Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Pop-up okno přesměrovávající na zavirovanou stránku

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
jakub.oslejsek
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 20 čer 2014 14:23

Pop-up okno přesměrovávající na zavirovanou stránku

#1 Příspěvek od jakub.oslejsek »

Dobrý den,
rád bych Vás požádal o pomoc s vyčištěním počítače. Před blíže neupřesněnou dobou se na něm začalo v pravém dolním rohu objevovat pop-up okno. To se tvářilo jako informace od antiviru Norton, který ovšem v počítači není nainstalován. Původně jsem myslel, že se do počítače nainstaloval s jiným programem, nicméně se mi ho nepodařilo nalézt. Místo toho při pokusu o otevření dojde k přesměrování na webovou stránku. V tom okamžiku zasáhne Avast (ten je nainstalovaný :) ) a zablokuje přístup na stránku s nebezpečným obsahem. Předem Vám děkuji za pomoc a přikládám logy z FRST.

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2021 01
Ran by MSI (administrator) on MSI-NTB (MICRO-STAR INTERNATIONAL CO., LTD MS-1736) (29-05-2021 19:05:43)
Running from C:\Users\MSI\Desktop
Loaded Profiles: MSI
Platform: Windows 10 Pro Version 2004 19041.985 (X64) Language: Čeština (Česko)
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" --single-argument %1
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{BA5F403C-819B-4796-9D8E-08C2E4FEC610}\AvastBrowserInstallerIncremental-90.0.9316.94.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\Install\{BA5F403C-819B-4796-9D8E-08C2E4FEC610}\CR_902C0.tmp\setup.exe <2>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <4>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <11>
(Microsoft Corporation -> Microsoft Corporation) C:\Users\MSI\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Windows Hardware Compatibility Publisher -> Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [5803520 2020-01-28] (Microsoft Windows Hardware Compatibility Publisher -> Sentelic Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [118496 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-10] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\90.0.9316.94\Installer\chrmstp.exe [2021-05-05] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-04-21] (Adobe Inc. -> Adobe Systems, Inc.)
BootExecute: autocheck autochk * icarus_rvrt.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015BFE68-4382-45AE-85E9-1E4F2EC67287} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-22] (Avast Software s.r.o. -> AVAST Software)
Task: {05C9E4EE-19F8-4343-A6E3-75FDCFF27D4F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-30] (Avast Software s.r.o. -> Avast Software)
Task: {137DD309-A0B4-4BB5-81A1-96FEDB1230D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-28] (Google LLC -> Google LLC)
Task: {5552AACE-E5A0-4955-AA8E-5FF9B098A49F} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4699872 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
Task: {60356513-1467-446D-A917-B915580DE7ED} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2229072 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
Task: {68210A27-5742-4033-8FA2-0AEC67B6BF79} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1724928 2020-01-21] () [File not signed]
Task: {A92A562B-44FC-4CFC-AFB2-54E2B0CD8D03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-28] (Google LLC -> Google LLC)
Task: {D05339BB-5B46-474A-8F3E-086DC3D4B5A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {D9272EB6-8226-4767-BB50-29CE0476E96E} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2229072 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
Task: {DE735E95-3960-4ED3-908E-BA4C00C5EC3F} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-22] (Avast Software s.r.o. -> AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{430e6525-167f-4703-8bf0-4da340353290}: [DhcpNameServer] 192.168.2.100
Tcpip\..\Interfaces\{756281b7-5be3-4d83-a690-bb49a8ab4d8d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{af9d9651-1b7b-4437-b0b0-1512ce7dfb4e}: [DhcpNameServer] 192.168.1.1

Edge:
=======
DownloadDir: C:\Users\MSI\Downloads
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\MSI\AppData\Local\Microsoft\Edge\User Data\Default [2021-05-29]
Edge HomePage: Default -> hxxp://www.seznam.cz/

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-28] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-22] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-22] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-27] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default [2021-05-23]
CHR Notifications: Default -> hxxps://bee.net.ua; hxxps://cs.puntomarinero.com; hxxps://id-tv.org; hxxps://www.exasoft.cz; hxxps://www.kosik.cz; hxxps://www.penize.cz; hxxps://www.sport.cz
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Chrome Media Router) - C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-24]
CHR Profile: C:\Users\MSI\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-02-19]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [7894040 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-22] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [606944 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [356064 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-22] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\90.0.9316.94\elevation_service.exe [1396968 2021-04-27] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56920 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393288 2021-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-28] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35664 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [212192 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365024 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250336 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99288 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-05-29] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41296 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [180448 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522896 2021-05-14] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107792 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82872 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [850632 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467720 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215352 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326992 2021-04-29] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 EUCR; C:\WINDOWS\System32\drivers\EUCR6SK.SYS [88912 2010-08-09] (ENE Technology Inc. -> ENE Technology Inc.)
R3 fspad_win764; C:\WINDOWS\system32\DRIVERS\fspad_win764.sys [67584 2020-01-28] (Microsoft Windows Hardware Compatibility Publisher -> Sentelic Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-01-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-01-28] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-28] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-29 19:05 - 2021-05-29 19:06 - 000016642 _____ C:\Users\MSI\Desktop\FRST.txt
2021-05-29 19:01 - 2021-05-29 19:01 - 002299904 _____ (Farbar) C:\Users\MSI\Desktop\FRST64.exe
2021-05-29 18:25 - 2021-05-29 19:04 - 000000000 ____D C:\FRST
2021-05-29 18:19 - 2021-05-29 18:19 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-05-22 22:25 - 2021-05-22 22:25 - 000000088 ____H C:\Users\MSI\Desktop\.~lock.Werich.doc#
2021-05-19 19:34 - 2021-05-19 19:34 - 000218326 _____ C:\Users\MSI\Downloads\Faktura_0010746783_4063150200_2106032159 (9).PDF
2021-05-19 19:34 - 2021-05-19 19:34 - 000218326 _____ C:\Users\MSI\Downloads\Faktura_0010746783_4063150200_2106032159 (8).PDF
2021-05-18 14:44 - 2021-05-18 14:44 - 005350952 _____ (Seznam.cz) C:\Users\MSI\Downloads\Seznam.cz-install_36960_2 (1).exe
2021-05-14 14:04 - 2021-05-14 14:04 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2021-05-14 14:04 - 2021-05-14 14:04 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-05-14 14:04 - 2021-05-14 14:04 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-05-14 14:03 - 2021-05-14 14:03 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-05-14 14:03 - 2021-05-14 14:03 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-05-14 14:03 - 2021-05-14 14:03 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-05-14 14:03 - 2021-05-14 14:03 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-05-14 14:03 - 2021-05-14 14:03 - 000011351 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-05-14 14:02 - 2021-05-14 14:02 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-05-14 14:01 - 2021-05-14 14:01 - 001823816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-05-14 14:01 - 2021-05-14 14:01 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-05-14 14:01 - 2021-05-14 14:01 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-05-14 13:59 - 2021-05-14 13:59 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-05-14 13:59 - 2021-05-14 13:59 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-05-08 18:46 - 2021-03-29 10:57 - 000081632 _____ (Avast Software) C:\WINDOWS\system32\icarus_rvrt.exe
2021-04-29 12:27 - 2021-04-29 12:26 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-04-29 12:27 - 2021-04-29 12:26 - 000215352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-05-29 19:06 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-05-29 18:40 - 2020-06-09 13:26 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-05-29 18:40 - 2020-06-09 13:26 - 000002280 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-05-29 18:21 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-05-29 18:11 - 2020-12-29 14:09 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-05-29 18:06 - 2020-12-29 14:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-05-29 18:06 - 2020-12-29 13:41 - 000000000 ____D C:\Users\MSI
2021-05-29 18:06 - 2020-12-29 13:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-05-29 18:06 - 2020-12-29 13:35 - 000008192 ___SH C:\DumpStack.log.tmp
2021-05-24 15:58 - 2021-01-06 23:38 - 000003318 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6ddd8a2767632
2021-05-24 15:58 - 2020-12-29 14:09 - 000003512 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-24 15:58 - 2020-12-29 14:09 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-05-24 15:58 - 2020-12-29 14:09 - 000003400 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-05-24 15:58 - 2020-12-29 14:09 - 000003288 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-05-24 15:58 - 2020-12-29 14:09 - 000003182 _____ C:\WINDOWS\system32\Tasks\klcp_update
2021-05-24 15:58 - 2020-12-29 14:09 - 000003176 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-05-24 15:58 - 2020-12-29 14:09 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1608290644-3846964385-1236552036-1001
2021-05-24 15:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-05-24 15:22 - 2020-12-29 14:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-05-24 14:51 - 2020-01-28 15:16 - 000000000 ____D C:\ProgramData\AVAST Software
2021-05-23 22:39 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-05-20 11:32 - 2020-12-29 13:41 - 000002365 _____ C:\Users\MSI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-05-20 11:32 - 2020-01-28 11:36 - 000000000 ___RD C:\Users\MSI\OneDrive
2021-05-15 11:09 - 2020-12-29 13:53 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-05-15 11:09 - 2019-12-07 16:43 - 000683504 _____ C:\WINDOWS\system32\perfh005.dat
2021-05-15 11:09 - 2019-12-07 16:43 - 000137284 _____ C:\WINDOWS\system32\perfc005.dat
2021-05-15 11:09 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-05-14 23:34 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-05-14 23:27 - 2020-12-29 13:36 - 000289840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-05-14 23:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-05-14 23:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-05-14 23:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-05-14 23:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2021-05-14 23:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-05-14 23:24 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-05-14 23:23 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-05-14 23:23 - 2019-12-07 16:44 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-05-14 23:23 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-05-14 14:22 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-05-14 14:16 - 2019-12-07 16:47 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-05-14 13:28 - 2020-04-19 18:26 - 000522896 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-05-13 11:28 - 2020-01-28 15:13 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-05-12 16:23 - 2020-01-28 12:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-05-12 16:16 - 2020-01-28 12:28 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-05-10 21:43 - 2020-01-28 12:53 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-05-10 21:43 - 2020-01-28 12:53 - 000002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-05-05 20:18 - 2020-10-22 15:34 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-05-05 20:18 - 2020-10-22 15:34 - 000002469 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2021-05-03 12:07 - 2020-09-30 13:13 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-29 12:27 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-04-29 12:26 - 2020-10-21 12:50 - 000180448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000850632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000467720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000365024 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000326992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000250336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000212192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000099288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000082872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000041296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-04-29 12:26 - 2020-01-28 15:19 - 000035664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Addition

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2021 01
Ran by MSI (29-05-2021 19:09:50)
Running from C:\Users\MSI\Desktop
Windows 10 Pro Version 2004 19041.985 (X64) (2020-12-29 12:10:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1608290644-3846964385-1236552036-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1608290644-3846964385-1236552036-503 - Limited - Disabled)
Guest (S-1-5-21-1608290644-3846964385-1236552036-501 - Limited - Disabled)
MSI (S-1-5-21-1608290644-3846964385-1236552036-1001 - Administrator - Enabled) => C:\Users\MSI
WDAGUtilityAccount (S-1-5-21-1608290644-3846964385-1236552036-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.3.2459 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 90.0.9316.94 - Autoři prohlížeče Avast Secure Browser)
ENE USB Card Reader Driver (HKLM\...\8426FCB8FBFE7DD936977F568A58E018229E5BC1) (Version: 5.89.0.71 - ENE)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.8.8.6 - Sentelic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
IrfanView 4.57 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.57 - Irfan Skiljan)
Java 8 Update 241 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
K-Lite Codec Pack 15.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.3.5 - KLCP)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.37 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1608290644-3846964385-1236552036-1001\...\OneDriveSetup.exe) (Version: 21.083.0425.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice 4.1.7 (HKLM-x32\...\{E3E3C1D4-6886-4EDB-9F12-335641465055}) (Version: 4.17.9800 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.50 - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.4.22.0_x86__kgqvnymyfvs32 [2021-05-11] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.58.4.0_x86__kgqvnymyfvs32 [2021-05-24] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-30] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-30] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5170.0_x64__8wekyb3d8bbwe [2021-05-24] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.44.41312.0_x64__8wekyb3d8bbwe [2021-05-22] (Microsoft Corporation) [Startup Task]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.714.0_x86__zpdnekdrzrea0 [2021-05-24] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-29] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-04-29] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-28] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-28] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-28] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2020-01-29 20:40 - 2020-01-29 20:45 - 000000436 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1608290644-3846964385-1236552036-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MSI\AppData\Roaming\Microsoft\Windows Photo Viewer\Tapeta programu Windows Prohlížeč fotografií.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D0F9645C-1726-4E54-98D8-93BEFEE2EF1D}] => (Allow) C:\WINDOWS\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2748EDBB-2ACE-4C97-BFFB-9E6F0FA43686}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{6A30C4F7-D0E2-4532-AC0C-93117E88A04C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B4918872-2D0B-4F74-9D39-4CCAAA337F7A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A7B113C9-C502-4B34-9893-F89DF46EDB13}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B918143E-9A47-4FDF-A6DE-1003AEDAB8F9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AE16CFE8-A30B-4E15-857E-B6EEBB9CFF0F}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{84EFA4E8-D297-4C5D-93A2-F5F72FB356C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3994F58E-2634-48C9-A2E6-0DC43D7FC8C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.714.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FB33C7C8-A101-4D11-A807-8522625CDF3E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.714.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{88B16AED-8E2B-4FF8-8637-CB9C3F7D7379}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.714.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2F8D3752-6677-487E-8AE8-4588B20A6B03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.714.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{51D6929B-15E5-4D0B-896F-3D2E7CD105BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.714.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{75BCB714-DECF-4A9C-BC51-636F414B614D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.714.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B90F7E06-8A38-4E44-A1C4-25CA47F7C90A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.714.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DED5EA81-9F61-4F83-BFA8-2646E11B0010}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.159.714.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:116.1 GB) (Free:75.74 GB) (65%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (05/22/2021 10:25:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/22/2021 10:25:44 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/22/2021 10:25:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (05/22/2021 10:25:44 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (05/19/2021 08:33:07 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Data (D:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (05/19/2021 08:33:05 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na System (C:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (05/19/2021 08:20:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Rezervováno systémem, protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (05/14/2021 10:03:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LockApp.exe verze 10.0.19041.844 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 328c

Čas spuštění: 01d748fc11f524c6

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

ID hlášení: adb53143-5da8-48de-8b00-aef30f04c360

Úplný název balíčku s chybou: Microsoft.LockApp_10.0.19041.423_neutral__cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: WindowsDefaultLockScreen

Typ zablokování: Cross-thread


System errors:
=============
Error: (05/29/2021 06:06:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (16:10:42, ‎24.‎05.‎2021) bylo neočekávané.

Error: (05/24/2021 02:54:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Optimalizace doručení přestala během spouštění reagovat.

Error: (05/23/2021 10:38:36 PM) (Source: DCOM) (EventID: 10010) (User: MSI-NTB)
Description: Server {3EEF301F-B596-4C0B-BD92-013BEAFCE793} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/23/2021 10:38:36 PM) (Source: DCOM) (EventID: 10010) (User: MSI-NTB)
Description: Server {3EEF301F-B596-4C0B-BD92-013BEAFCE793} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/23/2021 10:38:36 PM) (Source: DCOM) (EventID: 10010) (User: MSI-NTB)
Description: Server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/23/2021 07:33:33 PM) (Source: DCOM) (EventID: 10010) (User: MSI-NTB)
Description: Server Windows.Media.Capture.Internal.AppCaptureShell se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/23/2021 11:59:17 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Služba Optimalizace doručení přestala během spouštění reagovat.

Error: (05/22/2021 11:08:43 AM) (Source: disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.


CodeIntegrity:
===============
Date: 2021-05-29 19:02:17
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: American Megatrends Inc. E1736IMS.115 07/20/2011
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD MS-1736
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 78%
Total physical RAM: 3886.04 MB
Available physical RAM: 853.78 MB
Total Virtual: 5486.04 MB
Available Virtual: 1752.73 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:116.1 GB) (Free:75.74 GB) NTFS
Drive d: (Data) (Fixed) (Total:348.57 GB) (Free:225.34 GB) NTFS

\\?\Volume{bab21f87-0000-0000-0000-100000000000}\ (Rezervováno systémem) (Fixed) (Total:0.57 GB) (Free:0.12 GB) NTFS
\\?\Volume{bab21f87-0000-0000-0000-602a1d000000}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: BAB21F87)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=538 MB) - (Type=27)
Partition 4: (Not Active) - (Size=348.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Pop-up okno přesměrovávající na zavirovanou stránku

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

jakub.oslejsek
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 20 čer 2014 14:23

Re: Pop-up okno přesměrovávající na zavirovanou stránku

#3 Příspěvek od jakub.oslejsek »

Dobré dopoledne,
bohužel nic nenalezl.
Přílohy
Scan 01.png
Scan 01.png (92.71 KiB) Zobrazeno 703 x

jakub.oslejsek
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 20 čer 2014 14:23

Re: Pop-up okno přesměrovávající na zavirovanou stránku

#4 Příspěvek od jakub.oslejsek »

AdwCleaner[S00]

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-30-2021
# Duration: 00:00:18
# OS: Windows 10 Pro
# Scanned: 31987
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

jakub.oslejsek
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 20 čer 2014 14:23

Re: Pop-up okno přesměrovávající na zavirovanou stránku

#5 Příspěvek od jakub.oslejsek »

AdwCleaner[S01]

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 05-30-2021
# Duration: 00:00:12
# OS: Windows 10 Pro
# Scanned: 31967
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1405 octets] - [30/05/2021 10:08:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Pop-up okno přesměrovávající na zavirovanou stránku

#6 Příspěvek od Rudy »

OK. Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {137DD309-A0B4-4BB5-81A1-96FEDB1230D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-28] (Google LLC -> Google LLC)
Task: {A92A562B-44FC-4CFC-AFB2-54E2B0CD8D03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-28] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\DumpStack.log.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [{2748EDBB-2ACE-4C97-BFFB-9E6F0FA43686}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

jakub.oslejsek
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 20 čer 2014 14:23

Re: Pop-up okno přesměrovávající na zavirovanou stránku

#7 Příspěvek od jakub.oslejsek »

Tady je:

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2021 01
Ran by MSI (30-05-2021 11:29:13) Run:1
Running from C:\Users\MSI\Desktop
Loaded Profiles: MSI
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {137DD309-A0B4-4BB5-81A1-96FEDB1230D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-28] (Google LLC -> Google LLC)
Task: {A92A562B-44FC-4CFC-AFB2-54E2B0CD8D03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-28] (Google LLC -> Google LLC)
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
C:\DumpStack.log.tmp
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
FirewallRules: [{2748EDBB-2ACE-4C97-BFFB-9E6F0FA43686}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{137DD309-A0B4-4BB5-81A1-96FEDB1230D7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{137DD309-A0B4-4BB5-81A1-96FEDB1230D7}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A92A562B-44FC-4CFC-AFB2-54E2B0CD8D03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A92A562B-44FC-4CFC-AFB2-54E2B0CD8D03}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2748EDBB-2ACE-4C97-BFFB-9E6F0FA43686}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44210037 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 604860 B
Edge => 1382076 B
Chrome => 539796428 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 168638 B
NetworkService => 168638 B
MSI => 12168257 B

RecycleBin => 14896715 B
EmptyTemp: => 595 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-05-2021 11:35:00)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 11:35:00 ====

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Pop-up okno přesměrovávající na zavirovanou stránku

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

jakub.oslejsek
Návštěvník
Návštěvník
Příspěvky: 68
Registrován: 20 čer 2014 14:23

Re: Pop-up okno přesměrovávající na zavirovanou stránku

#9 Příspěvek od jakub.oslejsek »

Zatím nic nevyskakuje, takže asi ano :) Rád bych se zeptal, v čem byl problém?

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Pop-up okno přesměrovávající na zavirovanou stránku

#10 Příspěvek od Rudy »

Pravděpodobně byl odkaz uložen v nějaké cache, kterou FRST maže příkazem EmptyTemp:, ale nevypisuje ji konkrétně. Vše ostatní jsou jen zbytečnosti.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět