Dobré odpoledne,
dceřin ntbk hlásí časté návštěvy (resp. Norton Family hlásí, 24x za poslední týden, bez jejího vědomí) stránky r3.o.lencr.org. Na netu jsem našel, že by mohlo jít o hijack browseru. Používá Firefox, občas Edge. Zkoušel jsem ADW cleaner, MBAM, ntbk je chráněn Nortonem, nic z toho nic nenašlo. Údajně by si s tím mohl poradit Spy Hunter 5, ale ten se nedá nainstalovat ani v safe modu. Což mi přijde taky podezřelé...
Přikládám logy z FRST a prosím o jejich kontrolu a případnou radu.
Děkuju, Chrudoš
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2021
Ran by Lucka (administrator) on LAPTOP-B2CDN2AA (ASUSTeK COMPUTER INC. VivoBook_ASUS Laptop X509UB) (31-10-2021 14:00:25)
Running from C:\Users\Lucka\Downloads
Loaded Profiles: Lucka
: Microsoft Windows 10 Home Version 20H2 19042.1288 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkRemote\AsusLinkRemote.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\AsusAppService\AsusAppService.exe
(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkNear\AsusLinkNear.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusOptimization.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusOptimizationStartupTask.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusOSD.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSoftwareManager\AsusSoftwareManager.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemAnalysis\AsusSystemAnalysis.exe
(Discord Inc. -> Discord Inc.) C:\Users\Lucka\AppData\Local\Discord\app-1.0.9003\Discord.exe <6>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(ICEpower a/s -> ICEpower A/S) C:\Windows\System32\DriverStore\FileRepository\icesoundapo64.inf_amd64_a5d3270da26fb113\ICEsoundService64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_7c484f80872e1cd8\jhi_service.exe
(Intel(R) pGFX -> ) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_12bdb8127c4c0458\OneApp.IGCC.WinService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_d2a0453c62b3b51a\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b2a136cee25b9cb8\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b2a136cee25b9cb8\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_eea3cf789013ad4f\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Lucka\AppData\Local\Microsoft\OneDrive\21.205.1003.0003\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(NortonLifeLock Inc. -> Broadcom) C:\Program Files\Norton Family\Engine\3.8.6.29\NF.exe <2>
(NortonLifeLock Inc. -> Broadcom) C:\Program Files\Norton Security\Engine\22.21.9.25\NortonSecurity.exe <2>
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Family\Engine\3.8.6.29\coNatHstNF.exe <2>
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Family\Engine\3.8.6.29\TampMon.exe
(NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.21.9.25\nsWscSvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvam.inf_amd64_61df758291bf519e\Display.NvContainer\NVDisplay.Container.exe <2>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\...\Run: [Discord] => C:\Users\Lucka\AppData\Local\Discord\Update.exe [1512104 2021-05-24] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\...\Run: [MicrosoftEdgeAutoLaunch_7BD6CF863E37C29BF958628729CE57AB] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35116160 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [153600 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.54\Installer\chrmstp.exe [2021-10-22] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {078AEC36-FA36-4457-8998-3FC399D7C0CE} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusHotkeyExec.exe [233616 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {0A495036-E57D-48F1-91D1-3093DB5C8CA7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21978504 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {19A29EBE-84A2-4B5A-B8B7-997D40A77190} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2553472 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {1C61F4F3-019D-4FFD-9498-8E1230D703F2} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.21.9.25\SymErr.exe [108752 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {2DBFF4ED-512F-4B39-B61E-1082662D4794} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21978504 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {45E5AF9A-C640-459A-9913-4AEB4AFF2477} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134504 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {48C92E70-7E16-4F75-AAB4-7356A3B0E35D} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.9.25\SymErr.exe [108752 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {4D9AF559-5F04-4436-A7EF-4A65C681BE3B} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {4FAC27E5-E333-41E1-98D8-649B498195D8} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2353000 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {57E16399-EFBF-470E-A470-2DFF03E27A91} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.21.9.25\WSCStub.exe [646520 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {6031EE4D-446B-430F-AE3F-955A5DEF6E0A} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.21.9.25\SymErr.exe [108752 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {655812C2-E625-4498-87C1-4849AD3B784B} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.21.9.25\SymErr.exe [108752 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {6BB5E176-4675-4A36-8059-D406AB54A267} - System32\Tasks\CCleanerSkipUAC - Lucka => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {702EC0DC-CFED-4FD7-ADFC-6BFEBF952F2D} - System32\Tasks\ASUS Update Checker 2.0 => C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSoftwareManager\AsusUpdateChecker.exe [771208 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {716F59F1-AABF-4593-A300-6B2CDD29532A} - System32\Tasks\Norton Family\Norton Family Error Analyzer => C:\Program Files\Norton Family\Engine\3.8.6.29\SymErr.exe [108752 2021-07-12] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {746FBFC4-4B24-425C-912A-2715DAB9CE03} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\RtkAudUService64.exe [1063712 2020-02-13] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {79AA0695-494B-4B0D-9196-6259B649D0D5} - System32\Tasks\Norton Family\Norton Family Autofix => C:\Program Files\Norton Family\Engine\3.8.6.29\SymErr.exe [108752 2021-07-12] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {7BDD36C9-7300-42CC-B33F-FB1AD4B5D270} - System32\Tasks\Norton Family\Norton Family Error Processor => C:\Program Files\Norton Family\Engine\3.8.6.29\SymErr.exe [108752 2021-07-12] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {88B33DDE-A3CB-4255-A18F-E88FBCB6D892} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.21.9.25\SymErr.exe [108752 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {8E9D53F5-2E4F-4A77-9F2B-70EF1109F36D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-03] (Google LLC -> Google LLC)
Task: {9181145C-C16F-4561-944C-16749E8544DD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-10-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {93D54E77-5950-40AB-8D9B-6CCE47744D8E} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.21.9.25\SymErr.exe [108752 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc)
Task: {E1F86A1D-8720-4841-9D78-DCFFCEB3B20F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-03] (Google LLC -> Google LLC)
Task: {EEDCD114-15DC-4228-B0CC-A4337E61F9AD} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {FB5C11F1-AACF-4DDC-8BCA-102A710C4663} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134504 2021-10-18] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{45edbf9b-4c82-4f43-8318-5a28e971a34b}: [DhcpNameServer] 40.53.1.11
Tcpip\..\Interfaces\{fd30de23-f4c4-4338-939e-f1399a64d8a5}: [DhcpNameServer] 192.168.1.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Lucka\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-31]
Edge Extension: (Norton™ Family) - C:\Users\Lucka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\afajehnfndilpkgfkpmedpepalbalnkm [2021-09-29]
Edge Extension: (Norton Safe Web) - C:\Users\Lucka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-10-21]
Edge HKLM\...\Edge\Extension: [afajehnfndilpkgfkpmedpepalbalnkm] - C:\Program Files\Norton Family\Engine\3.8.6.29\Extensions\Edge.crx [2021-09-14]
Edge HKLM-x32\...\Edge\Extension: [afajehnfndilpkgfkpmedpepalbalnkm] - C:\Program Files\Norton Family\Engine\3.8.6.29\Extensions\Edge.crx [2021-09-14]
FireFox:
========
FF DefaultProfile: ozqedfs8.default
FF ProfilePath: C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\ozqedfs8.default [2020-10-25]
FF ProfilePath: C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\rje3xk12.default-release [2021-10-31]
FF Notifications: Mozilla\Firefox\Profiles\rje3xk12.default-release -> hxxps//meet.google.com
FF Extension: (AdBlocker Ultimate) - C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\rje3xk12.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2021-10-08]
FF Extension: (Norton Safe Search) - C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\rje3xk12.default-release\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2021-08-28] [UpdateUrl:hxxps//static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Norton Safe Web) - C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\rje3xk12.default-release\Extensions\nortonsafeweb@symantec.com.xpi [2021-08-26]
FF Extension: (Norton™ Family) - C:\Users\Lucka\AppData\Roaming\Mozilla\Firefox\Profiles\rje3xk12.default-release\Extensions\{8A0D66E3-1C08-49A6-8F6C-7E024029D199}.xpi [2021-09-09]
FF HKLM\...\Firefox\Extensions: [{8A0D66E3-1C08-49A6-8F6C-7E024029D199}] - C:\Program Files\Norton Family\Engine\3.8.6.29\Exts\{8A0D66E3-1C08-49A6-8F6C-7E024029D199}.xpi
FF Extension: (Norton™ Family) - C:\Program Files\Norton Family\Engine\3.8.6.29\Exts\{8A0D66E3-1C08-49A6-8F6C-7E024029D199}.xpi [2021-08-25]
FF HKLM-x32\...\Firefox\Extensions: [{8A0D66E3-1C08-49A6-8F6C-7E024029D199}] - C:\Program Files\Norton Family\Engine\3.8.6.29\Exts\{8A0D66E3-1C08-49A6-8F6C-7E024029D199}.xpi
FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-05-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-05-06] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default [2021-10-31]
CHR DefaultSearchURL: Default -> hxxps//searchsafe.norton.com/search?omnisearch=yes&q={searchTerms}
CHR DefaultSearchKeyword: Default -> nortonsafe
CHR DefaultSuggestURL: Default -> hxxps//ss-sym.search.ask.com/ss?limit=10&li=ff&hl=cs&q={searchTerms}
CHR Extension: (Prezentace) - C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-06-03]
CHR Extension: (Tabulky) - C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-06-03]
CHR Extension: (Norton Safe Web) - C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2021-10-31]
CHR Extension: (Dokumenty Google offline) - C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-03]
CHR Extension: (Norton Safe) - C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnlkmlkncncpgnnkmkgoobfpnjmblnk [2021-06-18]
CHR Extension: (Norton™ Family) - C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp [2021-06-03]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Lucka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-03]
CHR HKLM\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files\Norton Family\Engine\3.8.6.29\Extensions\Chrome.crx [2021-09-14]
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files\Norton Family\Engine\3.8.6.29\Extensions\Chrome.crx [2021-09-14]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AsusAppService; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\AsusAppService\AsusAppService.exe [364688 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSLinkNear; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkNear\AsusLinkNear.exe [1307792 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
R2 ASUSLinkRemote; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkRemote\AsusLinkRemote.exe [753808 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSOptimization; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\AsusOptimization.exe [334464 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSoftwareManager\AsusSoftwareManager.exe [1012872 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemAnalysis\AsusSystemAnalysis.exe [2553472 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [612760 2021-08-19] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek COMPUTER INC.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9251696 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.21.9.25\NortonSecurity.exe [343336 2021-09-29] (NortonLifeLock Inc. -> Broadcom)
R2 NSM; C:\Program Files\Norton Family\Engine\3.8.6.29\NF.exe [202976 2021-09-02] (NortonLifeLock Inc. -> Broadcom)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.21.9.25\nsWscSvc.exe [1058664 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 TampMon; C:\Program Files\Norton Family\Engine\3.8.6.29\TampMon.exe [79584 2021-09-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_61df758291bf519e\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_61df758291bf519e\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [112336 2019-10-02] (ASUSTek Computer Inc. -> ASUSTek COMPUTER INC.)
S3 ASUSSAIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSSystemAnalysis\ASUSSAIO.sys [35968 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 ATKWMIACPIIO; C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSOptimization\atkwmiacpi64.sys [44200 2021-08-19] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20211027.011\BHDrvx64.sys [2018784 2021-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615090.019\ccSetx64.sys [192256 2021-09-29] (Symantec Corporation -> Symantec Corporation)
R1 ccSet_NSM; C:\WINDOWS\System32\drivers\NSMx64\0308060.01D\ccSetx64.sys [192248 2021-05-07] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [516168 2021-10-18] (Symantec Corporation -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153672 2021-01-29] (Symantec Corporation -> Broadcom)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20211029.061\IDSvia64.sys [1480144 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615090.019\nsvst.sys [56080 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1615090.019\SRTSP64.SYS [892600 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1615090.019\SRTSPX64.SYS [48832 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1615090.019\SYMEFASI64.SYS [2059952 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1615090.019\SymELAM.sys [31976 2021-09-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [93152 2021-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [712432 2021-07-13] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1615090.019\Ironx64.SYS [319176 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1615090.019\symnets.sys [575344 2021-09-29] (Symantec Corporation -> Symantec Corporation)
R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\WINDOWS\System32\drivers\NSMx64\0308060.01D\symrdrs.sys [249696 2021-05-07] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1615090.019\wpCtrlDrv.sys [1015760 2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-31 13:42 - 2021-10-31 13:43 - 000034529 _____ C:\Users\Lucka\Downloads\Addition.txt
2021-10-31 13:40 - 2021-10-31 14:01 - 000027652 _____ C:\Users\Lucka\Downloads\FRST.txt
2021-10-31 13:40 - 2021-10-31 14:00 - 000000000 ____D C:\FRST
2021-10-31 13:39 - 2021-10-31 13:39 - 002310656 _____ (Farbar) C:\Users\Lucka\Downloads\FRST64.exe
2021-10-31 13:37 - 2021-10-31 13:38 - 000000000 ____D C:\AdwCleaner
2021-10-31 13:37 - 2021-10-31 13:37 - 008553680 _____ (Malwarebytes) C:\Users\Lucka\Downloads\adwcleaner_8.3.0.exe
2021-10-31 13:27 - 2021-10-31 13:27 - 007746848 _____ (EnigmaSoft Limited) C:\Users\Lucka\Downloads\SpyHunter-5.11-6-5285-Installer(1).exe
2021-10-31 13:21 - 2021-10-31 13:32 - 000422670 _____ C:\WINDOWS\ntbtlog.txt
2021-10-31 13:21 - 2021-10-31 13:32 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-10-31 13:01 - 2021-10-31 13:37 - 000000000 ____D C:\Program Files\CCleaner
2021-10-31 13:01 - 2021-10-31 13:01 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-10-31 13:01 - 2021-10-31 13:01 - 000002904 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Lucka
2021-10-31 13:01 - 2021-10-31 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-10-31 12:55 - 2021-10-31 12:56 - 036235064 _____ (Piriform Software Ltd) C:\Users\Lucka\Downloads\ccsetup586.exe
2021-10-31 12:48 - 2021-10-31 12:48 - 000000000 ____D C:\Users\Lucka\AppData\Local\mbam
2021-10-31 12:46 - 2021-10-31 12:46 - 000000000 ____D C:\Program Files\Malwarebytes
2021-10-31 12:45 - 2021-10-31 12:45 - 002101944 _____ (Malwarebytes) C:\Users\Lucka\Downloads\MBSetup-119967.119967-consumer.exe
2021-10-31 12:31 - 2021-10-31 12:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2021-10-31 12:30 - 2021-10-31 12:30 - 007746848 _____ (EnigmaSoft Limited) C:\Users\Lucka\Downloads\SpyHunter-5.11-6-5285-Installer.exe
2021-10-29 17:41 - 2021-10-31 13:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security with Backup
2021-10-21 15:00 - 2021-10-21 15:01 - 060394967 _____ C:\Users\Lucka\Downloads\20211021_153153.mp4
2021-10-19 06:59 - 2021-05-28 13:08 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2021-10-19 06:59 - 2021-05-28 13:08 - 001855192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2021-10-19 06:59 - 2021-05-28 13:08 - 001453360 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2021-10-19 06:59 - 2021-05-28 13:08 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-10-19 06:59 - 2021-05-28 13:08 - 001435864 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2021-10-19 06:59 - 2021-05-28 13:08 - 001192736 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2021-10-19 06:59 - 2021-05-28 13:08 - 001094880 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2021-10-19 06:59 - 2021-05-28 13:08 - 001094880 _____ C:\WINDOWS\system32\vulkan-1.dll
2021-10-19 06:59 - 2021-05-28 13:08 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2021-10-19 06:59 - 2021-05-28 13:08 - 000948952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2021-10-19 06:59 - 2021-05-28 13:05 - 001511192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2021-10-19 06:59 - 2021-05-28 13:05 - 001163552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2021-10-19 06:59 - 2021-05-28 13:05 - 000690456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2021-10-19 06:59 - 2021-05-28 13:05 - 000678704 _____ C:\WINDOWS\system32\nvofapi64.dll
2021-10-19 06:59 - 2021-05-28 13:05 - 000671504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2021-10-19 06:59 - 2021-05-28 13:05 - 000612120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2021-10-19 06:59 - 2021-05-28 13:05 - 000556832 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2021-10-19 06:59 - 2021-05-28 13:05 - 000546072 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2021-10-19 06:59 - 2021-05-28 13:04 - 002102576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2021-10-19 06:59 - 2021-05-28 13:04 - 001587504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2021-10-19 06:59 - 2021-05-28 13:04 - 000811824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2021-10-19 06:59 - 2021-05-28 13:04 - 000445232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2021-10-19 06:59 - 2021-05-28 13:03 - 008306480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2021-10-19 06:59 - 2021-05-28 13:03 - 007429904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2021-10-19 06:59 - 2021-05-28 13:03 - 004610328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2021-10-19 06:59 - 2021-05-28 13:03 - 002729752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2021-10-19 06:59 - 2021-05-28 13:02 - 000848672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2021-10-19 06:59 - 2021-05-28 13:01 - 006076536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2021-10-19 06:59 - 2021-05-28 12:30 - 000084514 _____ C:\WINDOWS\system32\nvinfo.pb
2021-10-19 06:52 - 2021-10-27 16:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-10-18 18:18 - 2021-10-18 18:18 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2021-10-18 18:17 - 2021-10-18 18:17 - 001823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-10-18 18:17 - 2021-10-18 18:17 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-10-18 18:17 - 2021-10-18 18:17 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-18 18:17 - 2021-10-18 18:17 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-18 18:17 - 2021-10-18 18:17 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-10-18 18:17 - 2021-10-18 18:17 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-10-18 18:17 - 2021-10-18 18:17 - 000449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-10-18 18:17 - 2021-10-18 18:17 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-18 18:17 - 2021-10-18 18:17 - 000011495 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-10-18 18:17 - 2021-10-18 18:17 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2021-10-18 18:16 - 2021-10-18 18:16 - 000593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-10-18 18:16 - 2021-10-18 18:16 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-18 18:07 - 2021-10-18 18:07 - 000000000 ___HD C:\$WinREAgent
2021-10-18 17:57 - 2021-10-21 18:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-08 18:18 - 2021-10-29 17:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2021-10-08 18:18 - 2021-10-29 16:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton 360
2021-10-08 18:18 - 2021-10-08 18:18 - 000003376 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-31 13:47 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-31 13:42 - 2021-04-02 11:03 - 001605602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-31 13:42 - 2021-04-02 11:00 - 000003752 _____ C:\WINDOWS\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2021-10-31 13:42 - 2019-12-07 15:41 - 000684862 _____ C:\WINDOWS\system32\perfh005.dat
2021-10-31 13:42 - 2019-12-07 15:41 - 000137626 _____ C:\WINDOWS\system32\perfc005.dat
2021-10-31 13:42 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-31 13:40 - 2021-09-14 15:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Family
2021-10-31 13:38 - 2021-06-03 15:51 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-31 13:37 - 2021-07-19 19:01 - 000000000 ____D C:\Users\Lucka\AppData\Roaming\discord
2021-10-31 13:37 - 2021-07-19 19:01 - 000000000 ____D C:\Users\Lucka\AppData\Local\Discord
2021-10-31 13:37 - 2020-10-25 16:18 - 000000000 ____D C:\ProgramData\Mozilla
2021-10-31 13:36 - 2020-10-26 07:04 - 000000000 ___RD C:\Users\Lucka\OneDrive
2021-10-31 13:36 - 2020-10-25 16:18 - 000000000 ____D C:\Users\Lucka\AppData\LocalLow\Mozilla
2021-10-31 13:36 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-31 13:35 - 2021-04-02 11:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-31 13:35 - 2021-04-02 10:54 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-31 13:35 - 2020-10-26 07:01 - 000000000 __SHD C:\Users\Lucka\IntelGraphicsProfiles
2021-10-31 13:35 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-31 13:35 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-10-31 13:35 - 2019-11-22 01:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-31 13:23 - 2020-11-25 18:49 - 000000000 ____D C:\Users\Lucka\AppData\Local\ElevatedDiagnostics
2021-10-31 13:19 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-31 13:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-31 13:16 - 2019-12-07 10:03 - 000016384 _____ C:\WINDOWS\system32\config\ELAM
2021-10-31 12:31 - 2020-11-06 08:34 - 000000000 ____D C:\Program Files\Common Files\AV
2021-10-31 11:20 - 2021-03-23 14:19 - 000000000 ____D C:\Users\Lucka\AppData\Roaming\.minecraft
2021-10-31 11:19 - 2021-03-23 14:21 - 000000000 ____D C:\Users\Lucka\AppData\Roaming\.tlauncher
2021-10-31 10:46 - 2020-11-09 07:57 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-30 18:31 - 2021-04-02 10:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-29 16:27 - 2020-10-26 07:01 - 000000000 ____D C:\Users\Lucka\AppData\Local\Packages
2021-10-29 11:17 - 2021-04-02 11:00 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2626799547-1119966308-3382805429-1001
2021-10-29 11:17 - 2021-04-01 09:44 - 000002383 _____ C:\Users\Lucka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-10-27 17:25 - 2021-04-01 09:44 - 000000000 ____D C:\Users\Lucka
2021-10-26 12:33 - 2019-11-22 00:58 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-10-25 13:42 - 2020-11-05 07:53 - 000000000 ____D C:\Users\Lucka\AppData\Local\CrashDumps
2021-10-22 11:21 - 2021-06-03 15:51 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-10-21 18:45 - 2020-10-25 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-10-21 08:16 - 2020-10-26 07:01 - 000000000 ____D C:\Users\Lucka\AppData\Local\ConnectedDevicesPlatform
2021-10-21 07:01 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-10-19 06:52 - 2020-10-25 16:18 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-10-18 19:49 - 2021-04-02 10:54 - 000436256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-10-18 19:48 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-18 19:48 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-10-18 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-18 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-10-18 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-18 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-10-18 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-10-18 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-18 19:48 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-10-18 18:07 - 2019-07-12 16:27 - 000000000 ____D C:\Program Files\Microsoft Office
2021-10-18 18:06 - 2020-10-25 15:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-10-18 17:48 - 2020-10-25 15:42 - 139806512 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-10-11 15:51 - 2020-10-25 15:49 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-09 17:59 - 2021-04-08 07:00 - 000003490 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d727a6c3263834
2021-10-09 17:59 - 2021-04-02 11:00 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-10-08 18:18 - 2020-10-26 16:22 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2021-10-01 15:15 - 2021-06-03 15:51 - 000003474 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-01 15:15 - 2021-06-03 15:51 - 000003350 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2021
Ran by Lucka (31-10-2021 14:01:53)
Running from C:\Users\Lucka\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1288 (X64) (2021-04-02 10:01:09)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-2626799547-1119966308-3382805429-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2626799547-1119966308-3382805429-503 - Limited - Disabled)
Guest (S-1-5-21-2626799547-1119966308-3382805429-501 - Limited - Disabled)
Lucka (S-1-5-21-2626799547-1119966308-3382805429-1001 - Administrator - Enabled) => C:\Users\Lucka
WDAGUtilityAccount (S-1-5-21-2626799547-1119966308-3382805429-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton 360 (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton 360 (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.17.5 - ICEpower a/s)
CCleaner (HKLM\...\CCleaner) (Version: 5.86 - Piriform)
Discord (HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\...\Discord) (Version: 1.0.9002 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.54 - Google LLC)
Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.2.2.48 - PandoraTV)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.14430.20306 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.40 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.30 - Microsoft Corporation)
Microsoft Office 2019 pro studenty a domácnosti - cs-cz (HKLM\...\HomeStudent2019Retail - cs-cz) (Version: 16.0.14430.20306 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\...\OneDriveSetup.exe) (Version: 21.205.1003.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\...\Teams) (Version: 1.4.00.11161 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26405 (HKLM-x32\...\{5b295ba9-ef89-4aeb-8acc-b61adb0b9b5f}) (Version: 14.14.26405.0 - Microsoft Corporation)
Mozilla Firefox (x64 cs) (HKLM\...\Mozilla Firefox 93.0 (x64 cs)) (Version: 93.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla)
Norton Family (HKLM-x32\...\NSM) (Version: 3.8.6.29 - NortonLifeLock Inc.)
Norton Security (HKLM-x32\...\NGC) (Version: 22.21.9.25 - NortonLifeLock Inc)
NVIDIA Ovladače grafiky 462.59 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 462.59 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14430.20306 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14430.20306 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Zoo Tycoon 2 (HKLM-x32\...\Zoo Tycoon 2) (Version: 1.0 - Microsoft)
Packages:
=========
AudioWizard -> C:\Program Files\WindowsApps\ICEpower.AudioWizard_1.5.28.0_x64__dxp88312j1fgj [2021-10-30] (ICEpower)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-10-31] (Microsoft Corporation)
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2021-09-03] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.0.1.0_neutral__w1wdnht996qgy [2019-07-12] (LinkedIn)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.67.0_x64__wafk5atnkzcwy [2021-10-30] (McAfee LLC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-30] (Microsoft Studios) [MS Ad]
Music Maker Windows Store Edition -> C:\Program Files\WindowsApps\MAGIXSoftwareGmbH.MusicMakerWindowsStoreEdition_26.36.1.0_x86__awcgk3qbzve1y [2021-02-27] (MAGIX Software GmbH)
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_3.0.25.0_x64__qmba6cd70vzyy [2021-10-29] (ASUSTeK COMPUTER INC.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-05-26] (NVIDIA Corp.)
Ovládací centrum grafiky Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-10-30] (INTEL CORP) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.8.204.0_x64__dt26b99r8h8gj [2021-08-09] (Realtek Semiconductor Corp)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.500.373.0_x86__55nm5eh3cm0pr [2021-10-30] (ROBLOX Corporation)
SpongeBob: Krusty Cook-Off -> C:\Program Files\WindowsApps\TiltingPoint.SpongeBobKrustyCook-Off_1.26.234.0_x64__85kh3h6wfjavg [2021-07-18] (Tilting Point)
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2140.12.0_x64__cv1g1gvanyjgm [2021-10-27] (WhatsApp Inc.)
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2021-01-03] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Lucka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21063.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Lucka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.9.25\buShell.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.9.25\buShell.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.9.25\buShell.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.21.9.25\buShell.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.21.9.25\buShell.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.21.9.25\buShell.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.9.25\buShell.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.9.25\NavShExt.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.9.25\NavShExt.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvam.inf_amd64_61df758291bf519e\nvshext.dll [2021-05-28] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.21.9.25\buShell.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.21.9.25\NavShExt.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp//go.microsoft.com/fwlink/?LinkId=54896
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp//asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp//asus17win10.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = &gct=kwd&qsrc=2869
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.21.9.25\coIEPlg.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-05-06] (Oracle America, Inc. -> Oracle Corporation)
BHO: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files\Norton Family\Engine\3.8.6.29\coIEPlg.dll [2021-07-14] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-05-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.21.9.25\coIEPlg.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Norton Family BHO -> {B8E07826-0971-4f16-B133-047B88034E89} -> C:\Program Files\Norton Family\Engine32\3.8.6.29\coIEPlg.dll [2021-07-14] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.9.25\coIEPlg.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.21.9.25\coIEPlg.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.21.9.25\coIEPlg.dll [2021-09-29] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lucka\Downloads\Snímek obrazovky 2021-05-13 172309.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{FB1BD23F-CF34-4A18-997A-A8937E615F86}C:\users\lucka\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\lucka\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C716E17D-8652-4F69-B3DA-CC11CC339E22}C:\users\lucka\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\lucka\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7EC09D84-53CB-479F-9028-25C8D968D536}] => (Allow) C:\HRY\ZOO TYCOON 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{107570A2-9EE4-4407-9E6E-02471C62C076}] => (Allow) C:\HRY\ZOO TYCOON 2\zt.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{37696575-DC17-4869-A571-50977CE31175}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6D7D21D6-4C92-4C6A-9AA8-E14F2214F9A2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1733919B-8986-4945-BD41-65DD0DD0DFC4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{F655B786-501B-4D9B-A53F-E1972EA9F8F6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{642C2092-8E61-418B-BBAF-5BC1C5BEA856}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4AACFE7E-BAC7-4209-99D8-BE7A2F2590A6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{63F4DFF9-633A-485B-9697-03B2636B3761}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.30\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{48127876-CA36-44DF-9AAA-409CF1B78BFB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A27FF16E-65BF-4141-8E2E-0EADB3693E5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{27FE9980-F4E0-44B4-8289-0867163A5A5E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{18CDCAFC-C98F-4A01-B995-5D8CCA893672}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C4F5C023-D4CE-44BE-ACCF-E75CA9098E4B}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkNear\AsusLinkNear.exe (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
FirewallRules: [{72DE2A40-1003-4433-BDC2-225B56C94DFF}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
FirewallRules: [{B9A2166C-6A98-4A09-9319-1DBD1A6F96AA}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_74be8ed024c977b8\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
==================== Restore Points =========================
18-10-2021 18:07:03 Instalační služba modulů systému Windows
21-10-2021 07:00:56 Instalační služba modulů systému Windows
28-10-2021 10:53:53 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (10/31/2021 01:47:19 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.
Error: (10/31/2021 12:22:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: NortonSecurity.exe, verze: 17.2.3.57, časové razítko: 0x6066105d
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.1288, časové razítko: 0xa280d1d6
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000ff199
ID chybujícího procesu: 0x2b44
Čas spuštění chybující aplikace: 0x01d7ce496c55894c
Cesta k chybující aplikaci: C:\Program Files\Norton Security\Engine\22.21.9.25\NortonSecurity.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 06fb2694-7ab2-4310-835a-9a29ecf8726a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (10/31/2021 12:21:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program identity_helper.exe verze 95.0.1020.40 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 2b9c
Čas spuštění: 01d7ce496e5e4d3b
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.40\identity_helper.exe
ID hlášení: 7f6e35ca-42df-4b6c-a3d9-e8d4fa0cd580
Úplný název balíčku s chybou: Microsoft.MicrosoftEdge.Stable_95.0.1020.38_neutral__8wekyb3d8bbwe
ID aplikace relativní podle balíčku s chybou: App
Typ zablokování: Quiesce
Error: (10/30/2021 06:46:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program identity_helper.exe verze 95.0.1020.38 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 620
Čas spuštění: 01d7cdb6002f972c
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.38\identity_helper.exe
ID hlášení: b04b6e05-31ec-442e-b8a7-03355aaa6612
Úplný název balíčku s chybou: Microsoft.MicrosoftEdge.Stable_95.0.1020.30_neutral__8wekyb3d8bbwe
ID aplikace relativní podle balíčku s chybou: App
Typ zablokování: Quiesce
Error: (10/25/2021 01:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Windows10Universal.exe, verze: 0.0.0.0, časové razítko: 0x0b0810b5
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x82dc99a2
Kód výjimky: 0xc0000005
Posun chyby: 0x0005fc8e
ID chybujícího procesu: 0x2f0c
Čas spuštění chybující aplikace: 0x01d7c9925b85421f
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.499.381.0_x86__55nm5eh3cm0pr\Windows10Universal.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\ucrtbase.dll
ID zprávy: de2f5cfe-57ef-402a-8f96-85befca29471
Úplný název chybujícího balíčku: ROBLOXCORPORATION.ROBLOX_2.499.381.0_x86__55nm5eh3cm0pr
ID aplikace související s chybujícím balíčkem: App
Error: (10/24/2021 08:58:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program identity_helper.exe verze 95.0.1020.30 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 29c8
Čas spuštění: 01d7c8ace381af9e
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files (x86)\Microsoft\Edge\Application\95.0.1020.30\identity_helper.exe
ID hlášení: 76627f4c-6909-4150-84a7-9ef9484efc3b
Úplný název balíčku s chybou: Microsoft.MicrosoftEdge.Stable_94.0.992.50_neutral__8wekyb3d8bbwe
ID aplikace relativní podle balíčku s chybou: App
Typ zablokování: Quiesce
Error: (10/22/2021 11:53:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program GameBar.exe verze 5.721.9022.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 1dac
Čas spuštění: 01d7c7319bd88974
Čas ukončení: 4294967295
Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.9022.0_x64__8wekyb3d8bbwe\GameBar.exe
ID hlášení: c1391b62-1656-4778-9885-65248e65bb07
Úplný název balíčku s chybou: Microsoft.XboxGamingOverlay_5.721.9022.0_x64__8wekyb3d8bbwe
ID aplikace relativní podle balíčku s chybou: App
Typ zablokování: Navigation
Error: (10/22/2021 07:58:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Windows10Universal.exe, verze: 0.0.0.0, časové razítko: 0x0b0810b5
Název chybujícího modulu: ucrtbase.dll, verze: 10.0.19041.789, časové razítko: 0x82dc99a2
Kód výjimky: 0xc0000005
Posun chyby: 0x0005fc8e
ID chybujícího procesu: 0xdac
Čas spuštění chybující aplikace: 0x01d7c710f03bf974
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.499.381.0_x86__55nm5eh3cm0pr\Windows10Universal.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\ucrtbase.dll
ID zprávy: 367327eb-ac85-4143-84c7-a200f5b2ad6f
Úplný název chybujícího balíčku: ROBLOXCORPORATION.ROBLOX_2.499.381.0_x86__55nm5eh3cm0pr
ID aplikace související s chybujícím balíčkem: App
System errors:
=============
Error: (10/31/2021 01:35:27 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-B2CDN2AA)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (10/31/2021 01:35:20 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby WSearch s argumenty Není k dispozici za účelem spuštění serveru:
{9E175B68-F52A-11D8-B9A5-505054503030}
Error: (10/31/2021 01:33:26 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-B2CDN2AA)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (10/31/2021 01:33:17 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-B2CDN2AA)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby LicenseManager s argumenty Není k dispozici za účelem spuštění serveru:
{22F5B1DF-7D7A-4D21-97F8-C21AEFBA859C}
Error: (10/31/2021 01:33:14 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-B2CDN2AA)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby ShellHWDetection s argumenty Není k dispozici za účelem spuštění serveru:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (10/31/2021 01:33:10 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-B2CDN2AA)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby WSearch s argumenty Není k dispozici za účelem spuštění serveru:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (10/31/2021 01:33:10 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-B2CDN2AA)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby WSearch s argumenty Není k dispozici za účelem spuštění serveru:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (10/31/2021 01:33:10 PM) (Source: DCOM) (EventID: 10005) (User: LAPTOP-B2CDN2AA)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby WSearch s argumenty Není k dispozici za účelem spuštění serveru:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
CodeIntegrity:
===============
Date: 2021-10-31 13:47:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.9.25\symamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-10-31 13:47:19
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.21.9.25\symamsi.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. X509UB.303 01/10/2020
Motherboard: ASUSTeK COMPUTER INC. X509UB
Processor: Intel(R) Core(TM) i3-7020U CPU @ 2.30GHz
Percentage of memory in use: 63%
Total physical RAM: 8074.01 MB
Available physical RAM: 2911.82 MB
Total Virtual: 15498.01 MB
Available Virtual: 8958.92 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:476.03 GB) (Free:364.62 GB) NTFS
\\?\Volume{0416bb98-0a94-4073-9874-6a3678a6d6a5}\ (RECOVERY) (Fixed) (Total:0.63 GB) (Free:0.16 GB) NTFS
\\?\Volume{dc4866a8-d3ee-4bf1-a953-2bffa1387d76}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: E05B109B)
Partition: GPT.
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
R3.o.lencr.org
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: R3.o.lencr.org
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: R3.o.lencr.org
Dobré odpoledne ještě jednou, tady je:
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-31-2021
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1406 octets] - [31/10/2021 13:38:10]
AdwCleaner[S01].txt - [1467 octets] - [31/10/2021 13:38:43]
AdwCleaner[S02].txt - [1528 octets] - [31/10/2021 15:36:22]
AdwCleaner[S03].txt - [1589 octets] - [31/10/2021 15:37:10]
AdwCleaner[S04].txt - [1650 octets] - [31/10/2021 15:37:50]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-31-2021
# Duration: 00:00:02
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1406 octets] - [31/10/2021 13:38:10]
AdwCleaner[S01].txt - [1467 octets] - [31/10/2021 13:38:43]
AdwCleaner[S02].txt - [1528 octets] - [31/10/2021 15:36:22]
AdwCleaner[S03].txt - [1589 octets] - [31/10/2021 15:37:10]
AdwCleaner[S04].txt - [1650 octets] - [31/10/2021 15:37:50]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: R3.o.lencr.org
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Uložte do C:\Users\Lucka\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CkoseProcesses:
Task: {8E9D53F5-2E4F-4A77-9F2B-70EF1109F36D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-03] (Google LLC -> Google LLC)
Task: {E1F86A1D-8720-4841-9D78-DCFFCEB3B20F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-03] (Google LLC -> Google LLC)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Lucka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{1733919B-8986-4945-BD41-65DD0DD0DFC4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{F655B786-501B-4D9B-A53F-E1972EA9F8F6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: R3.o.lencr.org
Fix result of Farbar Recovery Scan Tool (x64) Version: 30-10-2021
Ran by Lucka (31-10-2021 17:19:09) Run:1
Running from C:\Users\Lucka\Downloads
Loaded Profiles: Lucka
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CkoseProcesses:
Task: {8E9D53F5-2E4F-4A77-9F2B-70EF1109F36D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-03] (Google LLC -> Google LLC)
Task: {E1F86A1D-8720-4841-9D78-DCFFCEB3B20F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-03] (Google LLC -> Google LLC)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Lucka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{1733919B-8986-4945-BD41-65DD0DD0DFC4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{F655B786-501B-4D9B-A53F-E1972EA9F8F6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
EmptyTemp:
End
*****************
CkoseProcesses: => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E9D53F5-2E4F-4A77-9F2B-70EF1109F36D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E9D53F5-2E4F-4A77-9F2B-70EF1109F36D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1F86A1D-8720-4841-9D78-DCFFCEB3B20F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1F86A1D-8720-4841-9D78-DCFFCEB3B20F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1733919B-8986-4945-BD41-65DD0DD0DFC4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F655B786-501B-4D9B-A53F-E1972EA9F8F6}" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 308417548 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 110178 B
Edge => 3638089 B
Chrome => 1438432 B
Firefox => 1270342743 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 116654 B
NetworkService => 116654 B
Lucka => 9777504 B
RecycleBin => 1284737253 B
EmptyTemp: => 2.7 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:20:18 ====
Ran by Lucka (31-10-2021 17:19:09) Run:1
Running from C:\Users\Lucka\Downloads
Loaded Profiles: Lucka
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CkoseProcesses:
Task: {8E9D53F5-2E4F-4A77-9F2B-70EF1109F36D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-03] (Google LLC -> Google LLC)
Task: {E1F86A1D-8720-4841-9D78-DCFFCEB3B20F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-06-03] (Google LLC -> Google LLC)
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
CustomCLSID: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Lucka\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp//www.bing.com/search?q={searchTerms}&for ... TR&pc=ASTE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2626799547-1119966308-3382805429-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{1733919B-8986-4945-BD41-65DD0DD0DFC4}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{F655B786-501B-4D9B-A53F-E1972EA9F8F6}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => No File
EmptyTemp:
End
*****************
CkoseProcesses: => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E9D53F5-2E4F-4A77-9F2B-70EF1109F36D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E9D53F5-2E4F-4A77-9F2B-70EF1109F36D}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1F86A1D-8720-4841-9D78-DCFFCEB3B20F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1F86A1D-8720-4841-9D78-DCFFCEB3B20F}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92} => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-2626799547-1119966308-3382805429-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1733919B-8986-4945-BD41-65DD0DD0DFC4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F655B786-501B-4D9B-A53F-E1972EA9F8F6}" => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 1048576 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 308417548 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 110178 B
Edge => 3638089 B
Chrome => 1438432 B
Firefox => 1270342743 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 116654 B
NetworkService => 116654 B
Lucka => 9777504 B
RecycleBin => 1284737253 B
EmptyTemp: => 2.7 GB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:20:18 ====
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: R3.o.lencr.org
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: R3.o.lencr.org
Tak na ntbk není patrné nic (ale to nebylo ani předtím, na přístupy mě upozornil Norton Family v pravidelném reportu navštívených stránek), ale Norton Family hlásí přístup na tu stránku dnes v 19:15, ve stejný okamžik i přístup na ncc.avast.com. Avast jako takovej v ntbk není, i když vím o fůzi s Nortonem, který používáme. A v 19:21 shodně přístup na r3.o.lencr.org a zároveň na self.adblockultimate.net (o Adblock ultimate vím, ten tam má ode mě). Zkusil jsem teď restart, spuštění firefoxu, Norton mlčí... Takže na spuštění pc nebo prohlížeče to nejspíš navázané nebude... Mohu zkusit zablokovat přístup na tu stránku v Nortonu, případně odinstalovat Adblock ultimate...
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: R3.o.lencr.org
Zkuste a uvidíte. Předem se to nedá odhadnout.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: R3.o.lencr.org
Tak jsem resetoval firefox do defaultního nastavení (a předtím vymazal veškerou jeho historii i nastavení, v safe režimu bez sítě) a povolil zatím pouze add on Norton Family. Ale přístupy jsou hlášeny pořád. Takže nezbyde, než to nechat blokovat přímo Nortonem. To zatím funguje. Každopádně díky za pomoc a hezký zbytek večera!
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: R3.o.lencr.org
Jistě. Blokování Nortonem je asi jediná možnost.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: R3.o.lencr.org
Dobrý podvečer, tak nakonec to Norton zvládá blokovat, ale daní za to je, že mi to plevelí email i výpis v Norton Family oznámeníma, že přístup byl zablokován. Jelikož nezabral reset FF do defaultního nastavení, odinstaloval jsem ho úplně a přešel na chrome. Umístění je tedy asi známo, ale odkud se to tam vzalo a proč se to snažilo stránku tak často navštěvovat zůstává záhadou. Oficiální forum Nortonu o tom má jen jedno vlákno, kde je jeden uživatel uklidňován jiným, že ta stránka je bezpečná... Ale já mám teda radši o činnosti počítače naprostý jasno 
Každopádně díky za pomoc!
A tady teda jeden link pro případné zájemce o tohle téma, je to sice pro apple, ale jediný, co se dá solidního dohledat. Podle toho by to mělo být neškodné a souviset s ověřováním certifikátů. https://discussions.apple.com/thread/252725341
Každopádně díky za pomoc!A tady teda jeden link pro případné zájemce o tohle téma, je to sice pro apple, ale jediný, co se dá solidního dohledat. Podle toho by to mělo být neškodné a souviset s ověřováním certifikátů. https://discussions.apple.com/thread/252725341
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: R3.o.lencr.org
OK. Ne o všem se dovíte potřebné informace. Každopádně nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?