octets] - [10/04/2020 21:40:58]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

abdul99 · #4 Příspěvek od **abdul99** » 10 dub 2020 21:00

Spustil jsem ještě jednou...

# -------------------------------
# Malwarebytes AdwCleaner 8.0.4.0
# -------------------------------
# Build: 04-03-2020
# Database: 2020-04-08.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-10-2020
# Duration: 00:00:03
# OS: Windows 10 Home
# Cleaned: 2
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Lavasoft\Web Companion
Deleted C:\ProgramData\Lavasoft\Web Companion

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5444 octets] - [10/04/2020 21:40:58]
AdwCleaner[C00].txt - [4400 octets] - [10/04/2020 21:44:09]
AdwCleaner[S01].txt - [2261 octets] - [10/04/2020 21:54:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

#5 Příspěvek od **Conder** » 11 dub 2020 22:15

OK, poprosim o obidva nove logy z FRST.

abdul99 · #6 Příspěvek od **abdul99** » 12 dub 2020 07:57

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2020
Ran by Pavla (administrator) on PAVLA (LENOVO 20206) (12-04-2020 08:37:49)
Running from C:\Users\qwert\Desktop
Loaded Profiles: Pavla (Available Profiles: Pavla)
Platform: Windows 10 Home Version 1903 18362.418 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Avast Software s.r.o. -> Avast Software) C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\SysWOW64\Lenovo\PowerMgr\LEPToastLnc.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(LENOVO -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12624.20368.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [277664 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-08] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {090C3D72-3EF1-4350-AC25-B212B5434F18} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24257912 2018-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {20732F44-8D8C-4E2B-9B78-E31DCC98C415} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {21DA5575-B172-4D9B-87BD-816F3FF69A2A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [123168 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {32E9E4A3-F0EC-4430-B72A-4A098FE84FCC} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe [59776 2019-11-12] (Lenovo -> )
Task: {43E41327-5189-43B4-A484-D05BE26C64E4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24257912 2018-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {592B7FFC-E543-4DE6-AC46-B13D323525BE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3894664 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
Task: {63B9BBD2-2EDE-43C7-B5F3-3254104DD1EC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [123168 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {643E75A0-3A6F-4099-824D-13BC8A3E5FAE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3398344 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {6506636B-3396-4685-B382-EE754F66BB4A} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [113024 2019-11-12] (Lenovo -> Lenovo)
Task: {6675DB40-F70B-40FD-91D9-402289A3D6B5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2139424 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {692B98C6-92AB-4FD4-A4D8-E7E69BB5EB77} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2985712 2013-06-04] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {74DE811A-8609-4BB9-9989-29617017D00E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1660520 2020-02-28] (Avast Software s.r.o. -> Avast Software)
Task: {77C204AA-19D7-4F23-96E3-AE18DE1C7057} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3398344 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {C17FB5BD-DB30-4F93-B52E-1C09950BDAEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-04] (Google Inc -> Google Inc.)
Task: {CB456B82-033F-47CA-A77B-F1A59DC46C6D} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1724928 2019-10-03] () [File not signed]
Task: {D34231C4-C5A1-4522-BB07-733BE752AF82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-04] (Google Inc -> Google Inc.)
Task: {DB918ECC-DA12-44B6-9DD7-5C97B91F5389} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2139424 2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1C0D928-F5C1-471F-A78E-FFF9EE1590DA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{22fe71fb-3ccf-48d9-b0f6-ff63585ecff5}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\qwert\Downloads

FireFox:
========
FF DefaultProfile: 1unk4gnk.default
FF ProfilePath: C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default [2020-04-09]
FF Homepage: Mozilla\Firefox\Profiles\1unk4gnk.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF NewTab: Mozilla\Firefox\Profiles\1unk4gnk.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF Extension: (Seznam doplněk - Esko) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-12-05]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\sp@avast.com.xpi [2019-10-04]
FF Extension: (Seznam doplněk - Email) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-12-05]
FF ProfilePath: C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\n7w6w6xx.default-release [2020-04-10]
FF Homepage: Mozilla\Firefox\Profiles\n7w6w6xx.default-release -> seznam.cz
FF NewTab: Mozilla\Firefox\Profiles\n7w6w6xx.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF Extension: (SafeGuard) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\n7w6w6xx.default-release\Extensions\extension@safeguard.ws.xpi [2019-10-08]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\n7w6w6xx.default-release\Extensions\sp@avast.com.xpi [2020-04-07]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2691251485-3647217419-1871296894-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\qwert\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-08] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

Chrome:
=======
CHR Profile: C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default [2020-04-10]
CHR Notifications: Default -> hxxps://pushbesttools.com; hxxps://www.facebook.com; hxxps://www.nev-dama.cz; hxxps://www.tisknulevne.cz; hxxps://yepdownload.com
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/newTabSwitcher.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Seznam doplněk - Email) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2020-04-06]
CHR Extension: (Add links to change languages on Google™) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemleifbnibgnoifdjohpchdemidjibj [2020-04-08]
CHR Extension: (Dokumenty Google offline) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-08]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-08]
CHR Extension: (Seznam doplněk - Esko) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2020-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\qwert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
CHR HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6046624 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 Audiosrv; C:\WINDOWS\System32\Audiosrv.dll [1942528 2019-10-12] (Microsoft Windows -> Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [413472 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57536 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9619824 2018-12-26] (Microsoft Corporation -> Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation - pGFX -> Intel Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\NisSrv.exe [3201616 2019-11-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1910.4-0\MsMpEng.exe [103168 2019-11-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [37864 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [205576 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [271120 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [206608 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [64272 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16304 2020-02-25] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [279360 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42976 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175400 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110560 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84056 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [848672 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [458584 2020-03-11] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [235184 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [316256 2020-02-25] (Avast Software s.r.o. -> AVAST Software)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated -> Synaptics Incorporated)
R3 vm331avs; C:\WINDOWS\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-11-16] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [351968 2019-11-16] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2019-11-16] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-12 08:37 - 2020-04-12 08:41 - 000020088 _____ C:\Users\qwert\Desktop\FRST.txt
2020-04-12 08:37 - 2020-04-12 08:37 - 000000000 ____D C:\Users\qwert\Desktop\FRST-OlderVersion
2020-04-10 21:40 - 2020-04-10 21:43 - 000000000 ____D C:\AdwCleaner
2020-04-10 21:39 - 2020-04-10 21:39 - 008196784 _____ (Malwarebytes) C:\Users\qwert\Desktop\adwcleaner_8.0.4.exe
2020-04-10 21:15 - 2020-04-12 08:40 - 000000000 ____D C:\FRST
2020-04-10 21:14 - 2020-04-12 08:37 - 002281472 _____ (Farbar) C:\Users\qwert\Desktop\FRST64.exe
2020-04-10 20:52 - 2020-04-10 20:52 - 000000000 ____D C:\Users\qwert\AppData\LocalLow\Adobe
2020-04-10 20:52 - 2020-04-10 20:52 - 000000000 ____D C:\Users\qwert\AppData\Local\Adobe
2020-04-10 20:51 - 2020-04-10 20:59 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2020-04-10 20:51 - 2020-04-10 20:51 - 000000000 ____D C:\Program Files (x86)\Adobe
2020-04-10 20:49 - 2020-04-10 20:57 - 000000000 ____D C:\ProgramData\Adobe
2020-04-09 22:29 - 2020-04-09 22:29 - 000002511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-04-09 22:29 - 2020-04-09 22:29 - 000002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-04-09 22:29 - 2020-04-09 22:29 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-04-09 22:29 - 2020-04-09 22:29 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2020-04-09 22:29 - 2020-04-09 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nástroje Microsoft Office
2020-04-09 22:28 - 2020-04-09 22:28 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2020-04-09 22:22 - 2020-04-09 22:29 - 000000000 ____D C:\Program Files\Microsoft Office
2020-04-09 22:22 - 2020-04-09 22:22 - 000000000 ____D C:\Program Files\Microsoft Office 15
2020-04-09 21:33 - 2020-04-09 21:33 - 000003636 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2020-04-09 20:59 - 2020-04-10 20:48 - 000000000 ____D C:\Users\qwert\AppData\Roaming\uTorrent
2020-04-09 20:59 - 2020-04-09 20:59 - 000000995 _____ C:\Users\qwert\Desktop\µTorrent.lnk
2020-04-09 20:59 - 2020-04-09 20:59 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2020-04-09 20:49 - 2020-04-09 20:49 - 000000017 _____ C:\Users\qwert\AppData\Local\resmon.resmoncfg
2020-04-09 20:41 - 2020-04-09 22:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-04-09 20:41 - 2020-04-09 20:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2020-04-09 16:17 - 2020-04-10 20:47 - 000000000 ____D C:\Users\qwert\Desktop\Torrent
2020-04-09 16:14 - 2020-04-09 20:43 - 000000000 ____D C:\Users\qwert\AppData\Local\BitTorrentHelper
2020-04-09 16:12 - 2020-04-10 21:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-04-09 16:11 - 2020-04-10 21:44 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Lavasoft
2020-04-09 16:11 - 2020-04-10 21:44 - 000000000 ____D C:\Users\qwert\AppData\Local\Lavasoft
2020-04-09 16:10 - 2020-04-10 21:55 - 000000000 ____D C:\ProgramData\Lavasoft
2020-04-09 16:10 - 2020-04-10 21:55 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-04-08 09:58 - 2020-04-08 09:58 - 000000000 ____D C:\Users\qwert\Documents\Zoom
2020-04-08 09:57 - 2020-04-08 09:58 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Zoom
2020-04-08 09:57 - 2020-04-08 09:57 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-04-12 08:39 - 2019-10-04 23:18 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2020-04-10 22:02 - 2019-10-04 23:12 - 000000000 ____D C:\Users\qwert\AppData\LocalLow\Mozilla
2020-04-10 21:56 - 2019-10-04 22:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-10 21:56 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-10 21:55 - 2019-03-19 06:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-04-10 21:34 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-04-10 20:52 - 2019-10-04 23:04 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Adobe
2020-04-10 20:48 - 2019-10-08 17:29 - 000000000 ____D C:\Users\qwert\AppData\Local\CrashDumps
2020-04-09 23:21 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-04-09 23:21 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-04-09 22:29 - 2019-03-19 06:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-04-09 22:19 - 2019-10-04 23:38 - 000000000 ____D C:\Users\qwert\AppData\Local\D3DSCache
2020-04-09 22:18 - 2019-10-04 22:18 - 000299208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-04-09 22:16 - 2019-10-04 23:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-04-09 22:04 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-09 20:41 - 2019-10-04 23:12 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-04-09 19:47 - 2019-10-04 22:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-09 14:58 - 2019-10-04 22:45 - 001606102 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-04-09 14:58 - 2019-03-19 13:55 - 000683600 _____ C:\WINDOWS\system32\perfh005.dat
2020-04-09 14:58 - 2019-03-19 13:55 - 000137282 _____ C:\WINDOWS\system32\perfc005.dat
2020-04-08 09:51 - 2019-10-04 23:04 - 000000000 ____D C:\Users\qwert\AppData\Local\Packages
2020-04-08 00:21 - 2019-10-04 23:26 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-08 00:21 - 2019-10-04 23:26 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-07 19:41 - 2020-02-10 20:15 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2691251485-3647217419-1871296894-1001
2020-04-07 19:41 - 2019-10-08 21:00 - 000002242 _____ C:\WINDOWS\system32\Tasks\Synaptics TouchPad Enhancements
2020-04-07 19:41 - 2019-10-08 18:33 - 000003182 _____ C:\WINDOWS\system32\Tasks\klcp_update
2020-04-07 19:41 - 2019-10-04 23:24 - 000003402 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-04-07 19:41 - 2019-10-04 23:24 - 000003178 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-04-07 19:41 - 2019-10-04 23:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2020-03-22 20:46 - 2019-10-04 23:11 - 000000000 ___RD C:\Users\qwert\OneDrive
2020-03-22 20:46 - 2019-10-04 23:02 - 000002365 _____ C:\Users\qwert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories ========

2020-04-09 20:49 - 2020-04-09 20:49 - 000000017 _____ () C:\Users\qwert\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2020
Ran by Pavla (12-04-2020 08:43:05)
Running from C:\Users\qwert\Desktop
Windows 10 Home Version 1903 18362.418 (X64) (2019-10-04 20:45:29)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2691251485-3647217419-1871296894-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2691251485-3647217419-1871296894-503 - Limited - Disabled)
Guest (S-1-5-21-2691251485-3647217419-1871296894-501 - Limited - Disabled)
Pavla (S-1-5-21-2691251485-3647217419-1871296894-1001 - Administrator - Enabled) => C:\Users\qwert
WDAGUtilityAccount (S-1-5-21-2691251485-3647217419-1871296894-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.20) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.1.2397 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
K-Lite Codec Pack verze 1.5 (HKLM-x32\...\K-Lite Codec Pack_is1) (Version: 1.5 - )
K-Lite Mega Codec Pack 15.2.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.2.0 - KLCP)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.15.0414.1 - Vimicro)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Microsoft Office Standard 2019 - cs-cz (HKLM\...\Standard2019Retail - cs-cz) (Version: 16.0.11126.20188 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Mozilla Firefox 75.0 (x64 cs) (HKLM\...\Mozilla Firefox 75.0 (x64 cs)) (Version: 75.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.11126.20188 - Microsoft Corporation) Hidden
PlayDance verze 1.0.980 (HKLM-x32\...\{EC8642E4-7CE3-4379-9114-6E34DEF98D58}_is1) (Version: 1.0.980 - VISO SPORT s.r.o.)
SilentSetup (HKLM-x32\...\{BA073B32-292B-424A-97E1-70C25CD1075F}) (Version: 1.0.0 - Default Company Name) Hidden
StepMania 5.1 (HKLM-x32\...\StepMania 5) (Version: 5.1.0 - StepMania)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.13 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\ZoomUMX) (Version: 4.6 - Zoom Video Communications, Inc.)

Packages:
=========
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-08] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2691251485-3647217419-1871296894-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-02-25] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-08] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [311296 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-08] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284672 2018-01-28] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-25] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\qwert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StepMania 5\StepMania 5 Web Site.lnk -> hxxp://www.stepmania.com
ShortcutWithArgument: C:\Users\qwert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9221F4E0-7F92-4F0A-87DB-5E4515E6E5AE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0A8BF083-1809-455F-AE23-FB8D29C41FC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{4B94D43F-8EE5-4E69-B95E-CF0F57BB1589}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [UDP Query User{CF4E148D-ABC4-4DE2-8CC0-CC0974021A6D}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [TCP Query User{D23499E9-2585-4AF8-9400-A029D4AD820C}C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe] => (Allow) C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe No File
FirewallRules: [UDP Query User{4D8A786A-FCE8-4019-AD9B-49A64C48CCE6}C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe] => (Allow) C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe No File
FirewallRules: [TCP Query User{8386B33F-CB03-41BE-8CCE-0C50A0B9A383}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe No File
FirewallRules: [UDP Query User{A030DC2F-CC2E-4299-80AE-232A46BAB750}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe No File
FirewallRules: [TCP Query User{E9AFAEAE-6978-48E7-9816-335A62BB01EB}C:\games\stepmania 5.1\program\stepmania.exe] => (Allow) C:\games\stepmania 5.1\program\stepmania.exe (StepMania Team hxxp://www.stepmania.com/) [File not signed]
FirewallRules: [UDP Query User{A7A5C449-6058-49A7-8AFA-0AFD234911D0}C:\games\stepmania 5.1\program\stepmania.exe] => (Allow) C:\games\stepmania 5.1\program\stepmania.exe (StepMania Team hxxp://www.stepmania.com/) [File not signed]
FirewallRules: [{BFF645DF-091C-45B3-B36F-FF5828BDE3D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{48A0C214-4316-4E9F-918B-0DB654C2CAE2}] => (Allow) C:\Users\qwert\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{FE99AAD4-044A-4CDB-BAD5-7C442C550521}] => (Allow) C:\Users\qwert\AppData\Roaming\Zoom\bin\airhost.exe No File
FirewallRules: [{B1881146-21B4-41C8-BB77-A37604FEB946}] => (Allow) C:\Users\qwert\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{497FE519-0C5E-4C97-AD94-1910D3767AAF}] => (Allow) C:\Users\qwert\AppData\Roaming\uTorrent\uTorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C271C0EB-0175-48A2-90CB-BE5C03FB947E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

26-03-2020 09:23:47 Windows Update
30-03-2020 23:45:07 Windows Update
03-04-2020 15:07:21 Windows Update
07-04-2020 19:39:19 Instalační služba modulů systému Windows
09-04-2020 14:41:19 Před změnami
10-04-2020 20:49:55 Installed Adobe Reader XI - Czech.

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (04/10/2020 09:00:12 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (04/10/2020 08:48:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.18362.1, časové razítko: 0x527faf7f
Kód výjimky: 0xc000041d
Posun chyby: 0x00004647
ID chybujícího procesu: 0x24cc
Čas spuštění chybující aplikace: 0x01d60f686ffb2378
Cesta k chybující aplikaci: C:\Users\qwert\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: d9db79d3-0791-4309-80a0-4441b13a955b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/09/2020 10:15:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Produkt: Office 16 Click-to-Run Extensibility Component - Chyba 25090 Office Setup encountered a problem with the Office Source Engine, system error: -2147024894.

Error: (04/09/2020 10:14:55 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Produkt: Office 16 Click-to-Run Extensibility Component - Chyba 25090 Office Setup encountered a problem with the Office Source Engine, system error: -2147024894.

Error: (04/09/2020 09:53:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program OInstall.exe verze 6.5.2.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 8d8

Čas spuštění: 01d60ea528acf35d

Čas ukončení: 4294967295

Cesta k aplikaci: F:\OInstall.exe

ID hlášení: 6a70a0de-33ae-4c3f-8a0c-2534ac27341f

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (04/09/2020 09:27:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.18362.1, časové razítko: 0x527faf7f
Kód výjimky: 0xc000041d
Posun chyby: 0x00004647
ID chybujícího procesu: 0x137c
Čas spuštění chybující aplikace: 0x01d60ea11fb77a17
Cesta k chybující aplikaci: C:\Users\qwert\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: ed4d7a31-da5b-4d21-a353-246aca7f1311
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/09/2020 09:00:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.18362.1, časové razítko: 0x527faf7f
Kód výjimky: 0xc000041d
Posun chyby: 0x00004647
ID chybujícího procesu: 0x1604
Čas spuštění chybující aplikace: 0x01d60ea10ac29385
Cesta k chybující aplikaci: C:\Users\qwert\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: f9c1d888-2555-49c3-8a06-3bca1f939f98
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (04/09/2020 03:39:37 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, identifikátor PID: 3208, identifikátor PID ProfSvc: 1764.

System errors:
=============
Error: (04/12/2020 08:43:11 AM) (Source: DCOM) (EventID: 10010) (User: PAVLA)
Description: Server {0134A8B2-3407-4B45-AD25-E9F7C92A80BC} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/12/2020 08:41:11 AM) (Source: DCOM) (EventID: 10010) (User: PAVLA)
Description: Server {0134A8B2-3407-4B45-AD25-E9F7C92A80BC} se v daném časovém limitu neregistroval u služby DCOM.

Error: (04/10/2020 09:55:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (04/10/2020 09:55:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (04/10/2020 09:55:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Lenovo PM Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/10/2020 09:55:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\System32\bcmihvsrv64.dll

Error: (04/10/2020 09:55:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Bluetooth Driver Management Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/10/2020 09:55:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Windows Defender:
===================================
Date: 2020-04-09 22:19:47.670
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2207.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-04-09 22:19:47.670
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2207.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-04-09 22:19:47.670
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2207.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-04-09 22:19:47.660
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2207.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2020-04-09 22:19:47.659
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.2207.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2020-04-12 08:37:23.613
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-12 08:37:23.562
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-12 08:37:23.404
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-12 08:37:23.359
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-12 08:37:22.932
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-10 21:58:34.451
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-10 21:58:34.408
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-04-10 21:58:34.331
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO H9ET74WW(1.11) 06/26/2013
Motherboard: LENOVO 20206
Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 70%
Total physical RAM: 3677.61 MB
Available physical RAM: 1103.09 MB
Total Virtual: 4829.61 MB
Available Virtual: 2304.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.14 GB) (Free:408.53 GB) NTFS

\\?\Volume{b28a33a8-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{b28a33a8-0000-0000-0000-704f74000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B28A33A8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=531 MB) - (Type=27)

==================== End of Addition.txt =======================

#7 Příspěvek od **Conder** » 12 dub 2020 19:17

Otvor poznamkovy blok (Win+R -> notepad -> enter)

Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\WINDOWS\System32\Audiosrv.dll
CMD: type "C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask"
Folder: C:\Users\qwert\AppData\Local\BitTorrentHelper

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF Homepage: Mozilla\Firefox\Profiles\1unk4gnk.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF NewTab: Mozilla\Firefox\Profiles\1unk4gnk.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF Extension: (Seznam doplněk - Esko) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-12-05]
FF Extension: (Seznam doplněk - Email) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-12-05]
FF Homepage: Mozilla\Firefox\Profiles\n7w6w6xx.default-release -> seznam.cz
FF NewTab: Mozilla\Firefox\Profiles\n7w6w6xx.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
CHR NewTab: Default ->  Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/newTabSwitcher.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
S4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
2020-04-12 08:37 - 2020-04-12 08:37 - 000000000 ____D C:\Users\qwert\Desktop\FRST-OlderVersion
2020-04-09 16:12 - 2020-04-10 21:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-04-09 16:11 - 2020-04-10 21:44 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Lavasoft
2020-04-09 16:11 - 2020-04-10 21:44 - 000000000 ____D C:\Users\qwert\AppData\Local\Lavasoft
2020-04-09 16:10 - 2020-04-10 21:55 - 000000000 ____D C:\ProgramData\Lavasoft
2020-04-09 16:10 - 2020-04-10 21:55 - 000000000 ____D C:\Program Files (x86)\Lavasoft
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [TCP Query User{4B94D43F-8EE5-4E69-B95E-CF0F57BB1589}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [UDP Query User{CF4E148D-ABC4-4DE2-8CC0-CC0974021A6D}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [TCP Query User{D23499E9-2585-4AF8-9400-A029D4AD820C}C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe] => (Allow) C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe No File
FirewallRules: [UDP Query User{4D8A786A-FCE8-4019-AD9B-49A64C48CCE6}C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe] => (Allow) C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe No File
FirewallRules: [TCP Query User{8386B33F-CB03-41BE-8CCE-0C50A0B9A383}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe No File
FirewallRules: [UDP Query User{A030DC2F-CC2E-4299-80AE-232A46BAB750}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe No File
FirewallRules: [{FE99AAD4-044A-4CDB-BAD5-7C442C550521}] => (Allow) C:\Users\qwert\AppData\Roaming\Zoom\bin\airhost.exe No File

Hosts:
EmptyTemp:
End

Uloz na plochu s nazvom fixlist.txt
Spusti znovu FRST a klikni na Fix
Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

abdul99 · #8 Příspěvek od **abdul99** » 12 dub 2020 21:52

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-04-2020
Ran by Pavla (12-04-2020 22:42:11) Run:1
Running from C:\Users\qwert\Desktop
Loaded Profiles: Pavla (Available Profiles: Pavla)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
File: C:\WINDOWS\System32\Audiosrv.dll
CMD: type "C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask"
Folder: C:\Users\qwert\AppData\Local\BitTorrentHelper

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF Homepage: Mozilla\Firefox\Profiles\1unk4gnk.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF NewTab: Mozilla\Firefox\Profiles\1unk4gnk.default -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
FF Extension: (Seznam doplněk - Esko) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\sko-extension@firma.seznam.cz.xpi [2018-12-05]
FF Extension: (Seznam doplněk - Email) - C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi [2018-12-05]
FF Homepage: Mozilla\Firefox\Profiles\n7w6w6xx.default-release -> seznam.cz
FF NewTab: Mozilla\Firefox\Profiles\n7w6w6xx.default-release -> hxxps://securesearch.org/homepage?hp=2&pId=BT170603&iDate=2020-04-09 02:11:59&bName=
CHR NewTab: Default -> Not-active:"chrome-extension://olfeabkoenfaoljndfecamgilllcpiak/speeddial/newTabSwitcher.html"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E210CZ91105G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bgjpfhpjcgdppjbgnpnjllokbmcdllig]
CHR HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [olfeabkoenfaoljndfecamgilllcpiak]
S4 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
2020-04-12 08:37 - 2020-04-12 08:37 - 000000000 ____D C:\Users\qwert\Desktop\FRST-OlderVersion
2020-04-09 16:12 - 2020-04-10 21:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2020-04-09 16:11 - 2020-04-10 21:44 - 000000000 ____D C:\Users\qwert\AppData\Roaming\Lavasoft
2020-04-09 16:11 - 2020-04-10 21:44 - 000000000 ____D C:\Users\qwert\AppData\Local\Lavasoft
2020-04-09 16:10 - 2020-04-10 21:55 - 000000000 ____D C:\ProgramData\Lavasoft
2020-04-09 16:10 - 2020-04-10 21:55 - 000000000 ____D C:\Program Files (x86)\Lavasoft
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{4B94D43F-8EE5-4E69-B95E-CF0F57BB1589}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [UDP Query User{CF4E148D-ABC4-4DE2-8CC0-CC0974021A6D}C:\windows\temp\files\bin\kmss.exe] => (Allow) C:\windows\temp\files\bin\kmss.exe No File
FirewallRules: [TCP Query User{D23499E9-2585-4AF8-9400-A029D4AD820C}C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe] => (Allow) C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe No File
FirewallRules: [UDP Query User{4D8A786A-FCE8-4019-AD9B-49A64C48CCE6}C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe] => (Allow) C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe No File
FirewallRules: [TCP Query User{8386B33F-CB03-41BE-8CCE-0C50A0B9A383}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe No File
FirewallRules: [UDP Query User{A030DC2F-CC2E-4299-80AE-232A46BAB750}C:\games\stepmania 5\program\stepmania.exe] => (Allow) C:\games\stepmania 5\program\stepmania.exe No File
FirewallRules: [{FE99AAD4-044A-4CDB-BAD5-7C442C550521}] => (Allow) C:\Users\qwert\AppData\Roaming\Zoom\bin\airhost.exe No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========

Count : 9
Average :
Sum : 5118745282
Maximum :
Minimum :
Property : Length

========= End of Powershell: =========

========================= File: C:\WINDOWS\System32\Audiosrv.dll ========================

C:\WINDOWS\System32\Audiosrv.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.18362.418.cat
File is digitally signed
MD5: 49C72048514FDFB769C7CAD57CB304C9
Creation and modification date: 2019-10-12 07:34 - 2019-10-12 07:34
Size: 001942528
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: audiosrv.dll
Original Name: audiosrv.dll
Product: Microsoft® Windows® Operating System
Description: Windows Audio Service
File Version: 10.0.18362.387 (WinBuild.160101.0800)
Product Version: 10.0.18362.387
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: https://www.virustotal.com/file/1777a3f ... 579170889/

====== End of File: ======

========= type "C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask" =========

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Author>ExplorerShellUnelevated</Author>
<URI>\CreateExplorerShellUnelevatedTask</URI>
</RegistrationInfo>
<Triggers>
<RegistrationTrigger id="CreateExplorerShell_Trigger">
<Enabled>true</Enabled>
<Delay>PT0S</Delay>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>true</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
<UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>6</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\explorer.exe</Command>
<Arguments>/NOUACCHECK</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PAVLA\Pavla</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>
========= End of CMD: =========

========================= Folder: C:\Users\qwert\AppData\Local\BitTorrentHelper ========================

2020-04-09 16:14 - 2020-04-09 20:43 - 000073728 ____A [0B3B5B2EA405C9731B49B681CA5F1472] () C:\Users\qwert\AppData\Local\BitTorrentHelper\ledger.bt.co.btdb
2020-04-09 16:14 - 2020-04-09 16:14 - 000000072 ____A [56A8FF4B8D0372371CB6FD26A83A58CC] () C:\Users\qwert\AppData\Local\BitTorrentHelper\ledger.bt.co.btdb.key
2020-04-09 16:14 - 2020-04-09 16:14 - 000000262 ____A [4DDD6A458FAE33A2768337EA5B7A227B] () C:\Users\qwert\AppData\Local\BitTorrentHelper\ledger.bt.co.btdb.passwd
2020-04-09 16:14 - 2020-04-09 16:14 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\qwert\AppData\Local\BitTorrentHelper\ledger.bt.co.lock
2020-04-09 16:14 - 2020-04-09 20:48 - 000006188 ____A [4F46EC27E01AA689846CAAF2A966A54C] () C:\Users\qwert\AppData\Local\BitTorrentHelper\wallet.log
2020-04-09 16:14 - 2020-04-09 16:14 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\qwert\AppData\Local\BitTorrentHelper\crashdumps
2020-04-09 16:14 - 2020-04-09 16:14 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\qwert\AppData\Local\BitTorrentHelper\crashdumps\534

====== End of Folder: ======

HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\sko-extension@firma.seznam.cz.xpi => moved successfully
C:\Users\qwert\AppData\Roaming\Mozilla\Firefox\Profiles\1unk4gnk.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}.xpi => moved successfully
"Firefox homepage" => removed successfully
"Firefox newtab" => removed successfully
"Chrome NewTab" => removed successfully
"Chrome DefaultSearchURL" => removed successfully
"Chrome DefaultSearchKeyword" => removed successfully
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\SOFTWARE\Google\Chrome\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig => removed successfully
HKU\S-1-5-21-2691251485-3647217419-1871296894-1001\SOFTWARE\Google\Chrome\Extensions\olfeabkoenfaoljndfecamgilllcpiak => removed successfully
HKLM\System\CurrentControlSet\Services\NMIndexingService => removed successfully
NMIndexingService => service removed successfully
"C:\Users\qwert\Desktop\FRST-OlderVersion" => not found
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
C:\Users\qwert\AppData\Roaming\Lavasoft => moved successfully
C:\Users\qwert\AppData\Local\Lavasoft => moved successfully
C:\ProgramData\Lavasoft => moved successfully
C:\Program Files (x86)\Lavasoft => moved successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4B94D43F-8EE5-4E69-B95E-CF0F57BB1589}C:\windows\temp\files\bin\kmss.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CF4E148D-ABC4-4DE2-8CC0-CC0974021A6D}C:\windows\temp\files\bin\kmss.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D23499E9-2585-4AF8-9400-A029D4AD820C}C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4D8A786A-FCE8-4019-AD9B-49A64C48CCE6}C:\program files (x86)\stepmania\stepmania 5\program\stepmania.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8386B33F-CB03-41BE-8CCE-0C50A0B9A383}C:\games\stepmania 5\program\stepmania.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A030DC2F-CC2E-4299-80AE-232A46BAB750}C:\games\stepmania 5\program\stepmania.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE99AAD4-044A-4CDB-BAD5-7C442C550521}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 323319834 B
Java, Flash, Steam htmlcache => 1453 B
Windows/system/drivers => 42945071 B
Edge => 2129465 B
Chrome => 480248260 B
Firefox => 448091323 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 141026 B
NetworkService => 5214298 B
qwert => 57202410 B

RecycleBin => 336706925 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End 1 Fixlog 22:45:46 ====

#9 Příspěvek od **Conder** » 13 dub 2020 23:21

Plocha ma cca 4 GB, co je vela. Odporucam presunut vsetky subory a zlozky z plochy do dokumentov a na ploche nechat iba odkazy/zastupcov. Prilis velka velkost plochy moze sposobit spomalenie systemu.

Ako to vyzera s PC? Nastala nejaka zmena?

VIRY.CZ

Moc prosím o kontrolu, pomalý zasekaný ntb

Moc prosím o kontrolu, pomalý zasekaný ntb

Re: Moc prosím o kontrolu, pomalý zasekaný ntb

Re: Moc prosím o kontrolu, pomalý zasekaný ntb

Re: Moc prosím o kontrolu, pomalý zasekaný ntb

Re: Moc prosím o kontrolu, pomalý zasekaný ntb

Re: Moc prosím o kontrolu, pomalý zasekaný ntb

Re: Moc prosím o kontrolu, pomalý zasekaný ntb

Re: Moc prosím o kontrolu, pomalý zasekaný ntb

Re: Moc prosím o kontrolu, pomalý zasekaný ntb