Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

HEUR/APC v BDBICExtractor.exe a Bradbury.Invcol.9.5.2.1.dll

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
uiii
Návštěvník
Návštěvník
Příspěvky: 52
Registrován: 04 zář 2005 19:05

HEUR/APC v BDBICExtractor.exe a Bradbury.Invcol.9.5.2.1.dll

#1 Příspěvek od uiii »

Zdravím,
Avira mi nahlásila jako hrozbu HEUR/APC a dala do karantény soubory:
- C:\ProgramData\Dell\drivers\15471037-e989-4014-9a92-081441662833\BDBICExtractor.exe
- C:\ProgramData\PCDr\7240\Addons\Bradbury.Invcol.9.5.2.1_1\Bradbury.Invcol.9.5.2.1.dll.

Dá se poznat, zda je jedná o skutečné hrozby nebo jen falešný poplach?

Díky
Richard

FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-04-2021
Ran by Dell (administrator) on DELL-PC (Dell Inc. Latitude E5530 non-vPro) (04-05-2021 17:17:34)
Running from C:\Users\Dell\Desktop
Loaded Profiles: Dell
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Dell Inc -> ) C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Dell\AppData\Local\FluxSoftware\Flux\flux.exe
(Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_ecb9604542bb4ba6\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Dell\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(Opera Software AS -> Opera Software) C:\Users\Dell\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Opera Software AS -> Opera Software) C:\Users\Dell\AppData\Local\Programs\Opera\launcher.exe <2>
(Sony Imaging Products & Solutions Inc. -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Imaging Products & Solutions Inc. -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(The CefSharp Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [745288 2015-06-25] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [706192 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [868328 2018-12-21] (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [30796352 2018-10-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\Run: [f.lux] => C:\Users\Dell\AppData\Local\FluxSoftware\Flux\flux.exe [1511824 2021-02-04] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\Run: [Opera Browser Assistant] => C:\Users\Dell\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3366424 2020-12-08] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP B611 Status Monitor: C:\WINDOWS\system32\hpinkstsB611LM.dll [328552 2012-01-11] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.93\Installer\chrmstp.exe [2021-04-27] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04F48FCB-64FF-410E-B41D-D24BF9D0723B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {058FF6C4-AC45-45A0-9C54-8F7EF961B50C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {07C96D22-783E-4E04-9132-88943FEF1481} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {12085FA7-CA15-464D-AFE3-DB5DFB253F90} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [231104 2021-04-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {1D31F5A1-1482-49AE-8D87-CD6FFC0CBB72} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1F9A651B-2E74-415A-8BEA-7644E07F6F0D} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {2DD2127E-3F47-4C47-BB1E-63C30B730760} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3310015C-DA70-4F13-926D-844006123C46} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {5292F73E-486D-4D42-9468-88B63131671A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5EC51427-C4F1-4107-8859-B6C00249CB57} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5F0DBDA1-D051-42ED-883D-EF3D8DB529F1} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {688F7F32-B441-4FFA-82EF-452A3D89A6D8} - System32\Tasks\Opera scheduled Autoupdate 1607437657 => C:\Users\Dell\AppData\Local\Programs\Opera\launcher.exe [1596568 2021-04-26] (Opera Software AS -> Opera Software)
Task: {6F1C8742-FFB2-473B-BAB7-21D60266FD76} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {77654389-3548-4439-8E5E-A76E7C13A05C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7F69F6B7-CDB3-4D2A-9BB0-B49246E874A8} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39920 2018-10-24] (Garmin International, Inc. -> )
Task: {83A6BB13-C131-412C-819C-6F695ACFDC89} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {84095955-7ECA-4A1E-94AC-3196D28CB12E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {842E245F-75ED-4A2A-BF06-1E87762FFDFB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {89A10F26-A746-4962-874D-7D32B6255B60} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {8EC2E3D6-B7B6-45DA-9C8D-AA55A418122D} - System32\Tasks\Opera scheduled assistant Autoupdate 1607437670 => C:\Users\Dell\AppData\Local\Programs\Opera\launcher.exe [1596568 2021-04-26] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Dell\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {957C8364-7BDE-48F2-913A-6AEFF3BA9467} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9D17742B-7AD0-49B8-A008-B940922C97DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-23] (Google Inc -> Google Inc.)
Task: {A2F0C58E-1478-4A95-95A5-BEC84222C3CB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AB909709-E4D6-44A6-BC73-F39A76887DB5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0811582-F540-4804-8E7F-7A41392C8A4B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {BBF820C6-2B7E-4336-8088-4292970AA9AC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD4B99C7-5C62-4EF1-B692-8B403FCAA9C1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BE11E7B8-323B-4B2B-9FA3-5EF97C6095BA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C334E7E8-342F-454E-A6CE-35AC418EFBD0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C7FDAD05-674A-44D9-B94B-5BB17034A518} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29757392 2021-02-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {DA6D7F8E-32F0-416C-BC53-E6E881E22CDD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {E1AE67A5-212A-47AD-8C4A-03BEA06DFC7B} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {EC544BCE-9112-4E41-BA28-E27BBDD3165F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F1846765-1A57-40F3-86E5-71C045208183} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-11-23] (Google Inc -> Google Inc.)
Task: {FE00F199-45FA-4D2C-8C8F-CC282E3BE079} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1059336 2021-01-09] (Dell Inc -> Dell Inc.)
Task: {FE52052F-8724-4F37-9760-A41D38CFDE4E} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E3C2466F-2BF6-4624-9E7F-FF4C5F6D5E39}: [DhcpNameServer] 192.168.0.1

Edge:
=======
DownloadDir: C:\Users\Dell\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Dell\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-22]
Edge DownloadDir: C:\Users\Dell\Downloads

FireFox:
========
FF DefaultProfile: feqyfq1d.default-1526443342991
FF ProfilePath: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\feqyfq1d.default-1526443342991 [2021-05-04]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\feqyfq1d.default-1526443342991\Extensions\support@lastpass.com.xpi [2020-08-11]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-21] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default [2021-05-02]
CHR Notifications: Default -> hxxps://dp32.ru; hxxps://www.facebook.com
CHR Session Restore: Default -> is enabled.
CHR Extension: (Překladač Google) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-29]
CHR Extension: (Prezentace) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-23]
CHR Extension: (Voda) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\anlddkjneljcdakkmjcglmpjgibhbaog [2017-12-26]
CHR Extension: (Dokumenty) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-23]
CHR Extension: (Disk Google) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-23]
CHR Extension: (Tabulky) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-23]
CHR Extension: (Avira Browser Safety) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-03-25]
CHR Extension: (Dokumenty Google offline) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-16]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Gmail) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-02]
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-03-01]
CHR Profile: C:\Users\Dell\AppData\Local\Google\Chrome\User Data\System Profile [2019-03-01]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

Opera:
=======
OPR Profile: C:\Users\Dell\AppData\Roaming\Opera Software\Opera Stable [2021-05-04]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-03-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96120 2015-06-25] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [634768 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [383976 2021-03-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [244136 2021-04-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [287776 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3750944 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [507936 2020-10-26] (Dell Technologies Inc. -> Dell Technologies Inc.)
S2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.7240.285\DSAPI.exe [985584 2021-02-13] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [38592 2020-10-29] (Dell Inc -> )
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [493544 2018-12-21] (Sony Imaging Products & Solutions Inc. -> Sony Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39432 2021-01-09] (Dell Inc -> Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12871464 2021-04-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\NisSrv.exe [2169568 2020-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2007.8-0\MsMpEng.exe [128376 2020-08-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [209744 2021-04-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-03-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [27896 2021-04-28] (WDKTestCert Amit_K_Tiwari,132158070448517957 -> )
R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [42376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 ocznvme; C:\WINDOWS\system32\drivers\ocznvme.sys [99592 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
S3 ocztrimfilter; C:\WINDOWS\system32\drivers\ocztrimfilter.sys [29064 2016-06-10] (Toshiba America Electronic Components, Inc. -> TOSHIBA CORPORATION)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [30352 2016-10-07] (STMICROELECTRONICS S.R.L. -> ST Microelectronics)
S3 tilfilter; C:\WINDOWS\system32\drivers\TIxHCIlfilter.sys [17672 2015-02-11] (Texas Instruments, Inc. -> Texas Instruments, Inc.)
S3 tiufilter; C:\WINDOWS\system32\drivers\TIxHCIufilter.sys [23304 2015-02-11] (Texas Instruments, Inc. -> Texas Instruments, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [78216 2020-08-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [430320 2020-08-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [98520 2020-08-14] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-04 17:17 - 2021-05-04 17:20 - 000025907 _____ C:\Users\Dell\Desktop\FRST.txt
2021-05-04 17:14 - 2021-05-04 17:14 - 002298368 _____ (Farbar) C:\Users\Dell\Desktop\FRST64.exe
2021-05-04 16:44 - 2021-05-04 16:44 - 000000000 ____D C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2021-04-28 20:29 - 2021-04-28 20:30 - 000027896 _____ C:\WINDOWS\system32\Drivers\DBUtilDrv2.sys
2021-04-23 12:08 - 2021-04-23 12:08 - 000000686 _____ C:\Users\Dell\Desktop\ESET Online Scanner.lnk
2021-04-23 12:07 - 2021-04-23 12:08 - 000000814 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-23 12:07 - 2021-04-23 12:07 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Dell\Downloads\esetonlinescanner.exe
2021-04-23 12:07 - 2021-04-23 12:07 - 000000000 ____D C:\Users\Dell\AppData\Local\ESET
2021-04-23 11:55 - 2021-04-23 11:55 - 000000000 ____D C:\ProgramData\PCDr
2021-04-22 20:01 - 2021-04-22 20:04 - 000000000 ____D C:\Users\Dell\AppData\Local\TeamViewer
2021-04-22 19:59 - 2021-05-02 08:02 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-22 19:59 - 2021-04-22 19:59 - 000001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-04-22 19:59 - 2021-04-22 19:59 - 000001104 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2021-04-22 19:59 - 2021-04-22 19:59 - 000001104 _____ C:\ProgramData\Desktop\TeamViewer.lnk
2021-04-22 19:59 - 2021-04-22 19:59 - 000000000 ____D C:\Users\Dell\AppData\Roaming\TeamViewer
2021-04-22 19:57 - 2021-04-22 19:57 - 029028008 _____ (TeamViewer Germany GmbH) C:\Users\Dell\Downloads\TeamViewer_Setup.exe
2021-04-16 20:15 - 2021-04-16 20:15 - 000133076 _____ C:\Users\Dell\Downloads\Tabulka odrůd.16.4.21.pdf
2021-04-16 18:29 - 2021-04-28 20:28 - 000001236 _____ C:\Users\Public\Desktop\Avira.lnk
2021-04-16 18:29 - 2021-04-28 20:28 - 000001236 _____ C:\ProgramData\Desktop\Avira.lnk
2021-04-16 18:29 - 2021-04-28 20:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-04-16 17:39 - 2021-04-16 17:39 - 001353120 _____ C:\Users\Dell\Downloads\Brewster_Beacon_40_2.pdf
2021-04-16 17:19 - 2021-04-16 17:19 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-16 17:17 - 2021-04-16 17:17 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-16 17:17 - 2021-04-16 17:17 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-13 15:00 - 2021-04-13 15:00 - 000133445 _____ C:\Users\Dell\Downloads\Tabulka odrůd.13.4.21.pdf
2021-04-12 15:24 - 2021-04-12 15:24 - 000000000 ____D C:\Users\Dell\Downloads\2021-04-12_152408
2021-04-12 15:20 - 2021-04-12 15:20 - 000000000 ____D C:\Users\Dell\Downloads\2021-04-12_152036
2021-04-11 08:43 - 2021-04-11 08:43 - 000134530 _____ C:\Users\Dell\Downloads\Tabulka odrůd.11.4.21.pdf
2021-04-10 20:02 - 2021-04-10 20:02 - 002582358 _____ C:\Users\Dell\Downloads\Návod pivovar.pdf
2021-04-06 15:21 - 2021-04-06 15:22 - 000135499 _____ C:\Users\Dell\Downloads\Tabulka odrůd 6.4.21.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-04 17:22 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-04 17:19 - 2018-05-13 13:09 - 000000000 ____D C:\FRST
2021-05-04 17:18 - 2020-08-11 20:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-05-04 17:18 - 2017-11-23 19:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-05-04 17:17 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-04 17:11 - 2017-11-23 19:47 - 000000000 ____D C:\Users\Dell\AppData\LocalLow\Mozilla
2021-05-04 16:53 - 2018-03-19 17:52 - 000000000 ____D C:\Users\Dell\.matplotlib
2021-05-04 16:50 - 2017-11-23 19:47 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-05-04 16:44 - 2017-11-01 08:30 - 000000000 __SHD C:\Users\Dell\IntelGraphicsProfiles
2021-05-02 16:48 - 2020-08-11 23:20 - 000000000 ____D C:\Users\Dell
2021-05-02 16:40 - 2020-08-12 18:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-02 08:02 - 2020-08-12 19:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-02 08:02 - 2020-08-09 09:40 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-30 14:23 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-30 14:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-28 20:36 - 2020-12-08 16:27 - 000004150 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1607437657
2021-04-28 20:36 - 2020-12-08 16:27 - 000001427 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2021-04-28 20:28 - 2020-09-03 20:01 - 000003704 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2021-04-27 14:42 - 2017-11-23 19:49 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-27 14:42 - 2017-11-23 19:49 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-04-27 14:42 - 2017-11-23 19:49 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-04-25 08:05 - 2020-08-12 19:07 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-25 08:05 - 2020-08-12 19:07 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-24 07:31 - 2020-10-05 19:44 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-23 11:56 - 2020-08-12 19:01 - 001797348 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-23 11:56 - 2019-12-07 16:43 - 000752236 _____ C:\WINDOWS\system32\perfh005.dat
2021-04-23 11:56 - 2019-12-07 16:43 - 000162774 _____ C:\WINDOWS\system32\perfc005.dat
2021-04-23 11:50 - 2021-03-20 09:42 - 000460952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-23 11:48 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-23 01:26 - 2021-02-21 22:11 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-22 19:31 - 2021-02-13 18:01 - 000000000 ____D C:\ProgramData\Dell
2021-04-21 20:27 - 2018-07-11 20:44 - 000000000 ____D C:\Users\Dell\AppData\Local\ElevatedDiagnostics
2021-04-21 11:24 - 2020-08-12 19:07 - 000003472 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-21 11:24 - 2020-08-12 19:07 - 000003348 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-19 21:16 - 2020-08-12 19:07 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2909802881-1809305294-4137571501-1001
2021-04-19 19:57 - 2020-08-11 23:20 - 000002399 _____ C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-19 19:57 - 2017-11-28 17:22 - 000000000 ___RD C:\Users\Dell\OneDrive
2021-04-16 22:30 - 2017-11-01 08:24 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-16 22:18 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-04-16 22:17 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-16 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-16 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-16 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-16 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-16 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-16 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-04-16 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-16 22:17 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-16 22:16 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-16 22:16 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-16 22:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-16 22:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-16 22:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-16 17:33 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-16 17:16 - 2020-08-12 18:45 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-04-16 14:47 - 2017-11-28 14:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-16 14:37 - 2017-11-28 14:53 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2018-03-19 17:52 - 2019-02-28 17:08 - 000000056 _____ () C:\Users\Dell\AppData\Roaming\Openroast_1.2.0rc3.launch.pyw.log
2019-02-28 17:10 - 2021-05-04 16:54 - 000000053 _____ () C:\Users\Dell\AppData\Roaming\Openroast_1.2.1.launch.pyw.log
2020-12-27 22:47 - 2020-12-27 22:47 - 000000000 _____ () C:\Users\Dell\AppData\Local\{B57D699E-73E0-48CB-926C-212AD6C3E812}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

FRST Additions:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-04-2021
Ran by Dell (04-05-2021 17:25:13)
Running from C:\Users\Dell\Desktop
Windows 10 Pro Version 20H2 19042.928 (X64) (2020-08-12 17:08:50)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2909802881-1809305294-4137571501-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2909802881-1809305294-4137571501-503 - Limited - Disabled)
Dell (S-1-5-21-2909802881-1809305294-4137571501-1001 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-2909802881-1809305294-4137571501-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2909802881-1809305294-4137571501-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2909802881-1809305294-4137571501-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20150 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{D559687A-60C5-4786-9429-C21EC195789D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Artisan (HKLM-x32\...\Artisan) (Version: 1.5.0.0 - The Artisan Team)
Avira (HKLM-x32\...\{21098ed5-59e9-4203-b79e-63f3c373e022}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{2CA8B2E7-B4B7-4553-83E6-448A543EA5AD}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2104.2083 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.3.21018 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.48.17984 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.10.0.11063 - Avira Operations GmbH & Co. KG) Hidden
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Dell SupportAssist (HKLM\...\{C5A70974-2F89-4BE0-90F7-749E62468C4D}) (Version: 3.8.1.23 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.103 - ALPS ELECTRIC CO., LTD.)
Elevated Installer (HKLM-x32\...\{0BF90608-2F95-4C7C-9A85-E90E0CAF4FE9}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
f.lux (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\Flux) (Version: - f.lux Software LLC)
Fresh Beans SR-700 (HKLM-x32\...\{D09D0DA0-2423-4CD9-AF24-F9FACF0FB1E6}) (Version: 1.03 - Fresh Beans)
Garmin Express (HKLM-x32\...\{95D0EADA-5123-41C0-931A-F37946BC0E8E}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{eab4691c-4022-41cd-8d39-c3097ba62d4b}) (Version: 6.9.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.93 - Google LLC)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
LibreOffice 6.4.1.2 (HKLM\...\{F420EC75-FB16-4786-951E-67CAC0FB9B86}) (Version: 6.4.1.2 - The Document Foundation)
MergeModule_x64 (HKLM\...\{8B591A6B-253E-4E62-B2A8-3668CDA0A907}) (Version: 11.0.00 - Sony Corporation) Hidden
MergeModule_x86 (HKLM-x32\...\{51B45206-47B1-4B51-B46A-330B9156D6C1}) (Version: 11.0.00 - Sony Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.51 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\OneDriveSetup.exe) (Version: 21.062.0328.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 72.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 72.0.2 (x64 cs)) (Version: 72.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Openroast 1.2.1 (HKLM\...\Openroast 1.2.1) (Version: 1.2.1 - Roastero)
Opera Stable 75.0.3969.243 (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\Opera 75.0.3969.243) (Version: 75.0.3969.243 - Opera Software)
PlayMemories Home (HKLM-x32\...\{AEB04E0E-0A28-4014-A96A-282E43B7227B}) (Version: 6.0.00.12211 - Sony Corporation)
PMB_ModeEditor (HKLM-x32\...\{F8063714-BD75-42DC-8FAA-D0E1EED92519}) (Version: 11.0.00 - Sony Corporation) Hidden
PMB_ServiceUploader (HKLM-x32\...\{CF081855-ED80-445A-BF63-025584939230}) (Version: 11.0.00 - Sony Corporation) Hidden
Python 3.6.4 (32-bit) (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Add to Path (32-bit) (HKLM-x32\...\{B7F6071F-CC88-469C-9AC6-BEBA83594819}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.17.6 - TeamViewer)
testo 175-176-2010 v1.6.0.0 (HKLM-x32\...\testo 175-176-2010 v1.6.0.0) (Version: 1.6.0.0 - Testo AG)
testo Comfort Software Basic 5.0 (HKLM\...\{5EE4A6A5-C6E6-4613-9AB2-4FD3C09E1D2C}) (Version: 5.6.80.32798 - Testo SE & Co. KGaA)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.2.36.0_x86__kgqvnymyfvs32 [2021-02-19] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.188.300.0_x86__kgqvnymyfvs32 [2021-03-03] (king.com)
Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.8.10.0_x64__htrsf667h5kn2 [2021-03-02] (Dell Inc)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.8.12.0_x86__h6adky7gbf63m [2021-03-10] (Gameloft SE)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-12-12] (Microsoft Corporation)
Doplněk pro Fotky -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2021-01-27] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.3.838.0_x64__v10z8vjag6ke6 [2021-03-03] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.4.1.4_x86__h6adky7gbf63m [2021-03-09] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-29] (Microsoft Studios) [MS Ad]
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-06-01] (WinZip Computing)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2909802881-1809305294-4137571501-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-03-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-02-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-03-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2017-04-18 05:45 - 2017-04-18 05:45 - 000808960 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2017-04-18 05:45 - 2017-04-18 05:45 - 001227264 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2018-10-24 15:16 - 2018-10-24 15:16 - 000073216 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 067109376 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libcef.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 000079360 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libegl.dll
2017-04-09 23:49 - 2017-04-09 23:49 - 002246144 _____ () [File not signed] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2018-10-24 15:16 - 2018-10-24 15:16 - 001976832 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2018-10-24 15:17 - 2018-10-24 15:17 - 000234496 _____ (Dynastream Innovations Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2018-10-24 15:16 - 2018-10-24 15:16 - 002711552 _____ (Garmin International) [File not signed] [File is in use] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2018-10-24 15:16 - 2018-10-24 15:16 - 000425472 _____ (Garmin) [File not signed] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2017-11-01 10:37 - 2013-02-22 06:38 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2021-01-09 09:35 - 2021-01-09 09:35 - 001638912 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\Dell\SupportAssistAgent\bin\x64\SQLite.Interop.dll
2018-10-24 15:16 - 2018-10-24 15:16 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2017-04-09 23:49 - 2017-04-09 23:49 - 000434176 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dell\Documents\OP1.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Dell\Documents\OP1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Dell\Documents\OP2.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Dell\Documents\OP2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2017-12-31 17:27 - 2018-02-18 23:05 - 000000498 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
2.168.137.1 Dell-PC.mshome.net # 2022 12 5 30 16 12 59 479
2.168.137.1 Dell-PC.mshome.net # 2022 12 5 30 16 12 59 479

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4260B98B-E262-40FC-8C79-C9AB2786F520}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B0E8642C-9E11-41ED-9675-60A14F636182}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{95F6EC93-E1CB-4271-9869-B0D60C35866B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{273B406C-5B55-485C-8EE2-326024799921}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1972162D-5E15-44B1-B7F3-EE8CDDCDEE6B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E1EB540-C6F9-4FE2-9A13-012016CC13AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A2AE25F0-95CA-4899-8B6B-FCEF3152E6CA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6BE31318-710D-4101-8CF7-C40750386643}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{CCCFFF61-9E82-4977-A0A6-16E088350D24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{89C66108-0F60-4FFA-8943-3C525BC37A46}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{794546D8-F4D5-4E2A-88A9-5C2A2C31BF7E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3592AA8E-8FAA-4664-A347-C5D577BBD853}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{99ADA203-6D3F-4F2C-8C2B-43285F00720F}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{937F8745-4FB7-4DFD-9ACE-0CB305057ED3}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:117.29 GB) (Free:70.27 GB) (60%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/04/2021 05:12:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program ShellExperienceHost.exe verze 10.0.19041.610 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2c90

Čas spuštění: 01d740f7b96c1a87

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

ID hlášení: bb1c42d0-8556-43f9-bb74-4b0c7914c5cd

Úplný název balíčku s chybou: Microsoft.Windows.ShellExperienceHost_10.0.19041.610_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (05/02/2021 12:12:03 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (05/02/2021 12:02:11 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (05/02/2021 08:03:39 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (05/01/2021 09:18:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2020.20110.11001.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 2ed0

Čas spuštění: 01d73dbd1e224b6a

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: aad316e5-0c3e-4f1a-8338-927e89331ad6

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2020.20110.11001.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Quiesce

Error: (04/28/2021 08:29:17 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\WINDOWS\system32\sysmain.dll (kód chyby Win32 126).

Error: (04/25/2021 07:14:30 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (04/25/2021 07:01:50 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (05/02/2021 02:43:42 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (05/02/2021 02:08:24 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (05/02/2021 01:03:08 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (05/02/2021 12:33:46 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (05/02/2021 10:06:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Dell Data Vault Service API závisí na službě Dell Data Vault Collector, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (05/02/2021 10:06:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Dell Data Vault Collector závisí na službě Dell Data Vault Processor, která neuspěla při spuštění v důsledku následující chyby:
Při spouštění služba uvízla ve spouštěcím stavu.

Error: (05/02/2021 10:06:21 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Dell Data Vault Processor přestala během spouštění reagovat.

Error: (05/02/2021 10:05:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Dell Data Vault Collector závisí na službě Dell Data Vault Processor, která neuspěla při spuštění v důsledku následující chyby:
Při spouštění služba uvízla ve spouštěcím stavu.


CodeIntegrity:
===============
Date: 2021-04-22 20:20:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\vdsldr.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-03-25 13:37:46
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. A09 12/10/2012
Motherboard: Dell Inc. 05GRXT
Processor: Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz
Percentage of memory in use: 84%
Total physical RAM: 3969.1 MB
Available physical RAM: 630.92 MB
Total Virtual: 8065.1 MB
Available Virtual: 2841.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.29 GB) (Free:70.27 GB) NTFS

\\?\Volume{9fb3f905-be4e-11e7-9d3d-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{d90825cb-0000-0000-0000-30591d000000}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: D90825CB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=538 MB) - (Type=27)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: HEUR/APC v BDBICExtractor.exe a Bradbury.Invcol.9.5.2.1.dll

#2 Příspěvek od Rudy »

Zdravím!
Zkotrolujte soubory online na www.virustotal.com .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

uiii
Návštěvník
Návštěvník
Příspěvky: 52
Registrován: 04 zář 2005 19:05

Re: HEUR/APC v BDBICExtractor.exe a Bradbury.Invcol.9.5.2.1.dll

#3 Příspěvek od uiii »

Aha, tak to vypada na chybu u Dell https://www.dell.com/support/kbdoc/cs-c ... as-malware

Díky

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: HEUR/APC v BDBICExtractor.exe a Bradbury.Invcol.9.5.2.1.dll

#4 Příspěvek od Rudy »

Nemáte zač. Soubor ponechte v karanténě a ten druhý, který je čistý, můžete vrátit do původního adresáře a v antiviru nastavit pro něj vyjímku.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět