Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosba o pomoc - upozornění na trojské koně na ploše

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
bluefilip
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 19 bře 2021 13:01

Prosba o pomoc - upozornění na trojské koně na ploše

#1 Příspěvek od bluefilip »

Dobrý den,

maminka slečny asi klikala, kam neměla a máme momentálně problém. Při zapnutí počítače vysočí okna "Váš počítač je ohrožen", jako kdyby to bylo upozornění z Google Chrome (viz obrázek).

Obrázek

Podle všeho snad ani nebyl původně nainstalován antivirus. Zkoušel jsem projet Avastem a Malewarebytes, ale nic nenašli. Dál už radši nesahám a prosím o pomoc.

Log z FRST níže:


==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2917632 2015-05-27] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [116960 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon MG2400 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBW.DLL [30208 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2400 series: C:\WINDOWS\system32\CNMLMBW.DLL [391168 2013-03-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\89.0.4389.90\Installer\chrmstp.exe [2021-03-17] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2019-11-10]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {089BE9A5-4BD2-4736-84CF-5D08DA9A4943} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4682976 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
Task: {2FFC20E1-78BE-437D-87BB-B5CA5915C075} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1791712 2021-03-19] (Avast Software s.r.o. -> Avast Software)
Task: {3090BCA4-D86E-44FA-A12A-F85463DE3679} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3139625046-2202026286-576748679-1001 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {38429A7A-889A-4926-962C-57A0FC94E93E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {423E34C1-3A67-4380-9696-7F425F4D6D8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
Task: {44183ADE-44F7-444A-B918-607FF4B089D6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1511320 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {81AA186E-6584-4C4C-A5E5-8884E8FD58CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4241B5D-866A-45F9-BF52-2300503410AB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141136 2021-03-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B63C24E2-7871-44C8-945A-814E7B1F552B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
Task: {DC0AA9DA-05BA-493C-8D52-BF87B717BFD8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23079792 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 195.146.111.98 81.19.33.2
Tcpip\..\Interfaces\{0cb2fc0c-0582-4505-a746-318ca22cb4ca}: [DhcpNameServer] 195.146.111.98 81.19.33.2
Tcpip\..\Interfaces\{7659c53c-023a-4809-b07b-0294c4051a98}: [DhcpNameServer] 195.146.111.98 81.19.33.2

Edge:
=======
Edge Profile: C:\Users\IVA\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-19]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default [2021-03-19]
CHR Notifications: Default -> hxxps://tirez.ru
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxps://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-09-02]
CHR Extension: (Dokumenty) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-09-02]
CHR Extension: (Disk Google) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23]
CHR Extension: (YouTube) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-09-02]
CHR Extension: (Tabulky) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-09-02]
CHR Extension: (Dokumenty Google offline) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Gmail) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\IVA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-03-12]
CHR Profile: C:\Users\IVA\AppData\Local\Google\Chrome\User Data\System Profile [2019-09-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7878680 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [621608 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [352480 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56904 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8988552 2021-03-05] (Microsoft Corporation -> Microsoft Corporation)
S4 DialogBlockingService; C:\WINDOWS\System32\DialogBlockingService.dll [76288 2021-03-09] (Microsoft Windows -> Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] (Canon Inc. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5352528 2021-03-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12727576 2021-02-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [101152 2017-06-01] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35648 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [208024 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [357320 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [249304 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [98760 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [16832 2021-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41272 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [175248 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [521336 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107784 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
S0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [83360 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850112 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [465160 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215328 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-03-19] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-03-19] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [155360 2021-03-19] (Malwarebytes Inc -> Malwarebytes)
S3 pccsmcfd; C:\WINDOWS\system32\DRIVERS\pccsmcfdx64.sys [26112 2012-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Nokia)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-03-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [420072 2021-03-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-19 13:07 - 2021-03-19 13:08 - 000012841 _____ C:\Users\IVA\Desktop\FRST.txt
2021-03-19 13:06 - 2021-03-19 13:08 - 000000000 ____D C:\FRST
2021-03-19 13:05 - 2021-03-19 13:05 - 002300928 _____ (Farbar) C:\Users\IVA\Desktop\FRST64.exe
2021-03-19 12:51 - 2021-03-19 12:51 - 000000000 ____D C:\Users\IVA\AppData\Roaming\Avast Software
2021-03-19 12:51 - 2021-03-19 12:51 - 000000000 ____D C:\Users\IVA\AppData\Local\CEF
2021-03-19 12:50 - 2021-03-19 12:50 - 000002160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2021-03-19 12:49 - 2021-03-19 12:49 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-03-19 12:49 - 2021-03-19 12:49 - 000155360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-03-19 12:49 - 2021-03-19 12:49 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-03-19 12:48 - 2021-03-19 12:48 - 000000000 ____D C:\Users\IVA\AppData\Local\mbam
2021-03-19 12:47 - 2021-03-19 12:47 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-03-19 12:47 - 2021-03-19 12:47 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-03-19 12:46 - 2021-03-19 12:46 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-03-19 12:46 - 2021-03-19 12:45 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-03-19 12:46 - 2021-03-19 12:45 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-03-19 12:45 - 2021-03-19 12:45 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-03-19 12:45 - 2021-03-19 12:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-03-19 12:44 - 2021-03-19 12:45 - 000465160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-03-19 12:44 - 2021-03-19 12:45 - 000175248 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000521336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-03-19 12:44 - 2021-03-19 12:44 - 000326976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000249304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000215328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000107784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000098760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000083360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000041272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000016832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-03-19 12:44 - 2021-03-19 12:44 - 000003990 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-03-19 12:44 - 2021-03-19 12:44 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-03-19 12:44 - 2021-03-19 12:43 - 000850112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-03-19 12:44 - 2021-03-19 12:43 - 000357320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-03-19 12:44 - 2021-03-19 12:43 - 000208024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-03-19 12:44 - 2021-03-19 12:43 - 000035648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-03-19 12:43 - 2021-03-19 12:43 - 002084016 _____ (Malwarebytes) C:\Users\IVA\Downloads\MBSetup.exe
2021-03-19 12:43 - 2021-03-19 12:43 - 000000000 ____D C:\Program Files\Malwarebytes
2021-03-19 12:42 - 2021-03-19 12:51 - 000000000 ____D C:\ProgramData\Avast Software
2021-03-19 12:42 - 2021-03-19 12:42 - 000000000 ____D C:\Program Files\Avast Software
2021-03-19 12:41 - 2021-03-19 12:42 - 000220392 _____ (AVAST Software) C:\Users\IVA\Downloads\avast_free_antivirus_setup_online (1).exe
2021-03-19 12:41 - 2021-03-19 12:41 - 000220392 _____ (AVAST Software) C:\Users\IVA\Downloads\avast_free_antivirus_setup_online.exe
2021-03-19 12:35 - 2021-03-19 12:38 - 000000000 ____D C:\Users\IVA\AppData\Local\TeamViewer
2021-03-19 09:04 - 2021-03-19 12:36 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-03-19 09:04 - 2021-03-19 12:35 - 000000000 ____D C:\Users\IVA\AppData\Roaming\TeamViewer
2021-03-19 09:04 - 2021-03-19 09:04 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-03-19 09:02 - 2021-03-19 09:02 - 029325064 _____ (TeamViewer Germany GmbH) C:\Users\IVA\Desktop\TeamViewer_Setup.exe
2021-03-09 23:28 - 2021-03-09 23:28 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-09 23:28 - 2021-03-09 23:28 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-09 23:28 - 2021-03-09 23:28 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-09 23:28 - 2021-03-09 23:28 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-03-09 23:28 - 2021-03-09 23:28 - 000011359 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-09 23:27 - 2021-03-09 23:27 - 001822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-03-09 23:27 - 2021-03-09 23:27 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-03-09 23:27 - 2021-03-09 23:27 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-09 23:27 - 2021-03-09 23:27 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-03-09 23:27 - 2021-03-09 23:27 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-09 23:27 - 2021-03-09 23:27 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-03-09 23:26 - 2021-03-09 23:26 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-19 12:58 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-19 12:46 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-19 12:33 - 2020-11-16 16:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-18 22:38 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-18 22:38 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-15 14:46 - 2020-06-10 18:39 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-15 00:28 - 2019-09-02 20:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-12 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-03-12 17:19 - 2019-09-02 21:18 - 000000000 ____D C:\Program Files\Microsoft Office
2021-03-10 04:12 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-10 00:21 - 2020-11-16 16:24 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-10 00:21 - 2019-12-07 15:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-03-10 00:21 - 2019-12-07 15:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-03-10 00:17 - 2020-11-16 16:09 - 000437912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-10 00:16 - 2020-11-16 16:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-10 00:16 - 2020-11-16 16:09 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-10 00:15 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-10 00:13 - 2020-11-16 16:14 - 000000000 ____D C:\Users\IVA
2021-03-10 00:13 - 2019-12-07 15:47 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-03-10 00:13 - 2019-12-07 15:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-10 00:13 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-09 23:34 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-09 23:27 - 2019-09-02 18:53 - 000413702 __RSH C:\bootmgr
2021-03-09 22:46 - 2019-09-02 18:54 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-09 22:43 - 2019-09-02 18:54 - 131005360 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-03-09 17:16 - 2020-11-16 16:34 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3139625046-2202026286-576748679-1001
2021-03-09 17:16 - 2020-11-16 16:14 - 000002355 _____ C:\Users\IVA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-03-09 17:16 - 2019-09-02 18:06 - 000000000 ___RD C:\Users\IVA\OneDrive
2021-03-05 09:14 - 2019-09-02 18:45 - 000000000 ____D C:\Users\IVA\Documents\Chalupa mapa, jízdní řád atd
2021-03-05 09:12 - 2020-07-29 17:26 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-03-05 03:39 - 2020-11-30 06:22 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6bc2c2487f253
2021-03-05 03:39 - 2020-11-16 16:34 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 19:37 - 2019-09-02 18:04 - 000000000 ____D C:\Users\IVA\AppData\Local\Packages
2021-03-03 09:35 - 2019-09-02 18:45 - 000000000 ____D C:\Users\IVA\Documents\Opel Vectra
2021-03-03 09:34 - 2019-09-02 19:10 - 000000000 ____D C:\Users\IVA\Documents\Péťa škola a RŮZNÉ
2021-03-01 17:38 - 2019-09-02 18:45 - 000000000 ____D C:\Users\IVA\Documents\Meditace
2021-02-27 09:35 - 2019-09-02 18:37 - 000000000 ____D C:\Users\IVA\Documents\Babička a děda
2021-02-20 11:22 - 2020-09-30 15:09 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Log z Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by IVA (19-03-2021 13:11:26)
Running from C:\Users\IVA\Desktop
Windows 10 Pro Version 2004 19041.867 (X64) (2020-11-16 15:35:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3139625046-2202026286-576748679-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3139625046-2202026286-576748679-503 - Limited - Disabled)
Guest (S-1-5-21-3139625046-2202026286-576748679-501 - Limited - Disabled)
IVA (S-1-5-21-3139625046-2202026286-576748679-1001 - Administrator - Enabled) => C:\Users\IVA
WDAGUtilityAccount (S-1-5-21-3139625046-2202026286-576748679-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.1.2449 - Avast Software)
Balíček ovladače systému Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.03 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.13801.20294 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.57 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3139625046-2202026286-576748679-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13801.20294 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13801.20274 - Microsoft Corporation) Hidden
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Phone Nokia USB Driver (HKLM-x32\...\{7F1C627F-7F07-4B51-B50F-FF8C64881D6E}) (Version: 1.1.0 - Mobile)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6070 - Realtek Semiconductor Corp.)
Registrace uživatele zařízení Canon MG2400 series (HKLM-x32\...\Registrace uživatele zařízení Canon MG2400 series) (Version: - ‭Canon Inc.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.15.5 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F49D6A65-1AB6-4728-9FDA-DB5BAB631CF6}) (Version: 1.23.0.0 - Microsoft Corporation) Hidden
Windows 7 Games for Windows 10 and 8 (HKLM\...\Win7Games) (Version: 2.0 - hxxp://winaero.com)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.2.36.0_x86__kgqvnymyfvs32 [2021-02-19] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.53.5.0_x86__kgqvnymyfvs32 [2021-02-28] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1980.2.0_x86__kgqvnymyfvs32 [2021-03-18] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-05] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-06] (Microsoft Corporation)
Hidden City: Hidden Object Adventure -> C:\Program Files\WindowsApps\828B5831.HiddenCityMysteryofShadows_1.40.4001.0_x86__ytsefhwckbdv6 [2021-03-05] (G5 Entertainment AB)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-28] (Microsoft Studios) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.1.0_x64__nfy108tqq3p12 [2021-02-21] (Thumbmunkeys Ltd)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-09-02] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-03-19] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-03-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-03-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-03-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-03-19] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-19] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\IVA\Documents\OSTATNÍ\nemazat, systém\Extras\Adobe Reader Download.lnk -> hxxp://get.adobe.com/reader
ShortcutWithArgument: C:\Users\IVA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2019-09-02 18:38 - 2001-11-08 17:20 - 000019968 _____ () [File not signed] C:\games\Kyodai Mahjongg\ogg.dll
2019-09-02 18:38 - 2001-11-08 17:20 - 000046080 _____ () [File not signed] C:\games\Kyodai Mahjongg\vorbis.dll
2019-09-02 18:38 - 2001-11-08 17:20 - 000009216 _____ () [File not signed] C:\games\Kyodai Mahjongg\vorbisfile.dll
2020-07-29 17:25 - 2017-07-05 12:43 - 000561152 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CCL.dll
2020-07-29 17:25 - 2017-07-05 12:49 - 000593920 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Quick Menu\CNQMMWRP.dll
2019-11-10 11:49 - 2015-02-27 10:35 - 000489984 _____ (Newtonsoft) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\Newtonsoft.Json.dll
2019-11-10 11:49 - 2017-06-01 17:31 - 000047104 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\MobileGo\COM.Net.dll
2019-11-10 11:49 - 2017-03-20 16:13 - 000087552 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCollect.dll
2019-11-10 11:49 - 2017-03-20 16:13 - 000197632 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-03-04] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 22:03 - 2017-03-18 22:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3139625046-2202026286-576748679-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 195.146.111.98 - 81.19.33.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FECB3DD2-3ACC-4C4A-9AB5-5F05B297D820}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{133912DA-DB99-4AD6-875B-FD51CFFEE084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{92AEE5AF-6C37-41E6-AA22-6188D8EBFFB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{AC0B79BF-1D02-416C-9563-4A1436E217EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [UDP Query User{73266417-E2EA-437C-939A-32400ADA43F6}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File
FirewallRules: [TCP Query User{884F2387-AAA5-484B-A94B-AA47C4D643BD}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File
FirewallRules: [UDP Query User{609B76BC-8A1C-4606-B964-BE35406A45A9}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [TCP Query User{EF9DAA01-DDD0-4B90-AF77-1B8285D9DED3}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [{4ACD3EB8-3012-498A-8C85-07B8796DFDA1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{65727CF9-5918-499E-B537-DBC2AC7F66A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A13CD858-8D57-4A62-A764-EBAAD72E35AF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3EE6AFF8-88EA-43C1-94B4-3A61C167FABE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{002671A6-7FF5-41D7-A80E-1E2DEEC5583B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0EA0BFFC-030A-4779-9775-22A67D4CEB7A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{045881EE-23BA-4C13-A641-07BA49F96439}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.57\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4ABE7552-42D5-486F-9262-1FD7D7DF3520}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A83F0EDC-9BC0-4532-9B4E-0F0BA831A3B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A30A784E-45C0-48DF-831C-4A09C50DD234}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{8AB9BDA4-B78C-42E8-AC58-E21A38E6D1E7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

26-02-2021 17:42:59 Naplánovaný kontrolní bod
07-03-2021 18:35:08 Naplánovaný kontrolní bod
09-03-2021 22:54:34 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/17/2021 04:24:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: kmj.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Název chybujícího modulu: kmj.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Kód výjimky: 0xc0000005
Posun chyby: 0x00003f5a
ID chybujícího procesu: 0x16d8
Čas spuštění chybující aplikace: 0x01d71b3d93772393
Cesta k chybující aplikaci: C:\games\Kyodai Mahjongg\kmj.exe
Cesta k chybujícímu modulu: C:\games\Kyodai Mahjongg\kmj.exe
ID zprávy: a9163c24-0479-4d91-aa83-a34709391309
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/16/2021 05:11:47 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/14/2021 05:11:47 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/14/2021 01:27:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: kmj.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Název chybujícího modulu: kmj.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Kód výjimky: 0xc0000005
Posun chyby: 0x00001c69
ID chybujícího procesu: 0x1934
Čas spuštění chybující aplikace: 0x01d718cab908e1f2
Cesta k chybující aplikaci: C:\games\Kyodai Mahjongg\kmj.exe
Cesta k chybujícímu modulu: C:\games\Kyodai Mahjongg\kmj.exe
ID zprávy: 46496be2-f3a5-47e7-af99-25700102d30b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/12/2021 05:11:47 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/12/2021 06:22:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0x0e9c5eae
Kód výjimky: 0xc06d007e
Posun chyby: 0x000000000002d759
ID chybujícího procesu: 0xe04
Čas spuštění chybující aplikace: 0x01d716ffc3aa9cbf
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 0a0b4e6b-d02e-4a8e-801c-494c530587f6
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/11/2021 05:55:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: OLicenseHeartbeat.exe, verze: 16.0.13801.20182, časové razítko: 0x602dd932
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.804, časové razítko: 0x0e9c5eae
Kód výjimky: 0xc06d007e
Posun chyby: 0x000000000002d759
ID chybujícího procesu: 0x3110
Čas spuštění chybující aplikace: 0x01d71632bc69ae6a
Cesta k chybující aplikaci: C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: f0cd1ce0-1038-489d-8c15-179409af635d
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/10/2021 05:11:47 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (02/16/2021 05:12:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (18:17:06, ‎14.‎02.‎2021) bylo neočekávané.

Error: (02/14/2021 04:57:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:53:49, ‎14.‎02.‎2021) bylo neočekávané.

Error: (02/14/2021 04:53:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:20:17, ‎14.‎02.‎2021) bylo neočekávané.

Error: (02/12/2021 02:12:18 AM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-7HD852R)
Description: Nelze spustit server DCOM: {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} jako Není k dispozici/Není k dispozici. Došlo k chybě:
3236560897
při provádění příkazu:
C:\Windows\System32\RuntimeBroker.exe -Embedding

Error: (02/08/2021 01:18:50 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Inicializace výpisu stavu systému se nezdařila.

Error: (01/31/2021 01:30:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (12:00:23, ‎31.‎01.‎2021) bylo neočekávané.

Error: (12/23/2020 12:15:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (23:48:45, ‎22.‎12.‎2020) bylo neočekávané.

Error: (12/22/2020 11:48:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (23:47:08, ‎22.‎12.‎2020) bylo neočekávané.


Windows Defender:
================
Date: 2021-03-14 10:16:35
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D6E7554B-2543-40DE-90CC-1C3624FBBB55}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-13 10:02:51
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {CCE589EB-8026-4C8C-BCEC-17A213D65EF4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-12 10:16:33
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {98899991-DA5D-413D-929A-6B2FF7E20371}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 09:51:36
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {083BA564-4D5F-4E44-A597-3DC684AC70B4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-09 10:34:30
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6600C764-BEC5-42E0-A094-18B6B891B385}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2021-03-19 13:05:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume1\Program Files\Avast Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A30 06/28/2018
Motherboard: Dell Inc. 051FJ8
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 54%
Total physical RAM: 9100.49 MB
Available physical RAM: 4096.11 MB
Total Virtual: 10508.49 MB
Available Virtual: 5009.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.83 GB) (Free:365.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]

\\?\Volume{36f61e74-0000-0000-0000-005074000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 36F61E74)
Partition 1: (Active) - (Size=440.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=522 MB) - (Type=27)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosba o pomoc - upozornění na trojské koně na ploše

#2 Příspěvek od Rudy »

Zdravím!
Některé antiviry jsou paranoidní a vidí malware i v tajových utilitách, jako je FRST, nebo TeamViewer. Jsou to utility, které sice mažou soubory a klíče ze systému (FRST), nebo umožní se někam připoji (nebo někomu připojit na váš PC - TeamViewer). My tu FRST běžně užíváme a malware to ve skutečnosti není. V takových případech je nutné AV vypnout. Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

bluefilip
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 19 bře 2021 13:01

Re: Prosba o pomoc - upozornění na trojské koně na ploše

#3 Příspěvek od bluefilip »

Dobrý den,

děkuji za rychlou odpověď. Na sken adwcleanerem jsme vypli antivirus i TeamViewer, První sken nic nenašel, takže jsme ještě zkusili restartvat PC a provedli druhý sken a následný clean.

Sken 1:

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-19-2021
# Duration: 00:00:19
# OS: Windows 10 Pro
# Scanned: 3382
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


Sken 2:

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-19-2021
# Duration: 00:00:46
# OS: Windows 10 Pro
# Scanned: 3643
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1404 octets] - [19/03/2021 14:26:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Clean po Skenu 2:

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-19-2021
# Duration: 00:00:02
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1404 octets] - [19/03/2021 14:26:24]
AdwCleaner[S01].txt - [1465 octets] - [19/03/2021 14:34:06]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosba o pomoc - upozornění na trojské koně na ploše

#4 Příspěvek od Rudy »

Toto je OK. Dočistíme zbytečnosti. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {423E34C1-3A67-4380-9696-7F425F4D6D8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
Task: {B63C24E2-7871-44C8-945A-814E7B1F552B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
CHR Notifications: Default -> hxxps://tirez.ru
FirewallRules: [{FECB3DD2-3ACC-4C4A-9AB5-5F05B297D820}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{133912DA-DB99-4AD6-875B-FD51CFFEE084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{92AEE5AF-6C37-41E6-AA22-6188D8EBFFB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{AC0B79BF-1D02-416C-9563-4A1436E217EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [UDP Query User{73266417-E2EA-437C-939A-32400ADA43F6}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File
FirewallRules: [TCP Query User{884F2387-AAA5-484B-A94B-AA47C4D643BD}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

VC systému jsou 2 funkční antiviry (Avast a Malwarebytes). Jeden z nich odinstalujte, dochází k softwarové kolizi.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

bluefilip
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 19 bře 2021 13:01

Re: Prosba o pomoc - upozornění na trojské koně na ploše

#5 Příspěvek od bluefilip »

Malwarebytes odinstalovány, na fix jsem Avastu vypnul štíty. Fixlog níže:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-03-2021
Ran by IVA (19-03-2021 16:11:50) Run:1
Running from C:\Users\IVA\Desktop
Loaded Profiles: IVA
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {423E34C1-3A67-4380-9696-7F425F4D6D8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
Task: {B63C24E2-7871-44C8-945A-814E7B1F552B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-09-02] (Google Inc -> Google LLC)
CHR Notifications: Default -> hxxps://tirez.ru
FirewallRules: [{FECB3DD2-3ACC-4C4A-9AB5-5F05B297D820}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{133912DA-DB99-4AD6-875B-FD51CFFEE084}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{92AEE5AF-6C37-41E6-AA22-6188D8EBFFB1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [{AC0B79BF-1D02-416C-9563-4A1436E217EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => No File
FirewallRules: [UDP Query User{73266417-E2EA-437C-939A-32400ADA43F6}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File
FirewallRules: [TCP Query User{884F2387-AAA5-484B-A94B-AA47C4D643BD}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{423E34C1-3A67-4380-9696-7F425F4D6D8E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{423E34C1-3A67-4380-9696-7F425F4D6D8E}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B63C24E2-7871-44C8-945A-814E7B1F552B}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B63C24E2-7871-44C8-945A-814E7B1F552B}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"Chrome Notifications" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FECB3DD2-3ACC-4C4A-9AB5-5F05B297D820}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{133912DA-DB99-4AD6-875B-FD51CFFEE084}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92AEE5AF-6C37-41E6-AA22-6188D8EBFFB1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC0B79BF-1D02-416C-9563-4A1436E217EB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{73266417-E2EA-437C-939A-32400ADA43F6}C:\program files (x86)\wondershare\mobilego\mobilego.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{884F2387-AAA5-484B-A94B-AA47C4D643BD}C:\program files (x86)\wondershare\mobilego\mobilego.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 95641607 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 20800500 B
Edge => 2138102 B
Chrome => 611458780 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15958 B
NetworkService => 408486 B
IVA => 190069222 B

RecycleBin => 897002614 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:14:44 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosba o pomoc - upozornění na trojské koně na ploše

#6 Příspěvek od Rudy »

OK, smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

bluefilip
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 19 bře 2021 13:01

Re: Prosba o pomoc - upozornění na trojské koně na ploše

#7 Příspěvek od bluefilip »

Okna jsou pryč, tak to vypadá, že je snad všechno v pořádku. Mockrát vám děkuji za pomoc! :thumbsup:

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Prosba o pomoc - upozornění na trojské koně na ploše

#8 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno