kontrola logu

Zpráva

bostik · #1 Příspěvek od **bostik** » 23 lis 2020 18:01

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2020 01
Ran by Petr (administrator) on PETR-NOTEBOOK (Dell Inc. Latitude E6400) (23-11-2020 17:48:48)
Running from C:\Users\Petr\Downloads
Loaded Profiles: Petr
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Čeština (Česká republika)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_20_0_0_228_ActiveX.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <20>
(Henry++) [File not signed] C:\Program Files\Mem Reduct\memreduct.exe
(Huawei Software Technologies Co., LTD. -> ) [File not signed] C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(Trend Micro Inc.) [File not signed] C:\Users\Petr\Downloads\hijackthis.exe
(UPEK Inc. -> UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Windows NT x86\Print Processors\HP1006S: C:\Windows\System32\spool\prtprocs\W32X86\HP1006S.DLL [293888 2010-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\...\Print\Monitors\HP LaserJet P1006 Language Monitor: C:\Windows\system32\HP1006LM.DLL [286720 2010-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [101256 2015-12-21] (pdfforge GmbH -> pdfforge GmbH)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-11] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{18CBEEAA-6708-41A1-9379-D08915333CF2}] -> C:\Program Files\Common Files\SPBA\provider.dll [2010-09-15] (UPEK Inc. -> UPEK Inc.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{AE583D93-8D1B-424F-9858-5623FB7824EE}] -> C:\Program Files\Common Files\SPBA\provider.dll [2010-09-15] (UPEK Inc. -> UPEK Inc.)
SubSystems: [Windows] => "%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION
Startup: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-03-14] ()
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-839381056-1275580244-2287400433-1006\User: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CF364B1-3C5A-4E4C-989F-C00B115B8E6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-14] (Google Inc -> Google Inc.)
Task: {1E698F65-9561-4F9A-87E8-0AFF29CBEF68} - \DNSROSEVILLE -> No File <==== ATTENTION
Task: {51C8B1DD-31BD-4A35-9F71-4EF276089673} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {622BEA46-D51B-439D-A16C-A1133439078D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-14] (Google Inc -> Google Inc.)
Task: {6389884D-5C22-4F17-A26D-9E37F49325CD} - System32\Tasks\{7BFB58D6-E0EC-4EB2-B84E-A3FA49014863} => C:\Windows\system32\pcalua.exe -a C:\Dell\Drivers\6Y74K\setup.exe -d C:\Dell\Drivers\6Y74K
Task: {6A91EA4E-6C40-45F9-876C-8ABB40B6A039} - System32\Tasks\syncversion\{47DE2FD4-4559-DAD6-D428-4913EC8AE76E} => C:\Program Files\Common Files\47de2fd44559dad6d4284913ec8ae76e\syncversion.exe [1971712 2013-05-05] () [File not signed]
Task: {7B3D845B-E208-4D19-9D9A-86E8C62DE592} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1499240 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {7B4439E7-229A-4DCD-B441-B156158AE017} - \{0C080B47-0908-050B-0411-0D0F09791104} -> No File <==== ATTENTION
Task: {A2BA7932-D545-446D-AE66-DBBEFF6B1393} - System32\Tasks\{5F4F0B12-56CC-042B-CCB2-87AFAFC25066} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\8bf37759\a4f3e19a.dll" <==== ATTENTION
Task: {CB903392-01F5-40D4-B2DA-F06E1C4A7064} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-PETR-NOTEBOOK => C:\Windows\ehome\McxTask.exe [33792 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Task: {DAFC5F3F-D91B-4E03-A2B4-6869DA1CAEEE} - System32\Tasks\{FC290BA5-F0CB-4436-BA05-B997A5DDC893} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 web.whatsapp.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0610427F-2DB3-4213-9713-E36428D0BBBA}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{C5DB2AEF-A760-47F1-93E5-AEF24902472C}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2020-11-23]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Prezentace) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-06]
CHR Extension: (Dokumenty) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-06]
CHR Extension: (Disk Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-18]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-14]
CHR Extension: (eShield) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp [2017-07-14]
CHR Extension: (Tabulky) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-04]
CHR HKLM\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2017-07-26] (Huawei Software Technologies Co., LTD. -> ) [File not signed]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-05] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [15360 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2016-02-20] (Dell Inc. -> Dell Inc)
S3 usbser; C:\Windows\System32\DRIVERS\USBSER.sys [28160 2017-07-26] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\Users\Petr\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-23 17:50 - 2020-11-23 17:51 - 030469496 _____ (Piriform Software Ltd) C:\Users\Petr\Downloads\ccsetup574.exe
2020-11-23 17:49 - 2020-11-23 17:50 - 000388608 _____ (Trend Micro Inc.) C:\Users\Petr\Downloads\hijackthis (2).exe
2020-11-23 17:48 - 2020-11-23 17:51 - 000010634 _____ C:\Users\Petr\Downloads\FRST.txt
2020-11-23 17:47 - 2020-11-23 17:47 - 002010112 _____ (Farbar) C:\Users\Petr\Downloads\Nepotvrzeno 53870.crdownload
2020-11-23 17:47 - 2020-11-23 17:47 - 002010112 _____ (Farbar) C:\Users\Petr\Downloads\FRST (1).exe
2020-11-23 17:39 - 2020-11-23 17:39 - 000388608 _____ (Trend Micro Inc.) C:\Users\Petr\Downloads\hijackthis (1).exe
2020-11-23 17:38 - 2020-11-23 17:38 - 000388608 _____ (Trend Micro Inc.) C:\Users\Petr\Downloads\hijackthis.exe
2020-11-23 17:31 - 2020-11-23 17:34 - 000081920 _____ C:\Users\Petr\Downloads\Nepotvrzeno 539162.crdownload
2020-11-23 16:31 - 2020-11-23 16:31 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Henry++
2020-11-23 16:30 - 2020-11-23 16:30 - 000000984 _____ C:\Users\Petr\Desktop\Mem Reduct.lnk
2020-11-23 16:30 - 2020-11-23 16:30 - 000000000 ____D C:\Program Files\Mem Reduct
2020-11-23 16:29 - 2020-11-23 16:29 - 000366370 _____ C:\Users\Petr\Downloads\memreduct-3.3.5-setup.exe
2020-11-19 18:53 - 2020-11-19 18:53 - 000000000 ____D C:\Users\Verunka\Desktop\tajný
2020-11-18 14:50 - 2020-11-18 14:50 - 000000000 ____D C:\Users\Verunka\Desktop\škola
2020-11-18 14:50 - 2020-11-18 14:50 - 000000000 ____D C:\Users\Verunka\Desktop\ostatní
2020-11-18 14:49 - 2020-11-18 14:49 - 000000000 ____D C:\Users\Verunka\Desktop\tapety
2020-11-18 14:48 - 2020-11-18 15:03 - 000000000 ____D C:\Users\Verunka\Desktop\wattpad
2020-11-18 14:48 - 2020-11-18 14:49 - 000000000 ____D C:\Users\Verunka\Desktop\kreslení
2020-11-16 11:09 - 2020-11-16 11:09 - 000062689 _____ C:\Users\Verunka\Documents\srdce.xps
2020-11-08 20:25 - 2020-11-08 20:26 - 003143168 _____ C:\Users\Verunka\Downloads\6a.avi
2020-11-05 19:36 - 2020-11-05 19:37 - 000209861 _____ C:\Users\Verunka\Downloads\1.-Vnitrni-energie-telesa.ppsx
2020-11-05 09:10 - 2020-11-05 09:10 - 000071154 _____ C:\Users\Petr\Desktop\edika-kone-omalovanky.htm
2020-11-02 23:06 - 2020-11-02 23:06 - 000000644 __RSH C:\Users\Petr\ntuser.pol
2020-11-02 23:03 - 2020-11-02 23:03 - 000269672 _____ (WinTools.Info) C:\Users\Verunka\Downloads\urlblocker.exe
2020-11-02 22:41 - 2020-11-02 22:43 - 000001260 __RSH C:\Users\Verunka\ntuser.pol

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-23 17:49 - 2016-03-16 20:34 - 000000000 ____D C:\FRST
2020-11-23 17:35 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2020-11-23 17:10 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2020-11-23 17:01 - 2015-09-28 12:24 - 000000000 ____D C:\Windows\system32\appmgmt
2020-11-23 16:47 - 2016-02-20 16:58 - 000000000 ____D C:\Users\Petr\AppData\Local\Deployment
2020-11-23 16:46 - 2019-10-27 04:31 - 000000000 ____D C:\ProgramData\Garmin
2020-11-23 16:46 - 2015-11-28 08:06 - 000000000 ____D C:\ProgramData\Package Cache
2020-11-23 16:39 - 2016-03-16 19:09 - 000007603 _____ C:\Users\Petr\AppData\Local\Resmon.ResmonCfg
2020-11-23 16:24 - 2009-07-14 05:34 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-11-23 16:24 - 2009-07-14 05:34 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-11-16 10:08 - 2011-04-12 02:37 - 000677070 _____ C:\Windows\system32\perfh005.dat
2020-11-16 10:08 - 2011-04-12 02:37 - 000145956 _____ C:\Windows\system32\perfc005.dat
2020-11-16 10:08 - 2010-11-20 22:01 - 001609484 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-16 10:03 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-11 22:46 - 2017-07-14 13:01 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-11 22:46 - 2017-07-14 13:01 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-11 22:46 - 2017-07-14 13:01 - 000002129 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-04 12:34 - 2016-02-02 21:02 - 000000374 __RSH C:\ProgramData\ntuser.pol
2020-11-02 23:06 - 2015-09-26 00:38 - 000000000 ____D C:\Users\Petr
2020-11-02 22:43 - 2020-01-05 16:36 - 000000000 ____D C:\Users\Verunka
2020-11-02 22:41 - 2009-07-14 03:37 - 000000000 ___HD C:\Windows\system32\GroupPolicyUsers

==================== Files in the root of some directories ========

2015-12-30 00:09 - 2015-12-30 00:09 - 000000002 _____ () C:\Users\Petr\AppData\Roaming\Data.txt
2015-12-30 00:08 - 2015-12-30 00:08 - 000367616 _____ () C:\Users\Petr\AppData\Roaming\PassLog.exe
2019-08-11 23:21 - 2020-09-19 23:21 - 000000285 _____ () C:\Users\Petr\AppData\Roaming\WB.CFG
2016-02-02 20:46 - 2016-02-02 20:46 - 000003584 _____ () C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-16 19:09 - 2020-11-23 16:39 - 000007603 _____ () C:\Users\Petr\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-11-23 00:04
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-11-2020 01
Ran by Petr (23-11-2020 17:52:30)
Running from C:\Users\Petr\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2015-09-25 23:38:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-839381056-1275580244-2287400433-500 - Administrator - Disabled)
ASPNET (S-1-5-21-839381056-1275580244-2287400433-1004 - Limited - Enabled)
Guest (S-1-5-21-839381056-1275580244-2287400433-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-839381056-1275580244-2287400433-1002 - Limited - Enabled)
Mcx1-PETR-NOTEBOOK (S-1-5-21-839381056-1275580244-2287400433-1005 - Limited - Enabled) => C:\Users\Mcx1-PETR-NOTEBOOK
Petr (S-1-5-21-839381056-1275580244-2287400433-1000 - Administrator - Enabled) => C:\Users\Petr
Verunka (S-1-5-21-839381056-1275580244-2287400433-1006 - Limited - Enabled) => C:\Users\Verunka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Any Video Converter 6.3.3 (HKLM\...\Any Video Converter) (Version: 6.3.3 - Anvsoft)
Balíček ovladače systému Windows - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
BioAPI Framework (HKLM\...\{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}) (Version: 1.0.2 - Dell Inc.) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.008 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Gemalto (HKLM\...\{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}) (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
HiSuite (HKLM\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version: - )
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Název společnosti:)
Chromium (HKLM\...\{1B87F347-4B07-22C7-FA87-52472A0781C7}) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
K-Lite Mega Codec Pack 5.0.5 (HKLM\...\KLiteCodecPack_is1) (Version: 5.0.5 - )
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.2.2.29 - PandoraTV)
Mem Reduct (HKLM\...\memreduct) (Version: 3.3.5 - Henry++)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 CSY Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
NTRU TCG Software Stack (HKLM\...\{E9A97832-83B6-42B6-BAC6-492E344C2561}) (Version: 2.1.37 - Security Innovation, Inc.) Hidden
OpenOffice 4.1.2 (HKLM\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
PC-CCID (HKLM\...\{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}) (Version: 2.0.0 - Gemalto) Hidden
PhotoMizer (HKLM\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.10.0110 - Engelmann Media GmbH)
SPBA 5.9 (HKLM\...\{2EECD5EF-5095-467C-B80C-4AB3096EFD60}) (Version: 5.9.4.6901 - UPEK Inc.) Hidden
Upek Touchchip Fingerprint Reader (HKLM\...\{4E60E212-3177-4B16-BCB3-616CCC52357D}) (Version: 1.2.004 - Dell Inc.) Hidden
WinRAR 5.30 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.DIVX] => C:\Windows\system32\divx.dll [685056 2009-05-01] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [205824 2009-05-29] () [File not signed]
HKLM\...\Drivers32: [VIDC.YV12] => C:\Windows\system32\yv12vfw.dll [217088 2004-01-25] (www.helixcommunity.org) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [118784 2007-09-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\system32\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [85504 2009-06-02] () [File not signed]
HKLM\...\Drivers32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online File Converter.lnk -> C:\Program Files\Office-Converter.com\Office-Converter.com\OfficeLink.exe () -> hxxp://www.office-converter.com/

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Petr\Desktop\Hasici1.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici2.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-839381056-1275580244-2287400433-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-839381056-1275580244-2287400433-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10454__190513
SearchScopes: HKU\S-1-5-21-839381056-1275580244-2287400433-1000 -> {9662E2B8-BB32-4E52-84AB-5DFA518B84DE} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
SearchScopes: HKU\S-1-5-21-839381056-1275580244-2287400433-1000 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2020-11-02 23:05 - 000000029 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 web.whatsapp.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-839381056-1275580244-2287400433-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Chromium => "c:\users\petr\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: GarminExpress => "C:\Program Files\Garmin\Express\express.exe" /minimized
MSCONFIG\startupreg: GoogleChromeAutoLaunch_99DE362BF37F05AF23B8D5CFF8AAB751 => "C:\Users\Petr\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: Web Companion => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0AA6254A-8CE0-4AC2-A91B-92103294E5E7}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{E7949153-708E-445A-A555-BC0DD57B2C6D}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{A07D5876-D79F-4FB7-8869-2B0467414410}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{A6C56BD4-17CF-4D80-AA38-E5DA3797DD4B}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [TCP Query User{4CBE6047-EFA1-41C1-AB69-725E0DD2411B}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A819E4E4-C225-4073-8EE0-4C18A63A448E}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{30583CDB-7A9A-430A-B5FD-EE10F955F108}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2F44B279-5B22-48A1-92D8-4A2B5C94A578}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E94D7A2F-F2B0-4DD7-A08D-2A15E2ADDE87}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B5B44F78-A1DE-4A74-8034-6BB5C71EFC9E}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2A5C1192-18B8-40B5-A05F-2D6D9DACAF46}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DF0589A2-0A5F-42AB-884C-AE46A6C66E1D}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [{0722AB35-9C71-433C-BB51-C0C82E04616D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{C56CDEF6-AF92-4EC8-986B-FF573358434E}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
FirewallRules: [{7E0075D5-2CD2-4F5F-A127-191CE4C68617}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
FirewallRules: [{D6B5D052-DA5F-43F4-B82A-31563BF0ADE1}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{681848F3-5CCE-44F2-9515-EEB2996788B9}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{CE374F82-C4CB-4896-AD4D-A6F64787C3C4}] => (Allow) C:\Users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{7FE9E3CC-E83A-4375-AFE5-FD8B9F800BE4}] => (Allow) C:\Users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{E0C8D9FB-314B-4692-BADD-4853F5B8E208}] => (Allow) C:\Users\Petr\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{4DA342E2-793A-4340-9803-BE7698F47EF3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED5FC25C-90CA-49A6-976A-2B8CBD7E83B4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

06-11-2020 00:00:07 Naplánovaný kontrolní bod
14-11-2020 00:00:07 Naplánovaný kontrolní bod
21-11-2020 12:08:25 Naplánovaný kontrolní bod
23-11-2020 16:45:18 Garmin Express
23-11-2020 17:01:17 Removed MrvlUsgTracking
23-11-2020 17:01:41 Removed MrvlUsgTracking

==================== Faulty Device Manager Devices ============

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (11/23/2020 05:57:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/23/2020 05:57:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/23/2020 05:56:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/23/2020 05:56:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/23/2020 05:50:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/23/2020 05:50:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/23/2020 05:50:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/23/2020 05:49:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

System errors:
=============
Error: (11/23/2020 05:26:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (11/23/2020 05:26:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (11/23/2020 05:26:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (11/23/2020 05:20:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (11/23/2020 05:20:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (11/23/2020 05:20:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (11/23/2020 05:19:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (11/23/2020 05:19:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Windows Defender:
===================================
Date: 2018-01-22 03:50:37.259
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... atid=92596
Název:TrojanDownloader:Win32/Small.gen!I
ID:92596
Závažnost:Vážné
Kategorie:Trojský stahovací program
Nalezeno v cestě:autoruninf:D:\autorun.inf|shellexecute;autoruninf:D:\autorun.inf|shellverb;containerfile:D:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\systel.exe;file:D:\autorun.inf;file:D:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\systel.exe->(UPX)
Typ zjišťování:Obecný
Zdroj zjišťování:Systém
Stav:Neznámý
Uživatel:NT AUTHORITY\NETWORK SERVICE
Název procesu:c:\program files\windows defender\MpCmdRun.exe

Date: 2016-03-16 19:31:17.743
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... atid=92596
Název:TrojanDownloader:Win32/Small.gen!I
ID:92596
Závažnost:Vážné
Kategorie:Trojský stahovací program
Nalezeno v cestě:containerfile:C:\Users\Petr\AppData\Roaming\install\systel.exe;file:C:\Users\Petr\AppData\Roaming\install\systel.exe->(UPX);process:pid:5248
Typ zjišťování:Obecný
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2016-03-16 19:30:26.138
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... atid=92596
Název:TrojanDownloader:Win32/Small.gen!I
ID:92596
Závažnost:Vážné
Kategorie:Trojský stahovací program
Nalezeno v cestě:containerfile:C:\Users\Petr\AppData\Roaming\install\systel.exe;file:C:\Users\Petr\AppData\Roaming\install\systel.exe->(UPX);process:pid:5584;regkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU;runkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU
Typ zjišťování:Obecný
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2016-03-16 19:29:23.535
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... atid=92596
Název:TrojanDownloader:Win32/Small.gen!I
ID:92596
Závažnost:Vážné
Kategorie:Trojský stahovací program
Nalezeno v cestě:containerfile:C:\Users\Petr\AppData\Roaming\install\systel.exe;file:C:\Users\Petr\AppData\Roaming\install\systel.exe->(UPX);process:pid:5584
Typ zjišťování:Obecný
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2016-03-13 08:58:29.030
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... atid=92596
Název:TrojanDownloader:Win32/Small.gen!I
ID:92596
Závažnost:Vážné
Kategorie:Trojský stahovací program
Nalezeno v cestě:containerfile:C:\Users\Petr\AppData\Roaming\install\systel.exe;file:C:\Users\Petr\AppData\Roaming\install\systel.exe->(UPX);regkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU;runkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU
Typ zjišťování:Obecný
Zdroj zjišťování:Systém
Stav:Neznámý
Uživatel:NT AUTHORITY\NETWORK SERVICE
Název procesu:c:\program files\windows defender\MpCmdRun.exe

CodeIntegrity:
===================================

Date: 2019-05-13 18:46:05.635
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.6.997.11652\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Dell Inc. A34 06/04/2013
Motherboard: Dell Inc. 0W620R
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 93%
Total physical RAM: 1999.9 MB
Available physical RAM: 133.3 MB
Total Virtual: 4740.68 MB
Available Virtual: 1208.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:7.73 GB) NTFS

\\?\Volume{fdebbcbc-63dc-11e5-a575-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 3CE66DB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

#2 Příspěvek od **Rudy** » 23 lis 2020 18:14

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

bostik · #3 Příspěvek od **bostik** » 24 lis 2020 16:12

: printscreen.jpg (26.2 KiB) Zobrazeno 818 x

ja tam zadne clean nad repair nevidim..

bostik · #4 Příspěvek od **bostik** » 24 lis 2020 16:14

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-23-2020
# Duration: 00:00:24
# OS: Windows 7 Professional
# Scanned: 31920
# Detected: 22

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic C:\ProgramData\2B619CB9-5A35-0
PUP.Adware.Heuristic C:\ProgramData\2B619CB9-6CE5-1
PUP.Optional.BitCoinMiner C:\Users\Petr\AppData\Local\minergate
PUP.Optional.Perion C:\Program Files\COMMON FILES\47DE2FD44559DAD6D4284913EC8AE76E
PUP.Optional.TidyNetwork.A C:\Users\Petr\AppData\Local\TNT2

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.DNSUnlocker HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
PUP.Optional.InstallCore HKCU\Software\csastats
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
PUP.Optional.Legacy HKLM\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
PUP.Optional.Legacy HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Web Companion
PUP.Optional.OneSystemCare HKCU\Software\One System Care
PUP.Optional.ProductSetup.A HKCU\Software\PRODUCTSETUP
PUP.Optional.TidyNetwork HKCU\Software\TNT2
PUP.Optional.TidyNetwork HKLM\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Eshield eShield - dkmjljdbbgogihjcapfhgkonfmccbffp
PUP.Optional.Eshield eShield - dkmjljdbbgogihjcapfhgkonfmccbffp

***** [ Chromium URLs ] *****

PUP.Optional.Banggood eu.banggood.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

AdwCleaner[S00].txt - [3113 octets] - [23/11/2020 18:19:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

bostik · #5 Příspěvek od **bostik** » 24 lis 2020 16:39

Aha uz to mam

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-11-23.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-24-2020
# Duration: 00:00:14
# OS: Windows 7 Professional
# Cleaned: 22
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files\COMMON FILES\47DE2FD44559DAD6D4284913EC8AE76E
Deleted C:\ProgramData\2B619CB9-5A35-0
Deleted C:\ProgramData\2B619CB9-6CE5-1
Deleted C:\Users\Petr\AppData\Local\TNT2
Deleted C:\Users\Petr\AppData\Local\minergate

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{993F5746-4C15-42BC-99C1-064A1764271B}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\One System Care
Deleted HKCU\Software\PRODUCTSETUP
Deleted HKCU\Software\TNT2
Deleted HKCU\Software\csastats
Deleted HKLM\Software\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
Deleted HKLM\Software\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
Deleted HKLM\Software\Lavasoft\Web Companion
Deleted HKLM\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Web Companion
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564

***** [ Chromium (and derivatives) ] *****

Deleted eShield - dkmjljdbbgogihjcapfhgkonfmccbffp
Deleted eShield - dkmjljdbbgogihjcapfhgkonfmccbffp

***** [ Chromium URLs ] *****

Deleted eu.banggood.com

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3113 octets] - [23/11/2020 18:19:44]
AdwCleaner[S01].txt - [3174 octets] - [23/11/2020 18:22:02]
AdwCleaner[S02].txt - [3235 octets] - [24/11/2020 16:17:07]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

#6 Příspěvek od **Rudy** » 24 lis 2020 16:53

OK. Teď dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .

bostik · #7 Příspěvek od **bostik** » 24 lis 2020 17:17

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-11-2020 01
Ran by Petr (administrator) on PETR-NOTEBOOK (Dell Inc. Latitude E6400) (24-11-2020 17:07:23)
Running from C:\Users\Petr\Downloads
Loaded Profiles: Petr
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: Čeština (Česká republika)
Default browser: IE
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <30>
(Huawei Software Technologies Co., LTD. -> ) [File not signed] C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(UPEK Inc. -> UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Windows NT x86\Print Processors\HP1006S: C:\Windows\System32\spool\prtprocs\W32X86\HP1006S.DLL [293888 2010-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard)
HKLM\...\Print\Monitors\HP LaserJet P1006 Language Monitor: C:\Windows\system32\HP1006LM.DLL [286720 2010-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [101256 2015-12-21] (pdfforge GmbH -> pdfforge GmbH)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-11] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{18CBEEAA-6708-41A1-9379-D08915333CF2}] -> C:\Program Files\Common Files\SPBA\provider.dll [2010-09-15] (UPEK Inc. -> UPEK Inc.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{AE583D93-8D1B-424F-9858-5623FB7824EE}] -> C:\Program Files\Common Files\SPBA\provider.dll [2010-09-15] (UPEK Inc. -> UPEK Inc.)
SubSystems: [Windows] => "%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-839381056-1275580244-2287400433-1006\User: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CF364B1-3C5A-4E4C-989F-C00B115B8E6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-14] (Google Inc -> Google Inc.)
Task: {1E698F65-9561-4F9A-87E8-0AFF29CBEF68} - \DNSROSEVILLE -> No File <==== ATTENTION
Task: {51C8B1DD-31BD-4A35-9F71-4EF276089673} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {622BEA46-D51B-439D-A16C-A1133439078D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-14] (Google Inc -> Google Inc.)
Task: {6389884D-5C22-4F17-A26D-9E37F49325CD} - System32\Tasks\{7BFB58D6-E0EC-4EB2-B84E-A3FA49014863} => C:\Windows\system32\pcalua.exe -a C:\Dell\Drivers\6Y74K\setup.exe -d C:\Dell\Drivers\6Y74K
Task: {6A91EA4E-6C40-45F9-876C-8ABB40B6A039} - System32\Tasks\syncversion\{47DE2FD4-4559-DAD6-D428-4913EC8AE76E} => C:\PROGRA~1\COMMON~1\47DE2F~1\SYNCVE~1.EXE
Task: {7B3D845B-E208-4D19-9D9A-86E8C62DE592} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1499240 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {7B4439E7-229A-4DCD-B441-B156158AE017} - \{0C080B47-0908-050B-0411-0D0F09791104} -> No File <==== ATTENTION
Task: {A2BA7932-D545-446D-AE66-DBBEFF6B1393} - System32\Tasks\{5F4F0B12-56CC-042B-CCB2-87AFAFC25066} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\8bf37759\a4f3e19a.dll" <==== ATTENTION
Task: {CB903392-01F5-40D4-B2DA-F06E1C4A7064} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-PETR-NOTEBOOK => C:\Windows\ehome\McxTask.exe [33792 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
Task: {DAFC5F3F-D91B-4E03-A2B4-6869DA1CAEEE} - System32\Tasks\{FC290BA5-F0CB-4436-BA05-B997A5DDC893} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 web.whatsapp.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{0610427F-2DB3-4213-9713-E36428D0BBBA}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{C5DB2AEF-A760-47F1-93E5-AEF24902472C}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.) [File not signed]

Chrome:
=======
CHR Profile: C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default [2020-11-24]
CHR Notifications: Default -> hxxps://www.facebook.com
CHR Extension: (Prezentace) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-06]
CHR Extension: (Dokumenty) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-06]
CHR Extension: (Disk Google) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-18]
CHR Extension: (YouTube) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-14]
CHR Extension: (eShield) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp [2020-11-24]
CHR Extension: (Tabulky) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-06]
CHR Extension: (Dokumenty Google offline) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-03]
CHR Extension: (Gmail) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-18]
CHR Extension: (Chrome Media Router) - C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-23]
CHR HKLM\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HuaweiHiSuiteService.exe; C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [155848 2017-07-26] (Huawei Software Technologies Co., LTD. -> ) [File not signed]
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 CH341SER; C:\Windows\System32\Drivers\CH341SER.SYS [39696 2011-11-05] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [15360 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2017-07-26] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2016-02-20] (Dell Inc. -> Dell Inc)
S3 usbser; C:\Windows\System32\DRIVERS\USBSER.sys [28160 2017-07-26] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\Users\Petr\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-24 17:04 - 2020-11-24 17:05 - 002010112 _____ (Farbar) C:\Users\Petr\Downloads\FRST.exe
2020-11-24 16:14 - 2020-11-24 16:15 - 008447152 _____ (Malwarebytes) C:\Users\Petr\Downloads\AdwCleaner.exe
2020-11-23 18:18 - 2020-11-24 16:35 - 000000000 ____D C:\AdwCleaner
2020-11-23 17:50 - 2020-11-23 17:51 - 030469496 _____ (Piriform Software Ltd) C:\Users\Petr\Downloads\ccsetup574.exe
2020-11-23 17:49 - 2020-11-23 17:50 - 000388608 _____ (Trend Micro Inc.) C:\Users\Petr\Downloads\hijackthis (2).exe
2020-11-23 17:48 - 2020-11-24 17:07 - 000010049 _____ C:\Users\Petr\Downloads\FRST.txt
2020-11-23 17:47 - 2020-11-23 17:47 - 002010112 _____ (Farbar) C:\Users\Petr\Downloads\FRST (1).exe
2020-11-23 17:38 - 2020-11-23 17:38 - 000388608 _____ (Trend Micro Inc.) C:\Users\Petr\Downloads\hijackthis.exe
2020-11-23 17:31 - 2020-11-23 17:34 - 000081920 _____ C:\Users\Petr\Downloads\Nepotvrzeno 539162.crdownload
2020-11-23 16:31 - 2020-11-23 16:31 - 000000000 ____D C:\Users\Petr\AppData\Roaming\Henry++
2020-11-23 16:30 - 2020-11-23 16:30 - 000000984 _____ C:\Users\Petr\Desktop\Mem Reduct.lnk
2020-11-23 16:30 - 2020-11-23 16:30 - 000000000 ____D C:\Program Files\Mem Reduct
2020-11-23 16:29 - 2020-11-23 16:29 - 000366370 _____ C:\Users\Petr\Downloads\memreduct-3.3.5-setup.exe
2020-11-19 18:53 - 2020-11-19 18:53 - 000000000 ____D C:\Users\Verunka\Desktop\tajný
2020-11-18 14:50 - 2020-11-18 14:50 - 000000000 ____D C:\Users\Verunka\Desktop\škola
2020-11-18 14:50 - 2020-11-18 14:50 - 000000000 ____D C:\Users\Verunka\Desktop\ostatní
2020-11-18 14:49 - 2020-11-18 14:49 - 000000000 ____D C:\Users\Verunka\Desktop\tapety
2020-11-18 14:48 - 2020-11-18 15:03 - 000000000 ____D C:\Users\Verunka\Desktop\wattpad
2020-11-18 14:48 - 2020-11-18 14:49 - 000000000 ____D C:\Users\Verunka\Desktop\kreslení
2020-11-16 11:09 - 2020-11-16 11:09 - 000062689 _____ C:\Users\Verunka\Documents\srdce.xps
2020-11-08 20:25 - 2020-11-08 20:26 - 003143168 _____ C:\Users\Verunka\Downloads\6a.avi
2020-11-05 19:36 - 2020-11-05 19:37 - 000209861 _____ C:\Users\Verunka\Downloads\1.-Vnitrni-energie-telesa.ppsx
2020-11-05 09:10 - 2020-11-05 09:10 - 000071154 _____ C:\Users\Petr\Desktop\edika-kone-omalovanky.htm
2020-11-02 23:06 - 2020-11-02 23:06 - 000000644 __RSH C:\Users\Petr\ntuser.pol
2020-11-02 23:03 - 2020-11-02 23:03 - 000269672 _____ (WinTools.Info) C:\Users\Verunka\Downloads\urlblocker.exe
2020-11-02 22:41 - 2020-11-02 22:43 - 000001260 __RSH C:\Users\Verunka\ntuser.pol

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-24 17:06 - 2016-03-16 20:34 - 000000000 ____D C:\FRST
2020-11-24 16:44 - 2009-07-14 05:34 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-11-24 16:44 - 2009-07-14 05:34 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-11-24 16:37 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-23 17:56 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\system32\NDF
2020-11-23 17:10 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
2020-11-23 17:01 - 2015-09-28 12:24 - 000000000 ____D C:\Windows\system32\appmgmt
2020-11-23 16:47 - 2016-02-20 16:58 - 000000000 ____D C:\Users\Petr\AppData\Local\Deployment
2020-11-23 16:46 - 2019-10-27 04:31 - 000000000 ____D C:\ProgramData\Garmin
2020-11-23 16:46 - 2015-11-28 08:06 - 000000000 ____D C:\ProgramData\Package Cache
2020-11-23 16:39 - 2016-03-16 19:09 - 000007603 _____ C:\Users\Petr\AppData\Local\Resmon.ResmonCfg
2020-11-16 10:08 - 2011-04-12 02:37 - 000677070 _____ C:\Windows\system32\perfh005.dat
2020-11-16 10:08 - 2011-04-12 02:37 - 000145956 _____ C:\Windows\system32\perfc005.dat
2020-11-16 10:08 - 2010-11-20 22:01 - 001609484 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-11 22:46 - 2017-07-14 13:01 - 000002170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-11 22:46 - 2017-07-14 13:01 - 000002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-11 22:46 - 2017-07-14 13:01 - 000002129 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-04 12:34 - 2016-02-02 21:02 - 000000374 __RSH C:\ProgramData\ntuser.pol
2020-11-02 23:06 - 2015-09-26 00:38 - 000000000 ____D C:\Users\Petr
2020-11-02 22:43 - 2020-01-05 16:36 - 000000000 ____D C:\Users\Verunka
2020-11-02 22:41 - 2009-07-14 03:37 - 000000000 ___HD C:\Windows\system32\GroupPolicyUsers

==================== Files in the root of some directories ========

2015-12-30 00:09 - 2015-12-30 00:09 - 000000002 _____ () C:\Users\Petr\AppData\Roaming\Data.txt
2015-12-30 00:08 - 2015-12-30 00:08 - 000367616 _____ () C:\Users\Petr\AppData\Roaming\PassLog.exe
2019-08-11 23:21 - 2020-09-19 23:21 - 000000285 _____ () C:\Users\Petr\AppData\Roaming\WB.CFG
2016-02-02 20:46 - 2016-02-02 20:46 - 000003584 _____ () C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-16 19:09 - 2020-11-23 16:39 - 000007603 _____ () C:\Users\Petr\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2020-11-23 00:04
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-11-2020 01
Ran by Petr (24-11-2020 17:08:47)
Running from C:\Users\Petr\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) (2015-09-25 23:38:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-839381056-1275580244-2287400433-500 - Administrator - Disabled)
ASPNET (S-1-5-21-839381056-1275580244-2287400433-1004 - Limited - Enabled)
Guest (S-1-5-21-839381056-1275580244-2287400433-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-839381056-1275580244-2287400433-1002 - Limited - Enabled)
Mcx1-PETR-NOTEBOOK (S-1-5-21-839381056-1275580244-2287400433-1005 - Limited - Enabled) => C:\Users\Mcx1-PETR-NOTEBOOK
Petr (S-1-5-21-839381056-1275580244-2287400433-1000 - Administrator - Enabled) => C:\Users\Petr
Verunka (S-1-5-21-839381056-1275580244-2287400433-1006 - Limited - Enabled) => C:\Users\Verunka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Any Video Converter 6.3.3 (HKLM\...\Any Video Converter) (Version: 6.3.3 - Anvsoft)
Balíček ovladače systému Windows - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
BioAPI Framework (HKLM\...\{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}) (Version: 1.0.2 - Dell Inc.) Hidden
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.008 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Gemalto (HKLM\...\{0CCAF47C-E428-48C2-82B2-5F25CE1D67DA}) (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
HiSuite (HKLM\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version: - )
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Název společnosti:)
Chromium (HKLM\...\{1B87F347-4B07-22C7-FA87-52472A0781C7}) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
K-Lite Mega Codec Pack 5.0.5 (HKLM\...\KLiteCodecPack_is1) (Version: 5.0.5 - )
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.2.2.29 - PandoraTV)
Mem Reduct (HKLM\...\memreduct) (Version: 3.3.5 - Henry++)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5 CSY Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
NTRU TCG Software Stack (HKLM\...\{E9A97832-83B6-42B6-BAC6-492E344C2561}) (Version: 2.1.37 - Security Innovation, Inc.) Hidden
OpenOffice 4.1.2 (HKLM\...\{69D27D4C-36CE-4CB2-A290-C38B0A990955}) (Version: 4.12.9782 - Apache Software Foundation)
PC-CCID (HKLM\...\{BD3068DE-D53B-4CE8-B2BC-32E1323441CD}) (Version: 2.0.0 - Gemalto) Hidden
PhotoMizer (HKLM\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.10.0110 - Engelmann Media GmbH)
SPBA 5.9 (HKLM\...\{2EECD5EF-5095-467C-B80C-4AB3096EFD60}) (Version: 5.9.4.6901 - UPEK Inc.) Hidden
Upek Touchchip Fingerprint Reader (HKLM\...\{4E60E212-3177-4B16-BCB3-616CCC52357D}) (Version: 1.2.004 - Dell Inc.) Hidden
WinRAR 5.30 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-11-08] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.DIVX] => C:\Windows\system32\divx.dll [685056 2009-05-01] (DivX, Inc.) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [205824 2009-05-29] () [File not signed]
HKLM\...\Drivers32: [VIDC.YV12] => C:\Windows\system32\yv12vfw.dll [217088 2004-01-25] (www.helixcommunity.org) [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [118784 2007-09-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [msacm.lameacm] => C:\Windows\system32\lameACM.acm [839680 2008-09-24] (hxxp://www.mp3dev.org/) [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [85504 2009-06-02] () [File not signed]
HKLM\...\Drivers32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Online File Converter.lnk -> C:\Program Files\Office-Converter.com\Office-Converter.com\OfficeLink.exe () -> hxxp://www.office-converter.com/

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Petr\Desktop\Hasici1.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici2.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-839381056-1275580244-2287400433-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-839381056-1275580244-2287400433-1000 -> {9662E2B8-BB32-4E52-84AB-5DFA518B84DE} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11467
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-839381056-1275580244-2287400433-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2020-11-02 23:05 - 000000029 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 web.whatsapp.com

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-839381056-1275580244-2287400433-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: Chromium => "c:\users\petr\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: GarminExpress => "C:\Program Files\Garmin\Express\express.exe" /minimized
MSCONFIG\startupreg: GoogleChromeAutoLaunch_99DE362BF37F05AF23B8D5CFF8AAB751 => "C:\Users\Petr\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0AA6254A-8CE0-4AC2-A91B-92103294E5E7}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{E7949153-708E-445A-A555-BC0DD57B2C6D}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{A07D5876-D79F-4FB7-8869-2B0467414410}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{A6C56BD4-17CF-4D80-AA38-E5DA3797DD4B}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [TCP Query User{4CBE6047-EFA1-41C1-AB69-725E0DD2411B}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A819E4E4-C225-4073-8EE0-4C18A63A448E}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{30583CDB-7A9A-430A-B5FD-EE10F955F108}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2F44B279-5B22-48A1-92D8-4A2B5C94A578}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E94D7A2F-F2B0-4DD7-A08D-2A15E2ADDE87}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B5B44F78-A1DE-4A74-8034-6BB5C71EFC9E}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2A5C1192-18B8-40B5-A05F-2D6D9DACAF46}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DF0589A2-0A5F-42AB-884C-AE46A6C66E1D}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [{0722AB35-9C71-433C-BB51-C0C82E04616D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{C56CDEF6-AF92-4EC8-986B-FF573358434E}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
FirewallRules: [{7E0075D5-2CD2-4F5F-A127-191CE4C68617}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
FirewallRules: [{D6B5D052-DA5F-43F4-B82A-31563BF0ADE1}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{681848F3-5CCE-44F2-9515-EEB2996788B9}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{CE374F82-C4CB-4896-AD4D-A6F64787C3C4}] => (Allow) C:\Users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{7FE9E3CC-E83A-4375-AFE5-FD8B9F800BE4}] => (Allow) C:\Users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{E0C8D9FB-314B-4692-BADD-4853F5B8E208}] => (Allow) C:\Users\Petr\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
FirewallRules: [{4DA342E2-793A-4340-9803-BE7698F47EF3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ED5FC25C-90CA-49A6-976A-2B8CBD7E83B4}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

06-11-2020 00:00:07 Naplánovaný kontrolní bod
14-11-2020 00:00:07 Naplánovaný kontrolní bod
21-11-2020 12:08:25 Naplánovaný kontrolní bod
23-11-2020 16:45:18 Garmin Express
23-11-2020 17:01:17 Removed MrvlUsgTracking
23-11-2020 17:01:41 Removed MrvlUsgTracking

==================== Faulty Device Manager Devices ============

Name: Broadcom USH
Description: Broadcom USH
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: ========================

Application errors:
==================
Error: (11/24/2020 05:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/24/2020 05:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/24/2020 05:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/24/2020 05:07:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/24/2020 05:07:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/24/2020 05:07:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/24/2020 05:07:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

Error: (11/24/2020 05:07:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>. Došlo k chybě: Certifikační řetěz byl zpracován, ale byl ukončen v kořenovém certifikátu, který nemá důvěru zprostředkovatele důvěryhodnosti.
.

System errors:
=============
Error: (11/24/2020 04:37:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NTRU TSS v1.2.1.37 TCS závisí na službě Služba TPM Base Services, která neuspěla při spuštění v důsledku následující chyby:
Operace byla dokončena úspěšně.

Error: (11/24/2020 04:35:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (11/24/2020 04:35:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HuaweiHiSuiteService.exe byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (11/23/2020 05:26:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (11/23/2020 05:26:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (11/23/2020 05:26:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Error: (11/23/2020 05:20:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 40.

Error: (11/23/2020 05:20:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Byla přijata následující výstraha o závažné chybě: 70.

Windows Defender:
===================================
Date: 2018-01-22 03:50:37.259
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... atid=92596
Název:TrojanDownloader:Win32/Small.gen!I
ID:92596
Závažnost:Vážné
Kategorie:Trojský stahovací program
Nalezeno v cestě:autoruninf:D:\autorun.inf|shellexecute;autoruninf:D:\autorun.inf|shellverb;containerfile:D:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\systel.exe;file:D:\autorun.inf;file:D:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\systel.exe->(UPX)
Typ zjišťování:Obecný
Zdroj zjišťování:Systém
Stav:Neznámý
Uživatel:NT AUTHORITY\NETWORK SERVICE
Název procesu:c:\program files\windows defender\MpCmdRun.exe

Date: 2016-03-16 19:31:17.743
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... atid=92596
Název:TrojanDownloader:Win32/Small.gen!I
ID:92596
Závažnost:Vážné
Kategorie:Trojský stahovací program
Nalezeno v cestě:containerfile:C:\Users\Petr\AppData\Roaming\install\systel.exe;file:C:\Users\Petr\AppData\Roaming\install\systel.exe->(UPX);process:pid:5248
Typ zjišťování:Obecný
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2016-03-16 19:30:26.138
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... atid=92596
Název:TrojanDownloader:Win32/Small.gen!I
ID:92596
Závažnost:Vážné
Kategorie:Trojský stahovací program
Nalezeno v cestě:containerfile:C:\Users\Petr\AppData\Roaming\install\systel.exe;file:C:\Users\Petr\AppData\Roaming\install\systel.exe->(UPX);process:pid:5584;regkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU;runkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU
Typ zjišťování:Obecný
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2016-03-16 19:29:23.535
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... atid=92596
Název:TrojanDownloader:Win32/Small.gen!I
ID:92596
Závažnost:Vážné
Kategorie:Trojský stahovací program
Nalezeno v cestě:containerfile:C:\Users\Petr\AppData\Roaming\install\systel.exe;file:C:\Users\Petr\AppData\Roaming\install\systel.exe->(UPX);process:pid:5584
Typ zjišťování:Obecný
Zdroj zjišťování:Ochrana v reálném čase
Stav:Neznámý
Uživatel:\
Název procesu:

Date: 2016-03-13 08:58:29.030
Description:
Prohledávání Windows Defender rozpoznalo spyware nebo jiný potenciálně nežádoucí software.
Další informace:
http://go.microsoft.com/fwlink/?linkid= ... atid=92596
Název:TrojanDownloader:Win32/Small.gen!I
ID:92596
Závažnost:Vážné
Kategorie:Trojský stahovací program
Nalezeno v cestě:containerfile:C:\Users\Petr\AppData\Roaming\install\systel.exe;file:C:\Users\Petr\AppData\Roaming\install\systel.exe->(UPX);regkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU;runkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU
Typ zjišťování:Obecný
Zdroj zjišťování:Systém
Stav:Neznámý
Uživatel:NT AUTHORITY\NETWORK SERVICE
Název procesu:c:\program files\windows defender\MpCmdRun.exe

CodeIntegrity:
===================================

Date: 2019-05-13 18:46:05.635
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\adaware\adaware antivirus\updater\12.6.997.11652\AdAwareUpdater.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

BIOS: Dell Inc. A34 06/04/2013
Motherboard: Dell Inc. 0W620R
Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 92%
Total physical RAM: 1999.9 MB
Available physical RAM: 159.96 MB
Total Virtual: 3999.8 MB
Available Virtual: 487.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:7.76 GB) NTFS

\\?\Volume{fdebbcbc-63dc-11e5-a575-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: 3CE66DB8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

#8 Příspěvek od **Rudy** » 24 lis 2020 17:57

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-839381056-1275580244-2287400433-1006\User: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0CF364B1-3C5A-4E4C-989F-C00B115B8E6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-14] (Google Inc -> Google Inc.)
Task: {1E698F65-9561-4F9A-87E8-0AFF29CBEF68} - \DNSROSEVILLE -> No File <==== ATTENTION
Task: {622BEA46-D51B-439D-A16C-A1133439078D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-14] (Google Inc -> Google Inc.)
Task: {6389884D-5C22-4F17-A26D-9E37F49325CD} - System32\Tasks\{7BFB58D6-E0EC-4EB2-B84E-A3FA49014863} => C:\Windows\system32\pcalua.exe -a C:\Dell\Drivers\6Y74K\setup.exe -d C:\Dell\Drivers\6Y74K
Task: {7B4439E7-229A-4DCD-B441-B156158AE017} - \{0C080B47-0908-050B-0411-0D0F09791104} -> No File <==== ATTENTION
Task: {A2BA7932-D545-446D-AE66-DBBEFF6B1393} - System32\Tasks\{5F4F0B12-56CC-042B-CCB2-87AFAFC25066} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\8bf37759\a4f3e19a.dll" <==== ATTENTION
Task: {DAFC5F3F-D91B-4E03-A2B4-6869DA1CAEEE} - System32\Tasks\{FC290BA5-F0CB-4436-BA05-B997A5DDC893} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
S3 catchme; \??\C:\Users\Petr\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici1.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici2.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{0AA6254A-8CE0-4AC2-A91B-92103294E5E7}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{E7949153-708E-445A-A555-BC0DD57B2C6D}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{A07D5876-D79F-4FB7-8869-2B0467414410}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{A6C56BD4-17CF-4D80-AA38-E5DA3797DD4B}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [TCP Query User{4CBE6047-EFA1-41C1-AB69-725E0DD2411B}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A819E4E4-C225-4073-8EE0-4C18A63A448E}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{30583CDB-7A9A-430A-B5FD-EE10F955F108}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2F44B279-5B22-48A1-92D8-4A2B5C94A578}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E94D7A2F-F2B0-4DD7-A08D-2A15E2ADDE87}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B5B44F78-A1DE-4A74-8034-6BB5C71EFC9E}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2A5C1192-18B8-40B5-A05F-2D6D9DACAF46}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DF0589A2-0A5F-42AB-884C-AE46A6C66E1D}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [{0722AB35-9C71-433C-BB51-C0C82E04616D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{0722AB35-9C71-433C-BB51-C0C82E04616D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{C56CDEF6-AF92-4EC8-986B-FF573358434E}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
FirewallRules: [{7E0075D5-2CD2-4F5F-A127-191CE4C68617}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
FirewallRules: [{D6B5D052-DA5F-43F4-B82A-31563BF0ADE1}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{681848F3-5CCE-44F2-9515-EEB2996788B9}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{CE374F82-C4CB-4896-AD4D-A6F64787C3C4}] => (Allow) C:\Users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{7FE9E3CC-E83A-4375-AFE5-FD8B9F800BE4}] => (Allow) C:\Users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
D:\autorun.inf|shellexecute;autoruninf
D:\autorun.inf|shellverb;containerfile
D:\RECYCLER
C:\Users\Petr\AppData\Roaming\install\systel.exe
HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU;runkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU

EmptyTemp:
End

Uložte do C:\Users\Petr\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

bostik · #9 Příspěvek od **bostik** » 24 lis 2020 22:12

Fix result of Farbar Recovery Scan Tool (x86) Version: 22-11-2020 01
Ran by Petr (24-11-2020 22:08:33) Run:2
Running from C:\Users\Petr\Downloads
Loaded Profiles: Petr
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CloseProcesses:
ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-839381056-1275580244-2287400433-1006\User: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0CF364B1-3C5A-4E4C-989F-C00B115B8E6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-14] (Google Inc -> Google Inc.)
Task: {1E698F65-9561-4F9A-87E8-0AFF29CBEF68} - \DNSROSEVILLE -> No File <==== ATTENTION
Task: {622BEA46-D51B-439D-A16C-A1133439078D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-14] (Google Inc -> Google Inc.)
Task: {6389884D-5C22-4F17-A26D-9E37F49325CD} - System32\Tasks\{7BFB58D6-E0EC-4EB2-B84E-A3FA49014863} => C:\Windows\system32\pcalua.exe -a C:\Dell\Drivers\6Y74K\setup.exe -d C:\Dell\Drivers\6Y74K
Task: {7B4439E7-229A-4DCD-B441-B156158AE017} - \{0C080B47-0908-050B-0411-0D0F09791104} -> No File <==== ATTENTION
Task: {A2BA7932-D545-446D-AE66-DBBEFF6B1393} - System32\Tasks\{5F4F0B12-56CC-042B-CCB2-87AFAFC25066} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\8bf37759\a4f3e19a.dll" <==== ATTENTION
Task: {DAFC5F3F-D91B-4E03-A2B4-6869DA1CAEEE} - System32\Tasks\{FC290BA5-F0CB-4436-BA05-B997A5DDC893} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
S3 catchme; \??\C:\Users\Petr\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici1.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici2.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{0AA6254A-8CE0-4AC2-A91B-92103294E5E7}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{E7949153-708E-445A-A555-BC0DD57B2C6D}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{A07D5876-D79F-4FB7-8869-2B0467414410}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{A6C56BD4-17CF-4D80-AA38-E5DA3797DD4B}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [TCP Query User{4CBE6047-EFA1-41C1-AB69-725E0DD2411B}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A819E4E4-C225-4073-8EE0-4C18A63A448E}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{30583CDB-7A9A-430A-B5FD-EE10F955F108}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2F44B279-5B22-48A1-92D8-4A2B5C94A578}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E94D7A2F-F2B0-4DD7-A08D-2A15E2ADDE87}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B5B44F78-A1DE-4A74-8034-6BB5C71EFC9E}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2A5C1192-18B8-40B5-A05F-2D6D9DACAF46}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DF0589A2-0A5F-42AB-884C-AE46A6C66E1D}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [{0722AB35-9C71-433C-BB51-C0C82E04616D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{0722AB35-9C71-433C-BB51-C0C82E04616D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{C56CDEF6-AF92-4EC8-986B-FF573358434E}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
FirewallRules: [{7E0075D5-2CD2-4F5F-A127-191CE4C68617}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
FirewallRules: [{D6B5D052-DA5F-43F4-B82A-31563BF0ADE1}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{681848F3-5CCE-44F2-9515-EEB2996788B9}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{CE374F82-C4CB-4896-AD4D-A6F64787C3C4}] => (Allow) C:\Users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{7FE9E3CC-E83A-4375-AFE5-FD8B9F800BE4}] => (Allow) C:\Users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
D:\autorun.inf|shellexecute;autoruninf
D:\autorun.inf|shellverb;containerfile
D:\RECYCLER
C:\Users\Petr\AppData\Roaming\install\systel.exe
HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU;runkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU

EmptyTemp:
End
*****************

Processes closed successfully.
ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION => Error: No automatic fix found for this entry.
"C:\Windows\system32\GroupPolicy\Machine" => not found
"C:\Windows\system32\GroupPolicy\User" => not found
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-839381056-1275580244-2287400433-1006\User" => not found
HKLM\SOFTWARE\Policies\Mozilla => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CF364B1-3C5A-4E4C-989F-C00B115B8E6D} => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E698F65-9561-4F9A-87E8-0AFF29CBEF68} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSROSEVILLE => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{622BEA46-D51B-439D-A16C-A1133439078D} => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6389884D-5C22-4F17-A26D-9E37F49325CD} => not found
"C:\Windows\System32\Tasks\{7BFB58D6-E0EC-4EB2-B84E-A3FA49014863}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7BFB58D6-E0EC-4EB2-B84E-A3FA49014863} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B4439E7-229A-4DCD-B441-B156158AE017} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C080B47-0908-050B-0411-0D0F09791104} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2BA7932-D545-446D-AE66-DBBEFF6B1393} => not found
"C:\Windows\System32\Tasks\{5F4F0B12-56CC-042B-CCB2-87AFAFC25066}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F4F0B12-56CC-042B-CCB2-87AFAFC25066} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAFC5F3F-D91B-4E03-A2B4-6869DA1CAEEE} => not found
"C:\Windows\System32\Tasks\{FC290BA5-F0CB-4436-BA05-B997A5DDC893}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC290BA5-F0CB-4436-BA05-B997A5DDC893} => not found
catchme => service not found.
"C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found
C:\Users\Petr\Desktop\Hasici1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Petr\Desktop\Hasici1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
C:\Users\Petr\Desktop\Hasici2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Petr\Desktop\Hasici2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AA6254A-8CE0-4AC2-A91B-92103294E5E7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7949153-708E-445A-A555-BC0DD57B2C6D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A07D5876-D79F-4FB7-8869-2B0467414410}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6C56BD4-17CF-4D80-AA38-E5DA3797DD4B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4CBE6047-EFA1-41C1-AB69-725E0DD2411B}C:\program files\arduino\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A819E4E4-C225-4073-8EE0-4C18A63A448E}C:\program files\arduino\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{30583CDB-7A9A-430A-B5FD-EE10F955F108}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2F44B279-5B22-48A1-92D8-4A2B5C94A578}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E94D7A2F-F2B0-4DD7-A08D-2A15E2ADDE87}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B5B44F78-A1DE-4A74-8034-6BB5C71EFC9E}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2A5C1192-18B8-40B5-A05F-2D6D9DACAF46}C:\program files\arduino\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DF0589A2-0A5F-42AB-884C-AE46A6C66E1D}C:\program files\arduino\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0722AB35-9C71-433C-BB51-C0C82E04616D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0722AB35-9C71-433C-BB51-C0C82E04616D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C56CDEF6-AF92-4EC8-986B-FF573358434E}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E0075D5-2CD2-4F5F-A127-191CE4C68617}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6B5D052-DA5F-43F4-B82A-31563BF0ADE1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{681848F3-5CCE-44F2-9515-EEB2996788B9}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE374F82-C4CB-4896-AD4D-A6F64787C3C4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FE9E3CC-E83A-4375-AFE5-FD8B9F800BE4}" => not found
"D:\autorun.inf|shellexecute;autoruninf" => not found
"D:\autorun.inf|shellverb;containerfile" => not found
"D:\RECYCLER" => not found
"C:\Users\Petr\AppData\Roaming\install\systel.exe" => not found
HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU;runkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1048672 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 235244338 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 66228 B
NetworkService => 66652 B
Petr => 4478808 B
Mcx1-PETR-NOTEBOOK => 4478808 B
Verunka => 4489620 B

RecycleBin => 4465665392 B
EmptyTemp: => 4.4 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 22:09:41 ====

#10 Příspěvek od **Rudy** » 25 lis 2020 10:20

Zkuste to ještě jednou se stejným skriptem, ale před mazáním vypněte antivir.

bostik · #11 Příspěvek od **bostik** » 25 lis 2020 18:21

Ja ale snad zadny antivir nemam....no pokusil jsem se povypinat antivir ve windows tak snad se mi to podarilo

Fix result of Farbar Recovery Scan Tool (x86) Version: 25-11-2020
Ran by Petr (25-11-2020 18:14:09) Run:3
Running from C:\Users\Petr\Downloads
Loaded Profiles: Petr & Verunka
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start

CloseProcesses:
ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-839381056-1275580244-2287400433-1006\User: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0CF364B1-3C5A-4E4C-989F-C00B115B8E6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-14] (Google Inc -> Google Inc.)
Task: {1E698F65-9561-4F9A-87E8-0AFF29CBEF68} - \DNSROSEVILLE -> No File <==== ATTENTION
Task: {622BEA46-D51B-439D-A16C-A1133439078D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-07-14] (Google Inc -> Google Inc.)
Task: {6389884D-5C22-4F17-A26D-9E37F49325CD} - System32\Tasks\{7BFB58D6-E0EC-4EB2-B84E-A3FA49014863} => C:\Windows\system32\pcalua.exe -a C:\Dell\Drivers\6Y74K\setup.exe -d C:\Dell\Drivers\6Y74K
Task: {7B4439E7-229A-4DCD-B441-B156158AE017} - \{0C080B47-0908-050B-0411-0D0F09791104} -> No File <==== ATTENTION
Task: {A2BA7932-D545-446D-AE66-DBBEFF6B1393} - System32\Tasks\{5F4F0B12-56CC-042B-CCB2-87AFAFC25066} => C:\Windows\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\8bf37759\a4f3e19a.dll" <==== ATTENTION
Task: {DAFC5F3F-D91B-4E03-A2B4-6869DA1CAEEE} - System32\Tasks\{FC290BA5-F0CB-4436-BA05-B997A5DDC893} => C:\Windows\system32\pcalua.exe -a D:\Setup.exe -d D:\
S3 catchme; \??\C:\Users\Petr\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici1.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici2.jpeg:3or4kl4x13tuuug3Byamue2s4b [75]
AlternateDataStreams: C:\Users\Petr\Desktop\Hasici2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
FirewallRules: [{0AA6254A-8CE0-4AC2-A91B-92103294E5E7}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{E7949153-708E-445A-A555-BC0DD57B2C6D}] => (Allow) C:\Program Files\Maxthon\Bin\MxUp.exe => No File
FirewallRules: [{A07D5876-D79F-4FB7-8869-2B0467414410}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [{A6C56BD4-17CF-4D80-AA38-E5DA3797DD4B}] => (Allow) C:\Program Files\Maxthon\Bin\Maxthon.exe => No File
FirewallRules: [TCP Query User{4CBE6047-EFA1-41C1-AB69-725E0DD2411B}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A819E4E4-C225-4073-8EE0-4C18A63A448E}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{30583CDB-7A9A-430A-B5FD-EE10F955F108}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2F44B279-5B22-48A1-92D8-4A2B5C94A578}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{E94D7A2F-F2B0-4DD7-A08D-2A15E2ADDE87}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{B5B44F78-A1DE-4A74-8034-6BB5C71EFC9E}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe] => (Allow) C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{2A5C1192-18B8-40B5-A05F-2D6D9DACAF46}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DF0589A2-0A5F-42AB-884C-AE46A6C66E1D}C:\program files\arduino\java\bin\javaw.exe] => (Allow) C:\program files\arduino\java\bin\javaw.exe => No File
FirewallRules: [{0722AB35-9C71-433C-BB51-C0C82E04616D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{0722AB35-9C71-433C-BB51-C0C82E04616D}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [{C56CDEF6-AF92-4EC8-986B-FF573358434E}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
FirewallRules: [{7E0075D5-2CD2-4F5F-A127-191CE4C68617}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Microsoft Windows Hardware Compatibility Publisher -> Software 2000 Limited)
FirewallRules: [{D6B5D052-DA5F-43F4-B82A-31563BF0ADE1}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{681848F3-5CCE-44F2-9515-EEB2996788B9}] => (Allow) C:\Users\Petr\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{CE374F82-C4CB-4896-AD4D-A6F64787C3C4}] => (Allow) C:\Users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{7FE9E3CC-E83A-4375-AFE5-FD8B9F800BE4}] => (Allow) C:\Users\Petr\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
D:\autorun.inf|shellexecute;autoruninf
D:\autorun.inf|shellverb;containerfile
D:\RECYCLER
C:\Users\Petr\AppData\Roaming\install\systel.exe
HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU;runkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU

EmptyTemp:
End
*****************

Processes closed successfully.
ProfileControl=Off MaxRequestThreads=16" <==== ATTENTION => Error: No automatic fix found for this entry.
"C:\Windows\system32\GroupPolicy\Machine" => not found
"C:\Windows\system32\GroupPolicy\User" => not found
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-839381056-1275580244-2287400433-1006\User" => not found
HKLM\SOFTWARE\Policies\Mozilla => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CF364B1-3C5A-4E4C-989F-C00B115B8E6D} => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E698F65-9561-4F9A-87E8-0AFF29CBEF68} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSROSEVILLE => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{622BEA46-D51B-439D-A16C-A1133439078D} => not found
"C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6389884D-5C22-4F17-A26D-9E37F49325CD} => not found
"C:\Windows\System32\Tasks\{7BFB58D6-E0EC-4EB2-B84E-A3FA49014863}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7BFB58D6-E0EC-4EB2-B84E-A3FA49014863} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B4439E7-229A-4DCD-B441-B156158AE017} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C080B47-0908-050B-0411-0D0F09791104} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2BA7932-D545-446D-AE66-DBBEFF6B1393} => not found
"C:\Windows\System32\Tasks\{5F4F0B12-56CC-042B-CCB2-87AFAFC25066}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5F4F0B12-56CC-042B-CCB2-87AFAFC25066} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAFC5F3F-D91B-4E03-A2B4-6869DA1CAEEE} => not found
"C:\Windows\System32\Tasks\{FC290BA5-F0CB-4436-BA05-B997A5DDC893}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FC290BA5-F0CB-4436-BA05-B997A5DDC893} => not found
catchme => service not found.
"C:\Users\Petr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => not found
C:\Users\Petr\Desktop\Hasici1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Petr\Desktop\Hasici1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
C:\Users\Petr\Desktop\Hasici2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\Petr\Desktop\Hasici2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS could not remove.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0AA6254A-8CE0-4AC2-A91B-92103294E5E7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7949153-708E-445A-A555-BC0DD57B2C6D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A07D5876-D79F-4FB7-8869-2B0467414410}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6C56BD4-17CF-4D80-AA38-E5DA3797DD4B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4CBE6047-EFA1-41C1-AB69-725E0DD2411B}C:\program files\arduino\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A819E4E4-C225-4073-8EE0-4C18A63A448E}C:\program files\arduino\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{30583CDB-7A9A-430A-B5FD-EE10F955F108}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2F44B279-5B22-48A1-92D8-4A2B5C94A578}C:\users\petr\appdata\local\temp\rar$exa0.380\arduino-1.8.4\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E94D7A2F-F2B0-4DD7-A08D-2A15E2ADDE87}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B5B44F78-A1DE-4A74-8034-6BB5C71EFC9E}C:\users\petr\appdata\local\temp\rar$exa0.915\arduino-1.8.4\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2A5C1192-18B8-40B5-A05F-2D6D9DACAF46}C:\program files\arduino\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DF0589A2-0A5F-42AB-884C-AE46A6C66E1D}C:\program files\arduino\java\bin\javaw.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0722AB35-9C71-433C-BB51-C0C82E04616D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0722AB35-9C71-433C-BB51-C0C82E04616D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C56CDEF6-AF92-4EC8-986B-FF573358434E}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E0075D5-2CD2-4F5F-A127-191CE4C68617}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6B5D052-DA5F-43F4-B82A-31563BF0ADE1}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{681848F3-5CCE-44F2-9515-EEB2996788B9}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE374F82-C4CB-4896-AD4D-A6F64787C3C4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7FE9E3CC-E83A-4375-AFE5-FD8B9F800BE4}" => not found
"D:\autorun.inf|shellexecute;autoruninf" => not found
"D:\autorun.inf|shellverb;containerfile" => not found
"D:\RECYCLER" => not found
"C:\Users\Petr\AppData\Roaming\install\systel.exe" => not found
HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU;runkey:HKCU@S-1-5-21-839381056-1275580244-2287400433-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HKCU => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7442247 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1280 B
Edge => 0 B
Chrome => 66430811 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
LocalService => 132456 B
NetworkService => 132880 B
Petr => 3711301 B
Mcx1-PETR-NOTEBOOK => 3711301 B
Verunka => 3728863 B

RecycleBin => 13829 B
EmptyTemp: => 89.4 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:15:30 ====

#12 Příspěvek od **Rudy** » 25 lis 2020 19:02

Máte jen WindowsDefender. Je mi divné, že FRST nenašel žádné položky, které ve skenu označil. Proto jsem vám nechal vypnout antivir. Byly to ale jen zbytečnosti, jinak je log čistý.

bostik · #13 Příspěvek od **bostik** » 25 lis 2020 20:41

OK dekuji

#14 Příspěvek od **Rudy** » 25 lis 2020 20:53

Rádo se stalo!

VIRY.CZ

kontrola logu

kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu

Re: kontrola logu